NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/40988: ippool.conf is not loaded by the ipfilter rc.d script
>Number: 40988
>Category: bin
>Synopsis: ippool.conf is not loaded by the ipfilter rc.d script
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Mar 09 12:00:00 +0000 2009
>Originator: Darren Reed
>Release: 4.99.20
>Organization:
IPFIlter
>Environment:
NetBSD firewall 4.99.20 NetBSD 4.99.20 (FIREWALL) #50: Wed May 28 06:42:20 PDT
2008 darrenr@firewall:/sys/arch/i386/compile/FIREWALL i386
>Description:
If you put rules in your ipf.conf file like this:
block in quick log from pool/666 to any
then booting netbsd will result in an error when ipf tries to load that rule:
ippool.conf has not been loaded so "pool 666" does not exist.
The attached script below (etc/rc.d/ippool) explicity does not support
reloading because the ippool support does not work as well as it should for
this.
IPFilter 5.1 will fix that but that's not here yet.
Meanwhile, this should be fixed...
>How-To-Repeat:
Try to use ippool with ipfilter.
>Fix:
#!/bin/sh
#
# $NetBSD$
#
# PROVIDE: ippool
# REQUIRE: root bootconf mountcritlocal tty
# BEFORE: ipfilter
$_rc_subr_loaded . /etc/rc.subr
name="ippool"
rcvar=$name
start_precmd="ippool_prestart"
start_cmd="ippool_start"
stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
stop_cmd="ippool_stop"
extra_commands=""
ippool_prestart()
{
if [ ! -f /etc/ippool.conf ] && [ ! -f /etc/ippool.conf ]; then
warn "/etc/ippool.conf not readable; ippool start aborted."
stop_boot
return 1
fi
return 0
}
ippool_start()
{
echo "Enabling ippool."
/sbin/ipf -E
if [ -f /etc/ippool.conf ]; then
/sbin/ippool -F
/sbin/ippool -f /etc/ippool.conf
fi
}
ippool_stop()
{
echo "Flushing all address pools."
/sbin/ippool -F
}
load_rc_config $name
run_rc_command "$1"
Home |
Main Index |
Thread Index |
Old Index