On Thu, Sep 05, 2019 at 11:00:06PM +0200, Matthieu Herrb wrote:
> Hi,
>
> on my redundant firealls I have an " admin" interface in rdomain 1
> with a sshd listening, used to be able to access the slave machine and
> let it access the internet to be able to run syspatch or pkg_add.
>
> This works well, but but if I use rcctl in this non default rdomain to
> control services normally running in the default rdomain, things don't
> behave too well. In particular, 'rcctl start' or 'restart' starts the
> service with rtable 1.
>
> Alternatives would be to run the admin interface in the default rdomain
> and all other interfaces in a separate one, but it feels more painful
> to setup.
>
> It seems to me that the patch below helps, but may be it has other
> unforseen and unwanted effects ?
>
> Thoughts ?
I've been told privately that this was already handled. Indeed this
was a pair of firewalls still runnuing 6.4.
So issue closed. Thanks.
>
> Index: rc.subr
> ===================================================================
> RCS file: /cvs/OpenBSD/src/etc/rc.d/rc.subr,v
> retrieving revision 1.131
> diff -u -r1.131 rc.subr
> --- rc.subr 21 Mar 2019 15:10:27 -0000 1.131
> +++ rc.subr 5 Sep 2019 20:56:38 -0000
> @@ -320,5 +320,4 @@
> # make sure pexp matches the process (i.e. doesn't include the quotes)
> pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})"
> rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
> -[ "${daemon_rtable}" -eq "$(id -R)" ] ||
> - rcexec="route -T ${daemon_rtable} exec ${rcexec}"
> +rcexec="route -T ${daemon_rtable} exec ${rcexec}"
>
>
> --
> Matthieu Herrb
--
Matthieu Herrb
