In some email I received from Hans Werner Strube, sie wrote:
>
> Yes, this works, thanks again!
> But now, ipfboot is no more compatible with this. Module ipfrule, if present,
> should be modload-ed after ipf and modunload-ed before ipf. In getids(),
> "id" must be replaced by two separate variables.
So something like this patch would be useful ?
Note that I'm not interested in placing ipfrule in there by default.
Darren
Index: SunOS5/ipfboot
===================================================================
RCS file: /devel/CVS/IP-Filter/SunOS5/ipfboot,v
retrieving revision 2.17.2.1
diff -c -r2.17.2.1 ipfboot
*** SunOS5/ipfboot 2004/03/06 14:33:24 2.17.2.1
--- SunOS5/ipfboot 2004/03/24 21:44:47
***************
*** 51,57 ****
getids()
{
! id=`modinfo 2>&1 | awk '/ipf/ { print $1 } ' - 2>/dev/null`
if [ -f $PIDFILE ] ; then
pid=`cat $PIDFILE 2>/dev/null`
else
--- 51,58 ----
getids()
{
! ipfid=`modinfo 2>&1 | awk '/ipf / { print $1 } ' - 2>/dev/null`
! ipfruleid=`modinfo 2>&1 | awk '/ipfrule/ { print $1 } ' - 2>/dev/null`
if [ -f $PIDFILE ] ; then
pid=`cat $PIDFILE 2>/dev/null`
else
***************
*** 145,152 ****
start)
getids
[ -n "$pid" ] && kill -TERM $pid 2>/dev/null
! [ -n "$id" ] && modunload -i $id 2>/dev/null
modload /usr/kernel/drv/ipf
load_ippool_config
load_ipf_config
load_ipnat_config
--- 146,157 ----
start)
getids
[ -n "$pid" ] && kill -TERM $pid 2>/dev/null
! [ -n "$ipfruleid" ] && modunload -i $ipfruleid 2>/dev/null
! [ -n "$ipfid" ] && modunload -i $ipfid 2>/dev/null
modload /usr/kernel/drv/ipf
+ if [ -f /usr/kernel/drv/ipfrule ] ; then
+ modload /usr/kernel/drv/ipfrule
+ fi
load_ippool_config
load_ipf_config
load_ipnat_config
***************
*** 157,163 ****
getids
[ -n "$pid" ] && kill -TERM $pid
/bin/rm -f $PIDFILE
! [ -n "$id" ] && modunload -i $id
;;
pause)
--- 162,169 ----
getids
[ -n "$pid" ] && kill -TERM $pid
/bin/rm -f $PIDFILE
! [ -n "$ipfruleid" ] && modunload -i $ipfruleid 2>/dev/null
! [ -n "$ipfid" ] && modunload -i $ipfid
;;
pause)
