From owner-freebsd-security Mon Jun 26 23:41:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from dt052n3e.san.rr.com (dt052n3e.san.rr.com [204.210.33.62]) by hub.freebsd.org (Postfix) with ESMTP id 3255737BE73 for ; Mon, 26 Jun 2000 23:41:23 -0700 (PDT) (envelope-from DougB@gorean.org) Received: from gorean.org (doug@master [10.0.0.2]) by dt052n3e.san.rr.com (8.9.3/8.9.3) with ESMTP id XAA19053; Mon, 26 Jun 2000 23:41:06 -0700 (PDT) (envelope-from DougB@gorean.org) Message-ID: <39584C82.988B2F1B@gorean.org> Date: Mon, 26 Jun 2000 23:41:06 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 5.0-CURRENT-0603 i386) X-Accept-Language: en MIME-Version: 1.0 To: Gerhard Sittig Cc: security@FreeBSD.ORG Subject: Re: ipfilter hooks in rc.network References: <20000626220852.M9883@speedy.gsinet> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gerhard Sittig wrote: First, I'm not sure that -security is the right list for this, -current or -hackers might be better. Second, while I support adding the ability to more closely integrate ipfilter into the base, your patch's style is drastically out of synch with the changes introduced recently. The following is better style. case ${ipfilter_enable} in [Yy][Ee][Ss]) if [ -r "${ipfilter_rules}" ]; then echo -n ' ipfilter' ipf -Fa -f ${ipfilter_rules} fi case ${ipmon_flags} in [Nn][Oo] | '') ;; *) echo -n ' ipmon' ipmon ${ipmon_flags} ;; esac case ${ipnat} in [Yy][Ee][Ss]) if [ -r "${ipnat_rules}" ]; then echo -n ' ipnat' ipnat -CF -f ${ipnat_rules} else echo -n ' ipnat enabled but no rules!' fi ;; esac ;; esac If you need any help with this, just let me know. Doug -- "Live free or die" - State motto of my ancestral homeland, New Hampshire Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message