The following reply was made to PR conf/78762; it has been noted by GNATS.
From: Sean McNeil <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc:
Subject: Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute
$firewall_script not read it
Date: Mon, 18 Jun 2007 17:05:45 -0700
This is a bad idea and has broken the new feature of rcNG allowing us to
place options into /etc/rc.conf.d/ipfw and /etc/rc.conf.d/ip6fw. The
commit to src/etc/rc.d/ipfw revision 1.15 and src/etc/rc.d/ip6fw 1.9
have now broken this basic concept.
IMHO, the correct thing is: Don't use exit in your firewall script. I
offer 3 solutions, however, below.
What has been broken:
/etc/rc.conf.d/ipfw
firewall_enable="YES"
firewall_type="/etc/fw/rc.firewall.rules"
/etc/rc.conf.d/ip6fw
ipv6_firewall_enable="YES"
ipv6_firewall_type="/etc/fw/rc.firewall6.rules"
Now, this no longer works and I must once again pollute and move more
stuff back into /etc/rc.conf. Namely,
firewall_type="/etc/fw/rc.firewall.rules"
ipv6_firewall_type="/etc/fw/rc.firewall6.rules"
must now be in /etc/rc.conf or /etc/rc.conf.local.
Solution:
1) revert to sourcing the rc.firewall script.
2) Fix rc.firewall and rc.firewall6 to somehow get stuff
from /etc/rc.conf.d as it should (as ipfw and ip6fw?).
3) completely remove rc.conf.d support as more things fail to work with
it.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
