From owner-freebsd-bugs Tue Feb 26 3:20: 9 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 579D237B400 for ; Tue, 26 Feb 2002 03:20:02 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g1QBK2S44743; Tue, 26 Feb 2002 03:20:02 -0800 (PST) (envelope-from gnats) Date: Tue, 26 Feb 2002 03:20:02 -0800 (PST) Message-Id: <200202261120.g1QBK2S44743@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: "Crist J. Clark" Subject: Re: conf/35178: ipfilter for IPV6 not availlable in rc.* Reply-To: "Crist J. Clark" Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR conf/35178; it has been noted by GNATS. From: "Crist J. Clark" To: Vlado Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: conf/35178: ipfilter for IPV6 not availlable in rc.* Date: Tue, 26 Feb 2002 03:13:32 -0800 How do these patches look? Could you give them a try? Index: etc/rc.network6 =================================================================== RCS file: /export/freebsd/ncvs/src/etc/rc.network6,v retrieving revision 1.28 diff -u -r1.28 rc.network6 --- etc/rc.network6 15 Dec 2001 03:59:47 -0000 1.28 +++ etc/rc.network6 25 Feb 2002 23:51:08 -0000 @@ -68,6 +68,43 @@ network6_pass1() { echo -n 'Doing IPv6 network setup:' + # Establish ipfilter ruleset as early as possible (best in + # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) + + # check whether ipfilter for IPv6 + ipfilter_active="NO" + case ${ipfilter6_enable} in + [Yy][Ee][Ss]) + ipfilter_active="YES" + ;; + esac + case ${ipfilter_active} in + [Yy][Ee][Ss]) + # load ipfilter kernel module if needed + if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then + if kldload ipl; then + echo 'IP-filter module loaded.' + else + echo 'Warning: IP-filter module failed to load.' + # avoid further errors + ipfilter6_enable="NO" + fi + fi + case "${ipfilter6_enable}" in + [Yy][Ee][Ss]) + if [ -r "${ipfilter6_flags}" ]; then + echo -n ' ipfilter-IPv6' + ${ipfilter_program:-/sbin/ipf} -6 -Fa -f \ + "${ipfilter6_rules}" ${ipfilter6_flags} + else + ipfilter6_enable="NO" + echo -n ' NO IPF RULES' + fi + ;; + esac + ;; + esac + # Initialize IP filtering using ip6fw # if /sbin/ip6fw -q flush > /dev/null 2>&1; then Index: etc/defaults/rc.conf =================================================================== RCS file: /export/freebsd/ncvs/src/etc/defaults/rc.conf,v retrieving revision 1.139 diff -u -r1.139 rc.conf --- etc/defaults/rc.conf 20 Feb 2002 10:30:56 -0000 1.139 +++ etc/defaults/rc.conf 25 Feb 2002 23:52:12 -0000 @@ -67,6 +67,9 @@ ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see # /usr/src/contrib/ipfilter/rules for examples ipfilter_flags="" # additional flags for ipfilter +ipfilter6_enable="NO" # Set to YES to enable IPv6 ipfilter +ipfilter6_rules="/etc/ipf6.rules" # rules definition file for IPv6 ipfilter +ipfilter6_flags="" # additional flags for IPv6 ipfilter ipnat_enable="NO" # Set to YES to enable ipnat functionality ipnat_program="/sbin/ipnat" # where the ipnat program lives ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message