I was trying to make it such that when my machine booted it was ready to forward
packets after dial-up without manual intervention (i.e. restarting ipfilter).

As for the other statements regarding security, read the subject line: "for
dial-up".  In a dial-up situation you don't have to worry about packet forwarding
before firewalling because dial-up is an on demand process that occurs after boot.

Manuel Bouyer wrote:

> On Fri, Apr 12, 2002 at 10:10:49PM -0400, David Forrai wrote:
> > There is a problem with the default sequence in which rc.d executes the scripts
> > that support ipfilter.  I submitted a bug report that didn't seem to lead to
> > any change.  I don't remember the details, but these are the requirement lines
> > I have in three rc.d scripts that I think made things work (making sysctl a
> > requirement for ipnat may have been the problem):
> >
> > ipfilter: # REQUIRE: root beforenetlkm mountcritlocal tty
> > ipnat: # REQUIRE: ipfilter mountcritremote sysctl
> > sysctl: # REQUIRE: root ipfilter ipsec
>
> I don't understand why you need sysctl before ipnat ? Do you have
> some special sysctl settings ?
>
> --
> Manuel Bouyer <bouyer@antioche.eu.org>
> --