El Lunes, 2 de Mayo de 2005 05:02, Giovanni P. Tirloni escribió: > Jose M Rodriguez wrote: > > Hi, > > > > This is FreeBSD-5.4 RC3 > > > > I'm working in a replacement rc.firewall script and found no > > /etc/rc.d method to launch dummynet (load module). > > > > Right now, dummynet is kernel based, but I want this be able to > > work from stock kernel (ipfw, ipfw6, dummynet from modules). > > > > I missed some rc.conf var or rc.d/ module? > > > > If this will be added, maybe /etc/rc.d/ipfw the right place? > > > > And what about firewall_dummynet for the controlling knob? > > It seems like a good idea. > > IMHO, you should create a 'dummynet' script in /etc/rc.d that > required ipfw (using rcorder(8)) keywords). And a dummynet_enable > option would make sense. >
I can't see any need of and aditional dummynet script. I'm not running and aditional daemon (like the natd case), only loading a prerequired module when needed. > But how would you integrate with the ipfw rules ? You can kldload > ipfw and load ipfw rules, then kldload dummynet.. but what about the > dummynet rules order in this case ? > I can't see this point. ipfw rules are loaded from etc/rc.d/ipfw sourcing $firewall-script. The kernel must have dummynet functionality (in kernel or from module) before this is done if there're plans to use dummynet. This is allready done for the ipfw module here. > Your idea of changing /etc/rc.d/ipfw makes sense but, again, we've > the rules order problem and how that script is going to guess what > rules (dummynet) we don't want to load.. I Think this kind of functionality is diffrent. You're suppoused to define firewall_dummynet="YES" when you're using dummynet in $firewall-script. But it's to you put the rules here by other means. You can allways add in /etc/rc.conf: firewall_script="/etc/rc.firewall.local" and checkyesno $firewall_dummynet before do dummynet rules. -- josemi _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
