From owner-freebsd-stable  Sun Apr  8 14:25:55 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from mail5.nc.rr.com (fe5.southeast.rr.com [24.93.67.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3AFFB37B424
	for <freebsd-stable@freebsd.org>; Sun,  8 Apr 2001 14:25:53 -0700 (PDT)
	(envelope-from helix@subedei.chaotical.ly)
Received: from subedei.chaotical.ly ([66.26.231.27]) by mail5.nc.rr.com  with Microsoft SMTPSVC(5.5.1877.537.53);
	 Sun, 8 Apr 2001 15:13:06 -0400
Received: by subedei.chaotical.ly (Postfix, from userid 10001)
	id 6227FB050A; Sun,  8 Apr 2001 15:10:28 -0400 (EDT)
Date: Sun, 8 Apr 2001 15:10:28 -0400
From: thomas r stromberg <l.ipfilter@rtci.com>
To: Gert-Jan Vons <vons@iname.com>
Cc: freebsd-stable@freebsd.org, ipfilter@coombs.anu.edu.au
Subject: Broken rc.network for ipfilter w/ PR (was Re: How to install ipfilter..)
Message-ID: <20010408151025.A34209@rtci.com>
References: <5.1.0.12.2.20010407230631.00a688c0@mail.vons.local>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.16i
In-Reply-To: <5.1.0.12.2.20010407230631.00a688c0@mail.vons.local>; from vons@iname.com on Sun, Apr 08, 2001 at 11:13:58AM +0200
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>   I added the four commands above to /etc/rc.network instead of using
>   FreeBSD's ipfilter support through rc.conf mechanism (it assumes that
>   ipfilter is built into the kernel)

   There is a PR with a patch sitting on this rc.network fuckup
   (oversight) that I'd really love to see committed for 4.3-RELEASE,
   but who knows if that's possible with the given timeline.

   http://www.freebsd.org/cgi/query-pr.cgi?pr=26275

   I completely missed a previous PR on the same issue, but this one
   has a patch that will work no matter where $ipfilter_program is set
   to (hack), rather then hardcoding an ipfstat location.

   Patch also fixes it so that ipf.rules doesn't have to exist if your
   just setting up a NAT.

   This issue has been a pain in the ass when helping people setup
   ipnat.. so much so I actually recommend people to patch this on the
   bsdwiki entry:

   http://profile.sh/bsdwiki/index.php?Sharing%20your%20internet%20connection%20via%20ipnat

-- 
: Thomas Stromberg                      work> tstromberg@rtci.com  :
: Research Triangle Commerce (ICC.net)  home> thomas@stromberg.org :

'Every word is like an unnecessary stain on silence and nothingness' 
    -- Beckett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message