NetBSD Problem Report #29268

From taca@back-street.net  Mon Feb  7 14:46:48 2005
Return-Path: <taca@back-street.net>
Received: from ns.back-street.net (usen-221x250x131x194.ap-US01.usen.ad.jp [221.250.131.194])
	by narn.netbsd.org (Postfix) with ESMTP id 5F71263B400
	for <gnats-bugs@gnats.NetBSD.org>; Mon,  7 Feb 2005 14:46:48 +0000 (UTC)
Message-Id: <200502071446.j17EkeXd012612@reef.back-street.net>
Date: Mon, 7 Feb 2005 23:46:40 +0900 (JST)
From: Takahiro Kambe <taca@back-street.net>
Reply-To: taca@back-street.net
To: gnats-bugs@netbsd.org
Subject: ipfilter should be allowed to specify additional flags.
X-Send-Pr-Version: 3.95

>Number:         29268
>Category:       bin
>Synopsis:       ipfilter rc.d script should allow additional flags.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Feb 07 14:47:00 +0000 2005
>Last-Modified:  Thu Jan 01 04:11:45 +0000 2009
>Originator:     Takahiro Kambe
>Release:        NetBSD 2.99.15
>Organization:
Takahiro Kambe
>Environment:


System: NetBSD reef.back-street.net 2.99.15 NetBSD 2.99.15 (CF-R3E) #23: Tue Jan 25 19:12:54 JST 2005 taca@reef.back-street.net:/var/obj/sys/arch/i386/compile/CF-R3E i386
Architecture: i386
Machine: i386
>Description:
	There are several option of ipf(8) and some are used in
	/etc/rc.d/ipfilter to support its arguments (start, stop and so on).

	But currently, it is difficult to specify other arguments to ipf(8).
	For example, if I add "-l block" to ipf(8), I must edit
	/etc/rc.d/ipfilter directly.

>How-To-Repeat:
	Try to specify addtional arguments to ipf(8).
>Fix:
	Itroduce ipf_flags and ipf6_flags shell variables.

Index: etc/rc.d/ipfilter
===================================================================
RCS file: /usr/pkg/libdata/cvs/src/etc/rc.d/ipfilter,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.2.1
diff -u -p -d -u -p -r1.1.1.1 -r1.1.1.1.2.1
--- etc/rc.d/ipfilter	24 Feb 2003 02:15:48 -0000	1.1.1.1
+++ etc/rc.d/ipfilter	27 Jan 2005 07:35:22 -0000	1.1.1.1.2.1
@@ -45,10 +45,10 @@ ipfilter_start()
 	echo "Enabling ipfilter."
 	/sbin/ipf -E -Fa
 	if [ -f /etc/ipf.conf ]; then
-		/sbin/ipf -f /etc/ipf.conf
+		/sbin/ipf ${ipf_flags} -f /etc/ipf.conf
 	fi
 	if [ -f /etc/ipf6.conf ]; then
-		/sbin/ipf -6 -f /etc/ipf6.conf
+		/sbin/ipf -6 ${ipf6_flags} -f /etc/ipf6.conf
 	fi
 }

@@ -63,10 +63,10 @@ ipfilter_reload()
 	echo "Reloading ipfilter rules."

 	/sbin/ipf -I -Fa
-	if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
+	if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I ${ipf_flags} -f /etc/ipf.conf; then
 		err 1 "reload of ipf.conf failed; not swapping to new ruleset."
 	fi
-	if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
+	if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 ${ipf6_flags} -f /etc/ipf6.conf; then
 		err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
 	fi
 	/sbin/ipf -s

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: bin-bug-people->ipf-bug-people
Responsible-Changed-By: darrenr@NetBSD.org
Responsible-Changed-When: Thu, 01 Jan 2009 04:10:54 +0000
Responsible-Changed-Why:


Responsible-Changed-From-To: ipf-bug-people->bin-bug-people
Responsible-Changed-By: darrenr@NetBSD.org
Responsible-Changed-When: Thu, 01 Jan 2009 04:11:45 +0000
Responsible-Changed-Why:


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.