Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Nov 2000 01:33:48 +0100 (CET)
From:      dl@leo.org
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   conf/22998: patch for rc.network to load ipl.ko (IPFILTER)
Message-ID:  <20001121003348.9193B1FFC@qonos.empire.trek.org>
next in thread | raw e-mail | index | archive | help 

>Number:         22998
>Category:       conf
>Synopsis:       ipf fails to load the rules if IPFILTER is not statically linked
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 20 16:40:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     Daniel Lang
>Release:        FreeBSD 4.2-RELEASE i386
>Organization:
TU Muenchen
>Environment:

4.2-RELEASE, with IPFILTER _not_ in static kernel, and
ipfilter_enable="YES" in rc.conf

>Description:

ipf fails to load the rules if IPFILTER is not in the kernel
and does not automatically load the module, so I patched
rc.network like the ipfw section, to load the module on
demand.

>How-To-Repeat:

see Environment

>Fix:

Here is the patch, it pretty much like ipfw section:

--- /etc/rc.network     Tue Nov 21 00:55:01 2000
+++ /tmp/rc.network.patched     Tue Nov 21 01:21:47 2000
@@ -48,8 +48,21 @@
        # Establish ipfilter ruleset as early as possible (best in
        # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
        #
+       if /sbin/ipfstat -i > /dev/null 2>&1; then
+               ipfilter_in_kernel=1
+       else
+               ipfilter_in_kernel=0
+       fi
+
        case "${ipfilter_enable}" in
        [Yy][Ee][Ss])
+               if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
+                       ipfilter_in_kernel=1
+                       echo "Kernel ipfilter module loaded."
+               elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
+                       echo "Warning: ipfilter kernel module failed to load."
+               fi
+
                if [ -r "${ipfilter_rules}" ]; then
                        echo -n ' ipfilter';
                        ${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags}


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001121003348.9193B1FFC>