netbsd-bugs: misc/11033: patch for /etc/rc.d/ipfilter and IPv6

Subject: misc/11033: patch for /etc/rc.d/ipfilter and IPv6
To: None <gnats-bugs@gnats.netbsd.org>
From: Gregory McGarry <g.mcgarry@ieee.org>
List: netbsd-bugs
Date: 09/18/2000 01:27:21

>Number:         11033
>Category:       misc
>Synopsis:       patch to allow IPv6 in /etc/rc.d/ipfilter
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    misc-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 18 01:33:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Gregory McGarry
>Release:        1.5_ALPHA2 <NetBSD-current source date>
>Organization:
>Environment:

NetBSD candel 1.5_ALPHA2 NetBSD 1.5_ALPHA2 (CANDEL) #13: Tue Aug 29 09:00:31 EST 2000     gmcgarry@candel:/storage/CANDEL i386

>Description:

/etc/rc.d/ipfilter does not support IPv6.

>How-To-Repeat:

inspect /etc/rc.d/ipfilter

>Fix:

ipfilter_reload() will need attention from a real script writer...


--- ipfilter.orig	Mon Sep 18 18:00:33 2000
+++ ipfilter	Mon Sep 18 18:00:38 2000
@@ -11,7 +11,7 @@
 name="ipfilter"
 start_precmd="ipfilter_prestart"
 start_cmd="ipfilter_start"
-stop_precmd="checkyesno ipfilter && [ -f /etc/ipf.conf ]"
+stop_precmd="checkyesno ipfilter && [ -f /etc/ipf.conf -o /etc/ipf6.conf ]"
 stop_cmd="ipfilter_stop"
 reload_precmd="$stop_precmd"
 reload_cmd="ipfilter_reload"
@@ -24,7 +24,7 @@
 	if ! checkyesno ipfilter; then
 		return 1
 	fi
-	if [ ! -f /etc/ipf.conf ]; then
+	if [ ! -f /etc/ipf.conf -a ! /etc/ipf6.conf ]; then
 		warn "/etc/ipf.conf not readable; ipfilter start aborted."
 			#
 			# If booting directly to multiuser, send SIGTERM to
@@ -43,7 +43,13 @@
 ipfilter_start()
 {
 	echo "Enabling ipfilter."
-	/sbin/ipf -E -Fa -f /etc/ipf.conf
+	/sbin/ipf -E -Fa
+	if [ -f /etc/ipf.conf ]; then
+		/sbin/ipf -f /etc/ipf.conf
+	fi
+	if [ -f /etc/ipf6.conf ]; then
+		/sbin/ipf -6 -f /etc/ipf6.conf
+	fi
 }
 
 ipfilter_stop()
@@ -55,7 +61,13 @@
 ipfilter_reload()
 {
 	echo "Reloading ipfilter rules."
-	/sbin/ipf -I -Fa -f /etc/ipf.conf
+	/sbin/ipf -I -Fa
+	if [ -f /etc/ipf.conf ]; then
+		/sbin/ipf -I -f /etc/ipf.conf
+	fi
+	if [ -f /etc/ipf6.conf ]; then
+		/sbin/ipf -I -6 -f /etc/ipf6.conf
+	fi
 	if [ $? -eq 0 ]; then
 		/sbin/ipf -s
 	else
>Release-Note:
>Audit-Trail:
>Unformatted: