tech-userlevel: Re: admin script for ipfilter

Subject: Re: admin script for ipfilter
To: Darren Reed <darrenr@NetBSD.org>
From: Hubert Feyrer <hubert@feyrer.de>
List: tech-userlevel
Date: 12/27/2006 10:56:43

On Wed, 27 Dec 2006, Darren Reed wrote:
> No.
>
> That doesn't tell me if it should be enabled or if rules are loaded
> and active, eg if I start ipmon now and do "ipfadm status", I see:
>
> ipfilter disabled
> ipfs disabled
> ipmon disabled-but-running
> ipnat disabled
>
> ....but some more work is needed too...
>
> If it was "Running: no" above, then the idea is to have it return:
> ipfilter enabled-not-running
>
> or if it isn't built into the kernel:
> ipfilter enabled-not-in-kernel
>
> ...the object being to reconcile and report what is in the rc.conf
> config vs what is in the kernel (if anything.)

Why not make '/etc/rc.d/ipfilter status' do that, instead of introducing a 
new interface?


  - Hubert