From owner-freebsd-bugs Mon Feb 19 23: 0:25 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 2147E37B684 for ; Mon, 19 Feb 2001 23:00:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f1K702r74180; Mon, 19 Feb 2001 23:00:02 -0800 (PST) (envelope-from gnats) Received: from goliath.siemens.de (goliath.siemens.de [194.138.37.131]) by hub.freebsd.org (Postfix) with ESMTP id 678F837B503 for ; Mon, 19 Feb 2001 22:58:40 -0800 (PST) (envelope-from andre.albsmeier@mchp.siemens.de) Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by goliath.siemens.de (8.11.0/8.11.0) with ESMTP id f1K6wcC11301 for ; Tue, 20 Feb 2001 07:58:38 +0100 (MET) Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7]) by mail2.siemens.de (8.11.0/8.11.0) with ESMTP id f1K6wbY11201 for ; Tue, 20 Feb 2001 07:58:38 +0100 (MET) Received: (from localhost) by curry.mchp.siemens.de (8.11.2/8.11.2) id f1K6wbS31611 for FreeBSD-gnats-submit@freebsd.org; Tue, 20 Feb 2001 07:58:37 +0100 (CET) Message-Id: <200102200658.f1K6wb352425@curry.mchp.siemens.de> Date: Tue, 20 Feb 2001 07:58:37 +0100 (CET) From: Andre Albsmeier To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: conf/25223: PATCH for rc.network to enable ipnat seperately from ipfilter Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 25223 >Category: conf >Synopsis: PATCH for rc.network to enable ipnat seperately from ipfilter >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Feb 19 23:00:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Andre Albsmeier >Release: FreeBSD 4.2-STABLE i386 >Organization: >Environment: All FreeBSD machines that support ipfilter >Description: The current way of initialasing ipfilter during system boot makes it very hard to use ipnat without ipfilter since ${ipfilter_enable} must be "yes" in order to get ${ipnat_enable} evaluated at all. >How-To-Repeat: Try a config in rc.network where ipnat rules are loaded and ipfilter stuff is left alone. >Fix: Move ${ipnat_enable} stuff out of the ${ipfilter_enable} conditional. Don't know if the ipmon stuff should be seperate as well... --- rc.network.ORI Mon Jan 15 15:21:37 2001 +++ rc.network Tue Feb 20 07:49:18 2001 @@ -60,20 +60,20 @@ ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} ;; esac - case "${ipnat_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipnat_rules}" ]; then - echo -n ' ipnat'; - eval ${ipnat_program:-/sbin/ipnat -CF -f} \ - "${ipnat_rules}" ${ipnat_flags} - else - echo -n ' NO IPNAT RULES' - fi - ;; - esac else ipfilter_enable="NO" echo -n ' NO IPF RULES' + fi + ;; + esac + case "${ipnat_enable}" in + [Yy][Ee][Ss]) + if [ -r "${ipnat_rules}" ]; then + echo -n ' ipnat'; + eval ${ipnat_program:-/sbin/ipnat -CF -f} \ + "${ipnat_rules}" ${ipnat_flags} + else + echo -n ' NO IPNAT RULES' fi ;; esac >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message