Date: Fri, 17 Dec 2004 09:59:45 GMT From: Valéry <valery@vslash.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/75180: INIT -> /etc/rc.d - IPFILTER IPMON conflict Message-ID: <200412170959.iBH9xjLA057330@www.freebsd.org> Resent-Message-ID: <200412171000.iBHA0jRx012408@freefall.freebsd.org>
index | next in thread | raw e-mail
>Number: 75180 >Category: misc >Synopsis: INIT -> /etc/rc.d - IPFILTER IPMON conflict >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 17 10:00:45 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Valéry >Release: FreeBSD 5.2.1-RELEASE - non generic knl >Organization: vslash >Environment: i386 - non generic kernel >Description: We noticed a conflict/contradiction at boot sequence btw ipfilter & ipmon script in /etc/rc.d : ipfilter : LINE08 : # REQUIRE root beforenetlkm mountcritlocal ipmon ipmon : LINE35 - if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then This way, ipmon don't never start ; i don't found any comment about net.inet.ipf.fr_class sysctl statement, but when ipfilter is loaded, values are 514 or 513. I don't know why ipmon script don't simply check net.inet.ipf.fr_running. Perhaps a misunderstanding on my side ? The fact is that ipmon don't start this way. Thanks and best regards to the community. >How-To-Repeat: rc.conf : enabling ipfilter && ipmon with their default flags values. >Fix: if ipmon could start after ipfilter, just swap the REQUIRE fields btw ipmon & ipfilter to have ipmon starting AFTER ipfilter : /etc/rc.d/ipmon : # REQUIRE mountcritlocal hostname sysctl cleanvar ipfilter /etc/rc.d/ipfilter : # REQUIRE: root beforenetlkm mountcritlocal >Release-Note: >Audit-Trail: >Unformatted:help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412170959.iBH9xjLA057330>