Subject: bin/35188: pf(4) configuration issues in default install
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <lukem@NetBSD.org>
List: netbsd-bugs
Date: 12/05/2006 10:45:01
>Number:         35188
>Category:       bin
>Synopsis:       pf(4) configuration file issues in default install
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Dec 05 10:45:00 +0000 2006
>Originator:     Luke Mewburn
>Release:        -current as at 20061205
>Organization:
>Environment:
>Description:

    1. /etc/pf.conf is an optional file.

	A fresh install of NetBSD has /etc/pf.conf.
	This is not necessary to use NetBSD out of the box.

	As a sample file, it should be in /usr/share/examples/pf/.

	postinstall(8) should not be copying in this file
	if it does not exist.


    2. /etc/pf.os could have 444 permissions ?

	pf.os appears to be a static configuration file that (generally)
	doesn't get updated by the end-user.
	Should it be installed 444 instead of 644?

	If so, usr.sbin/pf/etc/Makefile and postinstall(8) will need 
	to be updated.


    3.	If /etc/pf.os is a vendor file, postinstall(8) should always upgrade

	Should we be treating /etc/pf.os as a "static" vendor-provided
	configuration file?
	I.e., one that the vendor updates, similar to a /etc/rc.d/,
	/etc/defaults/, and the like.

	If so, postinstall(8) should use compare_dir() instead of
	populate_dir() for this file.


    4. /etc/mtree/special should monitor /etc/pf*

	/etc/mtree/special should have entries for pf.conf and pf.os.

	In light of (1.) above, pf.conf would be tagged "optional".


>How-To-Repeat:
>Fix:

	Trivial, once the answers are agreed upon.