From owner-freebsd-current@FreeBSD.ORG Mon Jun 16 18:37:19 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CF0837B401 for ; Mon, 16 Jun 2003 18:37:19 -0700 (PDT) Received: from caboose.shortcircut.org (cpe-66-189-87-244.ma.charter.com [66.189.87.244]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5479743FBD for ; Mon, 16 Jun 2003 18:37:18 -0700 (PDT) (envelope-from bogin@shortcircut.org) Received: from diesel.shortcircut.org (diesel [10.0.0.5]) h5H1buOE000654 for ; Mon, 16 Jun 2003 21:37:57 -0400 (EDT) (envelope-from bogin@shortcircut.org) From: Mike Bohan To: freebsd-current@freebsd.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-u7IW3qhkzmGjuoY5s0ej" Message-Id: <1055813744.18453.21.camel@diesel> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.0 Date: 16 Jun 2003 21:35:44 -0400 Subject: -E flag in /etc/rc.d/ipfilter causes warnings X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jun 2003 01:37:19 -0000 --=-u7IW3qhkzmGjuoY5s0ej Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello there, I recently ran into a slight issue with ipfilter running on 5.1-RELEASE. My machine serves the simple purpose as a nat gateway, so ipfilter is always going to be necessary on it. Due to this fact, i decided to include options IPFILTER in the kernel config, instead of dynamically loading the ipl.ko module. However, when ipfilter is used in the kernel image, it's automatically initialized (and thus does not need the -E flag). This has been noted in rc.conf for some time, and I of course removed the -E from the =20 ipfilter_flags variable in that file. However, after booting my kernel with the IPFILTER options, I noticed warnings in my kernel logs that "ipfilter has already been initialized", which is consistent with using flag -E when ipf is already initialized. After some brief analysis, I discovered that /etc/rc.d/ipfilter actually uses -E in the shell script function, ipfilter_start(). After removing the two instances of the -E and rebooting, the warning messages disappeared at boot time. Is this a known glitch in the hopes that people start soley using the ipl kernel module? It's really not a big deal either way, but I was more just curious than anything in which direction it's going. Thanks in advance! --=20 Mike Bohan --=-u7IW3qhkzmGjuoY5s0ej Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA+7nBwejdihSuinPURAiO5AJ0ZI2AGKKXus9T/nATueOax8+bOuACdHnV3 jAlWrGnUJRDs8bf1qoDW264= =Vd/R -----END PGP SIGNATURE----- --=-u7IW3qhkzmGjuoY5s0ej--