NetBSD Problem Report #56272
From mouse@Stone.Rodents-Montreal.ORG Wed Jun 23 17:46:41 2021
Return-Path: <mouse@Stone.Rodents-Montreal.ORG>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 4849D1A921F
for <gnats-bugs@gnats.NetBSD.org>; Wed, 23 Jun 2021 17:46:41 +0000 (UTC)
Message-Id: <202106231746.NAA04641@Stone.Rodents-Montreal.ORG>
Date: Wed, 23 Jun 2021 13:46:36 -0400 (EDT)
From: Mouse <mouse@Rodents-Montreal.ORG>
Reply-To: mouse@Rodents-Montreal.ORG
To: gnats-bugs@NetBSD.org
Subject: Support for ipf -T at boot time
X-Send-Pr-Version: 3.95
>Number: 56272
>Category: misc
>Synopsis: No support for ipf -T at boot time
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: misc-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Wed Jun 23 17:50:00 +0000 2021
>Originator: Mouse
>Release: NetBSD 9.1 (also 5.2, probably everything in between)
>Organization:
Dis-
>Environment:
System: NetBSD CREDIL91.MAQSonar.com 9.1 NetBSD 9.1 (GENERIC) #0: Sun Oct 18 19:24:30 UTC 2020 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
There seems to be no way to arrange for ipf -T tunable settings
at boot time. Since some of them are not settable unless ipf
is disabled, it is not enough to run ipf -T from /etc/rc.local
or the like.
Yes, I know ipf is not well thought of in some circles. It's
still present in 9.1, though.
>How-To-Repeat:
Try to set ipf -T tunables at boot time. Note the lack of a
mechanism to do so before ipf is turned on by rc.d/ipfilter.
>Fix:
Here's what I'm using. This is from my mutant 5.2 source tree,
but diffing my 5.2 /etc/rc.d/ipfilter against the 9.1 one, I
see only version numbers, the REQUIRE line, one all-blank line,
and now this, so it should work. It looks for /etc/ipf.tune,
each line of which is used as an ipf -T command line (except
for comments and empty lines).
I'm hardly wedded to this mechanism. It just was the first
thing that came to mind. "It works for me."
commit 819714fe6c6323d492f8812ab8d12d6882e675d7
Author: Mouse <mouse@Rodents-Montreal.ORG>
Date: Wed Jun 23 13:09:01 2021 -0400
Add support for /etc/ipf.tune, to do ipf -T tuning at boot time.
diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter
index d0daabd..80360bd 100644
--- a/etc/rc.d/ipfilter
+++ b/etc/rc.d/ipfilter
@@ -30,6 +30,16 @@ ipfilter_prestart()
stop_boot
return 1
fi
+ if [ -f /etc/ipf.tune ]; then
+ while read line
+ do
+ case "$line" in
+ "") ;;
+ "#"*) ;;
+ *) /sbin/ipf -T $line ;;
+ esac
+ done < /etc/ipf.tune
+ fi
return 0
}
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.