[CFR] unified rc.firewall
Doug Barton
dougb at FreeBSD.org
Sun Nov 22 19:12:27 UTC 2009
Hajimu UMEMOTO wrote:
> Hi,
>
> The ipfw and ip6fw were unified into ipfw2, now. But, we still have
> rc.firewall and rc.firewall6. However, there are conflicts with each
> other, and it confuses the users, IMHO.
> So, I made a patch to unify rc.firewall and rc.firewall6, and obsolete
> rc.firewall6 and rc.d/ip6fw.
> Please review the attached patch. If there is no objection, I'll
> commit it in next weekend.
Overall I think this is good, and I'm definitely in favor of more
integration of IPv6 into the mainstream rather than something that is
glued on.
A few comments:
In rc.firewall you seem to have copied afexists() from network.subr.
Is there a reason that you did not simply source that file? That would
be the preferred method. Also in that file you call "if afexists
inet6" quite a few times. My preference from a performance standpoint
would be to call it once, perhaps in a start_precmd then cache the value.
And of course, you have regression tested this thoroughly, yes? :)
Please include scenarios where there is no INET6 in the kernel as well.
hth,
Doug
--
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
More information about the freebsd-current
mailing list