The following reply was made to PR conf/78762; it has been noted by GNATS. From: Sean McNeil <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: Subject: Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it Date: Mon, 18 Jun 2007 17:05:45 -0700
This is a bad idea and has broken the new feature of rcNG allowing us to place options into /etc/rc.conf.d/ipfw and /etc/rc.conf.d/ip6fw. The commit to src/etc/rc.d/ipfw revision 1.15 and src/etc/rc.d/ip6fw 1.9 have now broken this basic concept. IMHO, the correct thing is: Don't use exit in your firewall script. I offer 3 solutions, however, below. What has been broken: /etc/rc.conf.d/ipfw firewall_enable="YES" firewall_type="/etc/fw/rc.firewall.rules" /etc/rc.conf.d/ip6fw ipv6_firewall_enable="YES" ipv6_firewall_type="/etc/fw/rc.firewall6.rules" Now, this no longer works and I must once again pollute and move more stuff back into /etc/rc.conf. Namely, firewall_type="/etc/fw/rc.firewall.rules" ipv6_firewall_type="/etc/fw/rc.firewall6.rules" must now be in /etc/rc.conf or /etc/rc.conf.local. Solution: 1) revert to sourcing the rc.firewall script. 2) Fix rc.firewall and rc.firewall6 to somehow get stuff from /etc/rc.conf.d as it should (as ipfw and ip6fw?). 3) completely remove rc.conf.d support as more things fail to work with it. _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"