[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

man ipf and /etc/rc.conf

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: man ipf and /etc/rc.conf
From: Alexander_(_dot_)_Farber_(_at_)_t-online_(_dot_)_de (Alexander Farber)
Date: Sun, 04 Mar 2001 00:31:12 +0100

Why does "man ipf" (and FAQ) say:

     ... the following command will flush the kernel's current
     ruleset, install the new ruleset, and enable (-E) ipf:

           ipf -Fa -f /etc/ipf.rules -E

     (This is the exact command executed by the /etc/rc script at 
      boot-time if ipfilter=YES in /etc/rc.conf.)

But if I look into the file /etc/netstart, I see only:

    # Configure the IP filter before configuring network interfaces
    if [ X"${ipfilter}" = X"YES" -a -f "${ipfilter_rules}" ]; then
            echo 'configuring IP filter'
            ipf -Fa -f ${ipfilter_rules}
    else 
            ipfilter=NO

ie. without the -E switch? I ask this, because I have let the lines

   ipfilter=NO
   ipnat=NO                # for "YES" ipfilter must also be "YES"
   ...
   ipfilter_rules=/etc/ipf.rules   # Rules for IP packet filtering
   ipnat_rules=/etc/ipnat.rules    # Rules for Network Address Translation

in the /etc/rc.conf and am starting the ipf and ipnat in the
/etc/ppp/ppp.linkup file instead:

tonline:
    ! /sbin/ipf -Fa -f /etc/ipf.rules
    ! /sbin/ipnat -CF -f /etc/ipnat.rules

And if I use the switch -E above, I get a warning that ipf 
is already enabled (but I wonder how? I have "ipfilter=NO").

Thanks
Alex

-- 
http://home.t-online.de/home/Alexander.Farber/

Follow-Ups:
- Re: man ipf and /etc/rc.conf
  - From: Alexander Farber

Prev by Date: Userland ppp: Where does the output of /etc/ppp/ppp.linkup go?
Next by Date: Re: man ipf and /etc/rc.conf
Previous by thread: Userland ppp: Where does the output of /etc/ppp/ppp.linkup go?
Next by thread: Re: man ipf and /etc/rc.conf
Index(es):
- Date
- Thread

Visit your host, monkey.org