Date: Tue, 23 Oct 2001 01:25:12 +0300 From: Giorgos Keramidas <charon@labs.gr> To: Darren Reed <darrenr@FreeBSD.ORG> Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.network Message-ID: <20011023012512.A1596@hades.hell.gr> In-Reply-To: <200110200446.f9K4kWo53849@freefall.freebsd.org> References: <200110200446.f9K4kWo53849@freefall.freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
> darrenr 2001/10/19 21:46:32 PDT
>
> Modified files:
> etc rc.network
> Log:
> Do an ipf -y after bringing up ppp to ensure rules which mention ppp get
> matched. Moification on PR to handle ipnat not being dependant on
> ipfilter_enable
With ipfilter_program set to "/sbin/ipf -Fa -f" (as rc.conf(5) says)
in /etc/defaults/rc.conf, this change breaks rc.network in the part
that calls `ipf -y'. The code calls:
${ipfilter_program:-/sbin/ipf -y}
and ipfilter_program is set to `/sbin/ipf -Fa -f' which results in the
command being called without ${ipfilter_rules} after -f. Perhaps you
meant to write :+ instead of :- ?
Trying to make this work, I've tested on my current box, compiled
today, the attached patch. If ipfilter_program is not set, it uses
`/sbin/ipf -y' but if it is set to something it strips everything
following the first space in ipfilter_program and calls the first
`word' with -y option.
The other option would be to remove any command-line options from
ipfilter_program and move them to ipfilter_flags, but if that is done,
the rc.conf.5 needs to be updated too, and it changes the way things
were done until now :-/
-giorgos
[-- Attachment #2 --]
Index: rc.network
===================================================================
RCS file: /home/ncvs/src/etc/rc.network,v
retrieving revision 1.109
diff -u -r1.109 rc.network
--- rc.network 20 Oct 2001 04:46:32 -0000 1.109
+++ rc.network 22 Oct 2001 21:57:39 -0000
@@ -279,12 +279,24 @@
#
case ${ipfilter_enable} in
[Yy][Ee][Ss])
- ${ipfilter_program:-/sbin/ipf -y}
+ if [ X"${ipfilter_program}" = X"" ]; then
+ ipfilter_program="/sbin/ipf -y"
+ else
+ ipfilter_program="${ipfilter_program%% *} -y"
+ fi
+ echo -n "Synchronizing ipfilter with network interfaces: "
+ ${ipfilter_program}
;;
*)
case ${ipnat_enable} in
[Yy][Ee][Ss])
- ${ipfilter_program:-/sbin/ipf -y}
+ if [ X"${ipfilter_program}" = X"" ]; then
+ ipfilter_program="/sbin/ipf -y"
+ else
+ ipfilter_program="${ipfilter_program%% *} -y"
+ fi
+ echo -n "Synchronizing ipfilter with network interfaces: "
+ ${ipfilter_program}
;;
esac
esac
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011023012512.A1596>