netbsd-bugs@netbsd.org
[Top] [All Lists]
<prev [Date] next>
<prev [Thread] next>

bin/29268: ipfilter should be allowed to specify additional flags.

from [Takahiro Kambe]
Subject: bin/29268: ipfilter should be allowed to specify additional flags.
From: Takahiro Kambe
Date: Mon, 7 Feb 2005 14:47:00 +0000 UTC 
>Number:         29268
>Category:       bin
>Synopsis:       ipfilter should be allowed to specify additional flags.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Feb 07 14:47:00 +0000 2005
>Originator:     Takahiro Kambe
>Release:        NetBSD 2.99.15
>Organization:
Takahiro Kambe
>Environment:
        
        
System: NetBSD reef.back-street.net 2.99.15 NetBSD 2.99.15 (CF-R3E) #23: Tue 
Jan 25 19:12:54 JST 2005 
taca@xxxxxxxxxxxxxxxxxxxx:/var/obj/sys/arch/i386/compile/CF-R3E i386
Architecture: i386
Machine: i386
>Description:
        There are several option of ipf(8) and some are used in
        /etc/rc.d/ipfilter to support its arguments (start, stop and so on).

        But currently, it is difficult to specify other arguments to ipf(8).
        For example, if I add "-l block" to ipf(8), I must edit
        /etc/rc.d/ipfilter directly.

>How-To-Repeat:
        Try to specify addtional arguments to ipf(8).
>Fix:
        Itroduce ipf_flags and ipf6_flags shell variables.

Index: etc/rc.d/ipfilter
===================================================================
RCS file: /usr/pkg/libdata/cvs/src/etc/rc.d/ipfilter,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.2.1
diff -u -p -d -u -p -r1.1.1.1 -r1.1.1.1.2.1
--- etc/rc.d/ipfilter   24 Feb 2003 02:15:48 -0000      1.1.1.1
+++ etc/rc.d/ipfilter   27 Jan 2005 07:35:22 -0000      1.1.1.1.2.1
@@ -45,10 +45,10 @@ ipfilter_start()
        echo "Enabling ipfilter."
        /sbin/ipf -E -Fa
        if [ -f /etc/ipf.conf ]; then
-               /sbin/ipf -f /etc/ipf.conf
+               /sbin/ipf ${ipf_flags} -f /etc/ipf.conf
        fi
        if [ -f /etc/ipf6.conf ]; then
-               /sbin/ipf -6 -f /etc/ipf6.conf
+               /sbin/ipf -6 ${ipf6_flags} -f /etc/ipf6.conf
        fi
 }
 
@@ -63,10 +63,10 @@ ipfilter_reload()
        echo "Reloading ipfilter rules."
 
        /sbin/ipf -I -Fa
-       if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
+       if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I ${ipf_flags} -f 
/etc/ipf.conf; then
                err 1 "reload of ipf.conf failed; not swapping to new ruleset."
        fi
-       if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
+       if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 ${ipf6_flags} -f 
/etc/ipf6.conf; then
                err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
        fi
        /sbin/ipf -s

>Unformatted:
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • bin/29268: ipfilter should be allowed to specify additional flags., Takahiro Kambe <=
Previous by Date:  Re: misc/29244: share/mk/bsd.README should be merged into BUILDING, Thomas Klausner
Next by Date:  Re: lib/14234, mrg
Previous by Thread:  Re: kern/29262, cube
Next by Thread:  Re: lib/14234, mrg
Indexes:  [Date] [Thread] [Top] [All Lists]