Re: bad test in /etc/rc.d/ip6fw

Tue, 03 Apr 2007 01:04:33 -0700 

Sean McNeil wrote:

Hi Henrique,


For Firewall in IPV6 enable in kernel

options IPV6FIREWALL # Enable ipfirewall(4) for ipv6
options IPV6FIREWALL_VERBOSE # Enable log's in syslogd(4)
options IPV6FIREWALL_VERBOSE_LIMIT=100 # Set limite in syslogd in 100 registers 
options IPV6FIREWALL_DEFAULT_TO_ACCEPT # Enable default Open Firewall

And sorry my poor english :p
No problem. You miss my point, however. I have none of these in my kernel config yet I have net.inet6.ip6.fw.enable defined. This prevents the /etc/rc.d/ip6fw script from kldload'ing the appropriate module. So either the code that creates the kernel parameter or the script needs to be changed so that they work in tandem. 

please see if the following change makes a difference.
(you will need to apply this by hand).

In the mean time I will revert this MFC in total.

Index: ip_fw2.c
===================================================================
RCS file: /usr/local/cvsroot/freebsd/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.106.2.34
diff -u -r1.106.2.34 ip_fw2.c
--- ip_fw2.c    31 Mar 2007 01:51:29 -0000      1.106.2.34
+++ ip_fw2.c    3 Apr 2007 07:59:50 -0000
@@ -4349,7 +4349,7 @@
           SYSCTL_STATIC_CHILDREN(_net_inet6_ip6), OID_AUTO, "fw",
           CTLFLAG_RW | CTLFLAG_SECURE, 0, "Firewall");
       SYSCTL_ADD_PROC(&ip6_fw_sysctl_ctx, SYSCTL_CHILDREN(ip6_fw_sysctl_tree),
-           OID_AUTO, "enable", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3,
+           OID_AUTO, "enablefw", CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3,
           &fw6_enable, 0, ipfw_chg_hook, "I", "Enable ipfw+6");
       SYSCTL_ADD_INT(&ip6_fw_sysctl_ctx, SYSCTL_CHILDREN(ip6_fw_sysctl_tree),
           OID_AUTO, "deny_unknown_exthdrs", CTLFLAG_RW | CTLFLAG_SECURE,




Henrique Mattos

2007/4/2, Sean McNeil <[EMAIL PROTECTED]>:
I just noticed that ip6fw isn't loading the ip6fw kernel module because my kernel somehow already has the sysctl value in it. This is FreeBSD -STABLE and I have the following in my kernel: 

options         INET                    # InterNETworking
options         INET6                   # IPv6 communications protocols

options         IPFIREWALL
options         IPFIREWALL_FORWARD
options         IPDIVERT
options         DUMMYNET

net.inet6.ip6.fw.enable managed to get in the kernel.

Cheers,
Sean
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to