Date: Mon, 18 Mar 2002 18:01:16 -0800 From: "Crist J. Clark" <crist.clark@attbi.com> To: Arjan de Vet <devet@devet.org> Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.network Message-ID: <20020318180116.E60554@blossom.cjclark.org> In-Reply-To: <20020318205732.GA1013@adv.devet.org>; from devet@devet.org on Mon, Mar 18, 2002 at 09:57:32PM %2B0100 References: <200203122025.g2CKPP966458@freefall.freebsd.org> <20020318205732.GA1013@adv.devet.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 18, 2002 at 09:57:32PM +0100, Arjan de Vet wrote:
> In article <200203122025.g2CKPP966458@freefall.freebsd.org> you write:
>
> >cjc 2002/03/12 12:25:25 PST
> >
> > Modified files:
> > etc rc.network
> > Log:
> > The reload of ipf(8) rules should depend on $ipfilter_enable, not
> > $ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to
> > load, and $ipfilter_active can be "YES" when we are not using ipf(8).
>
> I'm not sure this is right. $ipfilter_active is true if $ipfilter_enable
> or $ipnat_enable are "YES". In both cases the in-kernel interface list
> should be resync'ed, not only the $ipfilter_enable case.
Good point.
> 'ipf -y' is not
> the reloading of ipf rules btw.
I know, but "resync" doesn't really sound right to me either.
> A better fix might be to unset $ipfilter_active in case the ipf module
> fails to load (diff relative to 1.128):
[snip]
There _was_ a reason I didn't do that... but I can't remember now so
it cannot be that important. Fixing the potential problems with
ipnat(8)-only configurations is more important.
Thanks for catching this. Too bad it didn't get caught before I MFC'ed
it to -STABLE. :(
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020318180116.E60554>