netbsd-bugs: bin/29268: ipfilter should be allowed to specify additional flags.

Subject: bin/29268: ipfilter should be allowed to specify additional flags.
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Takahiro Kambe <taca@back-street.net>
List: netbsd-bugs
Date: 02/07/2005 14:47:00

>Number:         29268
>Category:       bin
>Synopsis:       ipfilter should be allowed to specify additional flags.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Feb 07 14:47:00 +0000 2005
>Originator:     Takahiro Kambe
>Release:        NetBSD 2.99.15
>Organization:
Takahiro Kambe
>Environment:
	
	
System: NetBSD reef.back-street.net 2.99.15 NetBSD 2.99.15 (CF-R3E) #23: Tue Jan 25 19:12:54 JST 2005 taca@reef.back-street.net:/var/obj/sys/arch/i386/compile/CF-R3E i386
Architecture: i386
Machine: i386
>Description:
	There are several option of ipf(8) and some are used in
	/etc/rc.d/ipfilter to support its arguments (start, stop and so on).

	But currently, it is difficult to specify other arguments to ipf(8).
	For example, if I add "-l block" to ipf(8), I must edit
	/etc/rc.d/ipfilter directly.

>How-To-Repeat:
	Try to specify addtional arguments to ipf(8).
>Fix:
	Itroduce ipf_flags and ipf6_flags shell variables.

Index: etc/rc.d/ipfilter
===================================================================
RCS file: /usr/pkg/libdata/cvs/src/etc/rc.d/ipfilter,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.2.1
diff -u -p -d -u -p -r1.1.1.1 -r1.1.1.1.2.1
--- etc/rc.d/ipfilter	24 Feb 2003 02:15:48 -0000	1.1.1.1
+++ etc/rc.d/ipfilter	27 Jan 2005 07:35:22 -0000	1.1.1.1.2.1
@@ -45,10 +45,10 @@ ipfilter_start()
 	echo "Enabling ipfilter."
 	/sbin/ipf -E -Fa
 	if [ -f /etc/ipf.conf ]; then
-		/sbin/ipf -f /etc/ipf.conf
+		/sbin/ipf ${ipf_flags} -f /etc/ipf.conf
 	fi
 	if [ -f /etc/ipf6.conf ]; then
-		/sbin/ipf -6 -f /etc/ipf6.conf
+		/sbin/ipf -6 ${ipf6_flags} -f /etc/ipf6.conf
 	fi
 }
 
@@ -63,10 +63,10 @@ ipfilter_reload()
 	echo "Reloading ipfilter rules."
 
 	/sbin/ipf -I -Fa
-	if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
+	if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I ${ipf_flags} -f /etc/ipf.conf; then
 		err 1 "reload of ipf.conf failed; not swapping to new ruleset."
 	fi
-	if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
+	if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 ${ipf6_flags} -f /etc/ipf6.conf; then
 		err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
 	fi
 	/sbin/ipf -s

>Unformatted: