On Thu, Sep 05, 2019 at 11:00:06PM +0200, Matthieu Herrb wrote: > Hi, > > on my redundant firealls I have an " admin" interface in rdomain 1 > with a sshd listening, used to be able to access the slave machine and > let it access the internet to be able to run syspatch or pkg_add. > > This works well, but but if I use rcctl in this non default rdomain to > control services normally running in the default rdomain, things don't > behave too well. In particular, 'rcctl start' or 'restart' starts the > service with rtable 1. > > Alternatives would be to run the admin interface in the default rdomain > and all other interfaces in a separate one, but it feels more painful > to setup. > > It seems to me that the patch below helps, but may be it has other > unforseen and unwanted effects ? > > Thoughts ?
I've been told privately that this was already handled. Indeed this was a pair of firewalls still runnuing 6.4. So issue closed. Thanks. > > Index: rc.subr > =================================================================== > RCS file: /cvs/OpenBSD/src/etc/rc.d/rc.subr,v > retrieving revision 1.131 > diff -u -r1.131 rc.subr > --- rc.subr 21 Mar 2019 15:10:27 -0000 1.131 > +++ rc.subr 5 Sep 2019 20:56:38 -0000 > @@ -320,5 +320,4 @@ > # make sure pexp matches the process (i.e. doesn't include the quotes) > pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})" > rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c" > -[ "${daemon_rtable}" -eq "$(id -R)" ] || > - rcexec="route -T ${daemon_rtable} exec ${rcexec}" > +rcexec="route -T ${daemon_rtable} exec ${rcexec}" > > > -- > Matthieu Herrb -- Matthieu Herrb