Subject: bin/35188: pf(4) configuration issues in default install
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <lukem@NetBSD.org>
List: netbsd-bugs
Date: 12/05/2006 10:45:01
>Number: 35188
>Category: bin
>Synopsis: pf(4) configuration file issues in default install
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue Dec 05 10:45:00 +0000 2006
>Originator: Luke Mewburn
>Release: -current as at 20061205
>Organization:
>Environment:
>Description:
1. /etc/pf.conf is an optional file.
A fresh install of NetBSD has /etc/pf.conf.
This is not necessary to use NetBSD out of the box.
As a sample file, it should be in /usr/share/examples/pf/.
postinstall(8) should not be copying in this file
if it does not exist.
2. /etc/pf.os could have 444 permissions ?
pf.os appears to be a static configuration file that (generally)
doesn't get updated by the end-user.
Should it be installed 444 instead of 644?
If so, usr.sbin/pf/etc/Makefile and postinstall(8) will need
to be updated.
3. If /etc/pf.os is a vendor file, postinstall(8) should always upgrade
Should we be treating /etc/pf.os as a "static" vendor-provided
configuration file?
I.e., one that the vendor updates, similar to a /etc/rc.d/,
/etc/defaults/, and the like.
If so, postinstall(8) should use compare_dir() instead of
populate_dir() for this file.
4. /etc/mtree/special should monitor /etc/pf*
/etc/mtree/special should have entries for pf.conf and pf.os.
In light of (1.) above, pf.conf would be tagged "optional".
>How-To-Repeat:
>Fix:
Trivial, once the answers are agreed upon.