Hajimu UMEMOTO wrote:
> Hi,
>
> The ipfw and ip6fw were unified into ipfw2, now. But, we still have
> rc.firewall and rc.firewall6. However, there are conflicts with each
> other, and it confuses the users, IMHO.
> So, I made a patch to unify rc.firewall and rc.firewall6, and obsolete
> rc.firewall6 and rc.d/ip6fw.
> Please review the attached patch. If there is no objection, I'll
> commit it in next weekend.
Overall I think this is good, and I'm definitely in favor of more
integration of IPv6 into the mainstream rather than something that is
glued on.
A few comments:
In rc.firewall you seem to have copied afexists() from network.subr.
Is there a reason that you did not simply source that file? That would
be the preferred method. Also in that file you call "if afexists
inet6" quite a few times. My preference from a performance standpoint
would be to call it once, perhaps in a start_precmd then cache the value.
And of course, you have regression tested this thoroughly, yes? :)
Please include scenarios where there is no INET6 in the kernel as well.
hth,
Doug
--
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
