NetBSD Problem Report #40988

From www@NetBSD.org  Mon Mar  9 11:59:36 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id E391963C100
	for <gnats-bugs@gnats.netbsd.org>; Mon,  9 Mar 2009 11:59:35 +0000 (UTC)
Message-Id: <20090309115935.7820B63BE42@www.NetBSD.org>
Date: Mon,  9 Mar 2009 11:59:35 +0000 (UTC)
From: darrenr@netbsd.org
Reply-To: darrenr@netbsd.org
To: gnats-bugs@NetBSD.org
Subject: ippool.conf is not loaded by the ipfilter rc.d script
X-Send-Pr-Version: www-1.0

>Number:         40988
>Category:       bin
>Synopsis:       ippool.conf is not loaded by the ipfilter rc.d script
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 09 12:00:00 +0000 2009
>Originator:     Darren Reed
>Release:        4.99.20
>Organization:
IPFIlter
>Environment:
NetBSD firewall 4.99.20 NetBSD 4.99.20 (FIREWALL) #50: Wed May 28 06:42:20 PDT 2008  darrenr@firewall:/sys/arch/i386/compile/FIREWALL i386

>Description:
If you put rules in your ipf.conf file like this:
block in quick log from pool/666 to any

then booting netbsd will result in an error when ipf tries to load that rule: ippool.conf has not been loaded so "pool 666" does not exist.

The attached script below (etc/rc.d/ippool) explicity does not support reloading because the ippool support does not work as well as it should for this.

IPFilter 5.1 will fix that but that's not here yet.

Meanwhile, this should be fixed...

>How-To-Repeat:
Try to use ippool with ipfilter.
>Fix:
#!/bin/sh
#
# $NetBSD$ 
#

# PROVIDE: ippool
# REQUIRE: root bootconf mountcritlocal tty
# BEFORE: ipfilter

$_rc_subr_loaded . /etc/rc.subr

name="ippool"
rcvar=$name
start_precmd="ippool_prestart"
start_cmd="ippool_start"
stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
stop_cmd="ippool_stop"
extra_commands=""

ippool_prestart()
{
        if [ ! -f /etc/ippool.conf ] && [ ! -f /etc/ippool.conf ]; then
                warn "/etc/ippool.conf not readable; ippool start aborted."

                stop_boot
                return 1
        fi       
        return 0
}

ippool_start()
{
        echo "Enabling ippool."
        /sbin/ipf -E

        if [ -f /etc/ippool.conf ]; then
                /sbin/ippool -F
                /sbin/ippool -f /etc/ippool.conf
        fi       
}

ippool_stop()
{
        echo "Flushing all address pools."
        /sbin/ippool -F
}

load_rc_config $name
run_rc_command "$1"

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.