NetBSD Problem Report #56272

From mouse@Stone.Rodents-Montreal.ORG  Wed Jun 23 17:46:41 2021
Return-Path: <mouse@Stone.Rodents-Montreal.ORG>
Received: from ( [])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "", Issuer " CA" (not verified))
	by (Postfix) with ESMTPS id 4849D1A921F
	for <>; Wed, 23 Jun 2021 17:46:41 +0000 (UTC)
Message-Id: <202106231746.NAA04641@Stone.Rodents-Montreal.ORG>
Date: Wed, 23 Jun 2021 13:46:36 -0400 (EDT)
From: Mouse <mouse@Rodents-Montreal.ORG>
Reply-To: mouse@Rodents-Montreal.ORG
Subject: Support for ipf -T at boot time
X-Send-Pr-Version: 3.95

>Number:         56272
>Category:       misc
>Synopsis:       No support for ipf -T at boot time
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 23 17:50:00 +0000 2021
>Originator:     Mouse
>Release:        NetBSD 9.1 (also 5.2, probably everything in between)
System: NetBSD 9.1 NetBSD 9.1 (GENERIC) #0: Sun Oct 18 19:24:30 UTC 2020 amd64
Architecture: x86_64
Machine: amd64
	There seems to be no way to arrange for ipf -T tunable settings
	at boot time.  Since some of them are not settable unless ipf
	is disabled, it is not enough to run ipf -T from /etc/rc.local
	or the like.

	Yes, I know ipf is not well thought of in some circles.  It's
	still present in 9.1, though.
	Try to set ipf -T tunables at boot time.  Note the lack of a
	mechanism to do so before ipf is turned on by rc.d/ipfilter.
	Here's what I'm using.  This is from my mutant 5.2 source tree,
	but diffing my 5.2 /etc/rc.d/ipfilter against the 9.1 one, I
	see only version numbers, the REQUIRE line, one all-blank line,
	and now this, so it should work.  It looks for /etc/ipf.tune,
	each line of which is used as an ipf -T command line (except
	for comments and empty lines).

	I'm hardly wedded to this mechanism.  It just was the first
	thing that came to mind.  "It works for me."

	commit 819714fe6c6323d492f8812ab8d12d6882e675d7
	Author: Mouse <mouse@Rodents-Montreal.ORG>
	Date:   Wed Jun 23 13:09:01 2021 -0400

	    Add support for /etc/ipf.tune, to do ipf -T tuning at boot time.

	diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter
	index d0daabd..80360bd 100644
	--- a/etc/rc.d/ipfilter
	+++ b/etc/rc.d/ipfilter
	@@ -30,6 +30,16 @@ ipfilter_prestart()
	 		return 1
	+	if [ -f /etc/ipf.tune ]; then
	+		while read line
	+		do
	+			case "$line" in
	+				"")	;;
	+				"#"*)	;;
	+				*)	/sbin/ipf -T $line ;;
	+			esac
	+		done < /etc/ipf.tune
	+	fi
	 	return 0

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD:,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.