From owner-freebsd-stable Wed Mar 14 3: 9:24 2001 Delivered-To: freebsd-stable@freebsd.org Received: from eve.framatome.fr (eve.framatome.fr [195.101.50.66]) by hub.freebsd.org (Postfix) with ESMTP id 5FF1D37B719 for ; Wed, 14 Mar 2001 03:09:17 -0800 (PST) (envelope-from ubc@paris.framatome.fr) Received: from localhost (ubc@localhost) by eve.framatome.fr (8.9.3/8.9.3) with ESMTP id MAA14322; Wed, 14 Mar 2001 12:09:15 +0100 (CET) (envelope-from ubc@paris.framatome.fr) Date: Wed, 14 Mar 2001 12:09:15 +0100 (CET) From: Claude Buisson X-Sender: ubc@eve.framatome.fr To: Tim Zingelman Cc: stable@FreeBSD.ORG Subject: Re: /etc/default/rc.conf bad default ipfilter_flags? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 13 Mar 2001, Tim Zingelman wrote: > Running 4.3-Beta, cvsupped early on 3/13/01. > > These lines are either confusing or wrong. Possibly something has changed > in the default state (now enabled?) of the ipfilter module. > > ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module > # (i.e. compiled into the kernel) to > # avoid a warning about "already initialized" > > I load ipf as a module by adding a line to /boot/loader.conf: > ipl_load="YES" > > Running a GENERIC kernel. > > I have a valid rules file at /etc/ipf.rules > > I add the following line to /etc/rc.conf: > ipfilter_enable="YES" > > and when I boot I get... > from dmesg: > IP Filter: v3.4.16 initialized. Default = pass all, Logging = enabled > > from /var/log/console.log: > Mar 13 19:32:59 port /kernel: Doing initial network setup: > Mar 13 19:32:59 port /kernel: hostname > Mar 13 19:32:59 port /kernel: ipfilter > Mar 13 19:32:59 port /kernel: SIOCFRENB: Invalid argument > Mar 13 19:32:59 port /kernel: . > Mar 13 19:32:59 port /kernel: fxp0: flags=8843 > If I add this line to /etc/rc.conf: > ipfilter_flags="" > > The "SIOCFRENB: Invalid argument" message goes away, and ipf IS working. > > So if the comment is correct that -E is not needed for compiled into the > kernel ipf, and I am correct that -E is not needed for module loaded ipf, > I'd like to see the default change to "" and have the comment changed... > > +ipfilter_flags="" # Flags to ipfilter (if enabled). > -ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module > - # (i.e. compiled into the kernel) to > - # avoid a warning about "already initialized" > > If someone can verify my findings I could submit a PR. > same thing here - tested on a 4.2-STABLE 2001/02/26 > Thanks, > > - Tim > Claude Buisson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message