Date: Fri, 16 Mar 2007 12:52:27 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG, joao@matik.com.br Subject: Re: rc.order wrong (ipfw) Message-ID: <200703161152.l2GBqR9q065684@lurza.secnetix.de> In-Reply-To: <200703160831.38790.joao@matik.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
JoaoBR <joao@matik.com.br> wrote: > On Friday 16 March 2007 07:51, Oliver Fromme wrote: > > JoaoBR <joao@matik.com.br> wrote: > > > since some time now it seems ipfw starts first of all, I think that is > > > not correct > > > > No, it starts after networking is up, which is the correct > > behaviour, I think. > > it should Sorry, I made a typo there. Of course IPFW rules must be in effect as a prerequisite to NETWORKING. So I meant to say _before_, not after. > > > > rcorder: file `/etc/rc.d/ipfw' is before unknown provision `NETWORKING' > > > rcorder: requirement `ppp' in file `/etc/rc.d/ipfw' has no providers. > > > > That sounds like you have accidentally deleted the files > > /etc/rc.d/NETWORKING and /etc/rc.d/ppp (or forgot to run > > mergemaster properly after an update). > > noo, both are there Then they are broken on your machine. Did you check the "provide" and "require" lines in them? The ordering works perfectly fine for me on all of my machines. > even if working as supposed NETWORKING is ordered before syslogd and ipfw > should better start after syslogd No, the packet filter and forwarding rules must be in effect as early as possible, i.e. before any network daemons are started (which includes syslogd). There- fore it must be a requirement of NETWORKING. If IPFW rules where loaded after daemons such as syslogd are started, that would break several of my machines. (And on some others which have "default to accept" it would even open a security hole by introducing a race- condition.) Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "Python tricks" is a tough one, cuz the language is so clean. E.g., C makes an art of confusing pointers with arrays and strings, which leads to lotsa neat pointer tricks; APL mistakes everything for an array, leading to neat one-liners; and Perl confuses everything period, making each line a joyous adventure <wink>. -- Tim Peters
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703161152.l2GBqR9q065684>