Date: Fri, 28 Mar 1997 22:23:48 -0800 (PST) From: nsayer@quack.kfu.com To: FreeBSD-gnats-submit@freebsd.org Subject: misc/3136: rc.firewall should be run after interfaces are up Message-ID: <199703290623.WAA00320@mbennett1.sj.scruznet.com> Resent-Message-ID: <199703290630.WAA12605@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 3136 >Category: misc >Synopsis: rc.firewall should be run after interfaces are up >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Mar 28 22:30:00 PST 1997 >Last-Modified: >Originator: Nick Sayer >Organization: just me >Release: FreeBSD 2.2-BETA_A i386 >Environment: This machine is a router being used with 'natd'. The natd command line specifies that the address for the portmapping should be obtained from tun0. >Description: With the default ordering of netstart, the firewall is created before the interfaces are up. This is backwards, since tun0 will not have a (useful) address before it is initialized. Nor will anything else, for that matter. Doing the firewall stuff after does not open up any security holes since the default policy is to not pass any traffic. >How-To-Repeat: >Fix: *** /etc/netstart- Mon Dec 23 19:33:04 1996 --- /etc/netstart Fri Mar 28 22:11:51 1997 *************** *** 23,33 **** domainname $defaultdomainname fi - # If IP filtering - if [ -n "$firewall" -a "x$firewall" != "xNO" -a -f /etc/rc.firewall ] ; then - sh /etc/rc.firewall - fi - # # XXX This is known to cause an error if /usr is nfs mounted since it # will not be available until after the network is up :-(. Once the --- 23,28 ---- *************** *** 67,72 **** --- 62,72 ---- fi ifconfig ${ifn} done + + # If IP filtering + if [ -n "$firewall" -a "x$firewall" != "xNO" -a -f /etc/rc.firewall ] ; then + sh /etc/rc.firewall + fi if [ -n "$defaultrouter" -a "x$defaultrouter" != "xNO" ] ; then static_routes="default ${static_routes}" >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703290623.WAA00320>