>Number:         12752
>Category:       bin
>Synopsis:       /etc/rc.d/ipfilter status is nonstandard
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Apr 25 11:51:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Tim Rightnour
>Release:        1.5<NetBSD-current source date>
>Organization:
	
>Environment:
	
System: NetBSD polaris 1.5_ALPHA2 NetBSD 1.5_ALPHA2 (POLARIS) #1: Wed Dec 13 00:45:28 MST 2000 root@polaris:/usr/src/sys/arch/i386/compile/POLARIS i386


>Description:
/etc/rc.d/ipfilter does not produce output consistent with every other
script in /etc/rc.d.  This makes it impossible to write any sort of
automation that reads the output, and then makes decisions based uopn that.

If you run any script in /etc/rc.d, you get:

polaris# /etc/rc.d/yppasswdd status
yppasswdd is running as pid 22262.

If you run ipfilter as root, you get:
polaris# /etc/rc.d/ipfilter forcestatus
ipf: IP Filter: v3.4.9 (264)
Kernel: IP Filter: v3.4.9               
Running: no
Log Flags: 0 = none set
Default: pass all, Logging: unavailable
Active list: 0

if you run it as a normal user, you get:
polaris% /etc/rc.d/ipfilter forcestatus
ipf: IP Filter: v3.4.9 (264)
open device: Permission denied

	
>How-To-Repeat:

Try running the script.
	
>Fix:
The status function should be rewritten to read ipf -V's output and
do the right thing.  While a PID might be impossible, running/not running
seems to be indicated.  The non-root-user behavior is unfortunate, and
perhaps cannot be fixed without mangling ipf.

The other functions should also be checked for thier output, as I have not
tried them.
	
>Release-Note:
>Audit-Trail:
>Unformatted: