Date: Tue, 26 Feb 2002 03:20:02 -0800 (PST) From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: freebsd-bugs@FreeBSD.org Subject: Re: conf/35178: ipfilter for IPV6 not availlable in rc.* Message-ID: <200202261120.g1QBK2S44743@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/35178; it has been noted by GNATS.
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Vlado <vlado@pc042.otanner9.kas.tut.fi>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: conf/35178: ipfilter for IPV6 not availlable in rc.*
Date: Tue, 26 Feb 2002 03:13:32 -0800
How do these patches look? Could you give them a try?
Index: etc/rc.network6
===================================================================
RCS file: /export/freebsd/ncvs/src/etc/rc.network6,v
retrieving revision 1.28
diff -u -r1.28 rc.network6
--- etc/rc.network6 15 Dec 2001 03:59:47 -0000 1.28
+++ etc/rc.network6 25 Feb 2002 23:51:08 -0000
@@ -68,6 +68,43 @@
network6_pass1() {
echo -n 'Doing IPv6 network setup:'
+ # Establish ipfilter ruleset as early as possible (best in
+ # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
+
+ # check whether ipfilter for IPv6
+ ipfilter_active="NO"
+ case ${ipfilter6_enable} in
+ [Yy][Ee][Ss])
+ ipfilter_active="YES"
+ ;;
+ esac
+ case ${ipfilter_active} in
+ [Yy][Ee][Ss])
+ # load ipfilter kernel module if needed
+ if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
+ if kldload ipl; then
+ echo 'IP-filter module loaded.'
+ else
+ echo 'Warning: IP-filter module failed to load.'
+ # avoid further errors
+ ipfilter6_enable="NO"
+ fi
+ fi
+ case "${ipfilter6_enable}" in
+ [Yy][Ee][Ss])
+ if [ -r "${ipfilter6_flags}" ]; then
+ echo -n ' ipfilter-IPv6'
+ ${ipfilter_program:-/sbin/ipf} -6 -Fa -f \
+ "${ipfilter6_rules}" ${ipfilter6_flags}
+ else
+ ipfilter6_enable="NO"
+ echo -n ' NO IPF RULES'
+ fi
+ ;;
+ esac
+ ;;
+ esac
+
# Initialize IP filtering using ip6fw
#
if /sbin/ip6fw -q flush > /dev/null 2>&1; then
Index: etc/defaults/rc.conf
===================================================================
RCS file: /export/freebsd/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.139
diff -u -r1.139 rc.conf
--- etc/defaults/rc.conf 20 Feb 2002 10:30:56 -0000 1.139
+++ etc/defaults/rc.conf 25 Feb 2002 23:52:12 -0000
@@ -67,6 +67,9 @@
ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
# /usr/src/contrib/ipfilter/rules for examples
ipfilter_flags="" # additional flags for ipfilter
+ipfilter6_enable="NO" # Set to YES to enable IPv6 ipfilter
+ipfilter6_rules="/etc/ipf6.rules" # rules definition file for IPv6 ipfilter
+ipfilter6_flags="" # additional flags for IPv6 ipfilter
ipnat_enable="NO" # Set to YES to enable ipnat functionality
ipnat_program="/sbin/ipnat" # where the ipnat program lives
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202261120.g1QBK2S44743>