From owner-freebsd-stable  Wed Apr 11 13:33:53 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from news.IAEhv.nl (news.iae.nl [212.61.26.37])
	by hub.freebsd.org (Postfix) with ESMTP id 3C7D537B42C
	for <stable@freebsd.org>; Wed, 11 Apr 2001 13:33:50 -0700 (PDT)
	(envelope-from Arjan.deVet@adv.iae.nl)
Received: (from uucp@localhost)
	by news.IAEhv.nl (8.9.1/8.9.1) with IAEhv.nl id WAA14621;
	Wed, 11 Apr 2001 22:33:49 +0200 (MET DST)
Received: by adv.devet.org (Postfix, from userid 100)
	id DD1283E1D; Wed, 11 Apr 2001 22:33:35 +0200 (CEST)
Date: Wed, 11 Apr 2001 22:33:35 +0200
To: l.ipfilter@rtci.com
Cc: stable@freebsd.org
Subject: Re: Broken rc.network for ipfilter w/ PR (was Re: How to install ipfilter..)
Message-ID: <20010411223335.A1195@adv.devet.org>
References: <5.1.0.12.2.20010407230631.00a688c0@mail.vons.local>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-Newsgroups: list.freebsd.stable
In-Reply-To: <20010408151025.A34209@rtci.com>
Organization: Eindhoven, the Netherlands
From: Arjan.deVet@adv.iae.nl (Arjan de Vet)
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In article <20010408151025.A34209@rtci.com> you write:

>>   I added the four commands above to /etc/rc.network instead of using
>>   FreeBSD's ipfilter support through rc.conf mechanism (it assumes that
>>   ipfilter is built into the kernel)
>
>   There is a PR with a patch sitting on this rc.network fuckup
>   (oversight) that I'd really love to see committed for 4.3-RELEASE,
>   but who knows if that's possible with the given timeline.
>
>   http://www.freebsd.org/cgi/query-pr.cgi?pr=26275
>
>   I completely missed a previous PR on the same issue, but this one
>   has a patch that will work no matter where $ipfilter_program is set
>   to (hack), rather then hardcoding an ipfstat location.
>
>   Patch also fixes it so that ipf.rules doesn't have to exist if your
>   just setting up a NAT.

There's another issue that needs fixing: ipmon should be started before
ipf.

Arjan

-- 
Arjan de Vet, Eindhoven, The Netherlands              <Arjan.deVet@adv.iae.nl>
URL: http://www.iae.nl/users/devet/           for PGP key: finger devet@iae.nl

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message