From owner-freebsd-stable@FreeBSD.ORG  Thu Jun 14 22:47:07 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 8A1CE16A46E
	for <freebsd-stable@freebsd.org>; Thu, 14 Jun 2007 22:47:07 +0000 (UTC)
	(envelope-from sean@mcneil.com)
Received: from mail.mcneil.com (mcneil.com [24.199.45.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 66EA613C45B
	for <freebsd-stable@freebsd.org>; Thu, 14 Jun 2007 22:47:07 +0000 (UTC)
	(envelope-from sean@mcneil.com)
Received: from localhost (localhost.mcneil.com [127.0.0.1])
	by mail.mcneil.com (Postfix) with ESMTP id 88CEDF23DE
	for <freebsd-stable@freebsd.org>; Thu, 14 Jun 2007 15:27:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at mcneil.com
Received: from mail.mcneil.com ([127.0.0.1])
	by localhost (mcneil.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id mWqfcIa5zXnY for <freebsd-stable@freebsd.org>;
	Thu, 14 Jun 2007 15:27:50 -0700 (PDT)
Received: from [10.10.10.253] (ferrari.mcneil.com [10.10.10.253])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.mcneil.com (Postfix) with ESMTP id E7F60F1A4B
	for <freebsd-stable@freebsd.org>; Thu, 14 Jun 2007 15:27:50 -0700 (PDT)
Message-ID: <4671C0CE.5040108@mcneil.com>
Date: Thu, 14 Jun 2007 15:27:26 -0700
From: Sean McNeil <sean@mcneil.com>
User-Agent: Thunderbird 2.0.0.0 (Windows/20070326)
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Regression in /etc/rc.conf.d support
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jun 2007 22:47:07 -0000

I don't know why this was done, but now we are no longer able to place 
firewall rule info as once possible in /etc/rc.conf.d/ipfw.  I had

firewall_enable="YES"
firewall_type="/etc/fw/rc.firewall.rules"
firewall_quiet="YES"

and now the last two variables no longer make it into /etc/rc.firewall.  
They have to be placed in /etc/rc.conf or /etc/rc.conf.local which is 
what /etc/rc.conf.d was trying to mitigate.

I see:

Revision *1.15*: download 
<http://www.freebsd.org/cgi/cvsweb.cgi/%7Echeckout%7E/src/etc/rc.d/ipfw?rev=1.15;content-type=text%2Fplain> 
- view: text 
<http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?rev=1.15;content-type=text%2Fplain>, 
annotated 
<http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?annotate=1.15> 
- select for diffs 
<http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?r1=1.15#rev1.15>
/Mon Apr 2 15:38:53 2007 UTC/ (2 months, 1 week ago) by /mtm/
Branches: MAIN 
<http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?only_with_tag=MAIN>
CVS tags: HEAD 
<http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?only_with_tag=HEAD>

Instead of directly sourcing the firewall script, run it in a separate shell.
If the firewall script is sourced directly from the script, then any
exit statements in it will also terminate the rc.d script prematurely.

I think this should be reverted and anyone using exit statements in 
their firewall_script should be told to remove them.  It certainly 
should not have been MFCd.

Cheers,
Sean