current-users: Re: Testers needed: vlan and ipf

Subject: Re: Testers needed: vlan and ipf
To: Matthias Scheler <tron@zhadum.de>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: current-users
Date: 10/03/2002 23:14:32

On Tue, Oct 01, 2002 at 08:56:16PM +0000, Matthias Scheler wrote:
> In article <20020929204123.GA2975@antioche.eu.org>,
> 	Manuel Bouyer <bouyer@antioche.eu.org> writes:
> >> Could someone with a working vlan setup try the latest -current with
> >> ipf 3.4.29 and test if PR#16278 is still valid?
> > yes it's still there.
> 
> Not really.
> 
> > /etc/rc.d/network has a workaround, which is to call 'ipf -y' after
> > once network is up. But with the ipf default as "pass all", there is
> > a window where traffic which should be blocked is not.
> 
> Yes, indeed.
> 
> > A better workaround would be to change /etc/rc.d/network to create
> > the needed cloning interfaces, sync ipf, then continue with the
> > network setup.
> > While there it would be nice if /etc/rc.d/network stop destroyed cloning
> > interfaces :)
> 
> This patch should accomplish both:

I tried it on my 1.6 system with pppoe and gif, and it seems fine.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
--