Date: Thu, 14 Jun 2007 15:27:26 -0700 From: Sean McNeil <sean@mcneil.com> To: freebsd-stable@freebsd.org Subject: Regression in /etc/rc.conf.d support Message-ID: <4671C0CE.5040108@mcneil.com>
next in thread | raw e-mail | index | archive | help
I don't know why this was done, but now we are no longer able to place firewall rule info as once possible in /etc/rc.conf.d/ipfw. I had firewall_enable="YES" firewall_type="/etc/fw/rc.firewall.rules" firewall_quiet="YES" and now the last two variables no longer make it into /etc/rc.firewall. They have to be placed in /etc/rc.conf or /etc/rc.conf.local which is what /etc/rc.conf.d was trying to mitigate. I see: Revision *1.15*: download <http://www.freebsd.org/cgi/cvsweb.cgi/%7Echeckout%7E/src/etc/rc.d/ipfw?rev=1.15;content-type=text%2Fplain> - view: text <http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?rev=1.15;content-type=text%2Fplain>, annotated <http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?annotate=1.15> - select for diffs <http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?r1=1.15#rev1.15> /Mon Apr 2 15:38:53 2007 UTC/ (2 months, 1 week ago) by /mtm/ Branches: MAIN <http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?only_with_tag=MAIN> CVS tags: HEAD <http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?only_with_tag=HEAD> Instead of directly sourcing the firewall script, run it in a separate shell. If the firewall script is sourced directly from the script, then any exit statements in it will also terminate the rc.d script prematurely. I think this should be reverted and anyone using exit statements in their firewall_script should be told to remove them. It certainly should not have been MFCd. Cheers, Sean
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4671C0CE.5040108>