rc.d/natd loads ipdivert.ko too late

Mykola Dzham i at levsha.me
Thu Nov 18 22:31:06 UTC 2010


Currently starting natd moved to separate script rc.d/natd . In this
script ipdivert is set in required_modules . But rc.d/natd called from
rc.firewall after loading firewall rules.
As result, when no ipdivert in kernel, firewall_type is OPEN or CLIENT
and natd_enable is set to yes, rc.firewall attempt to add rule
${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface}
and error
ipfw: getsockopt(IP_FW_ADD): Invalid argument
occurs.

I think correct solution is add natd_enable checking into ipfw prestart
function (patch attached). Is this correct?

-- 
LEFT-(UANIC|RIPE)
JID: levsha at jabber.net.ua
PGP fingerprint: 1BCD 7C80 2E04 7282 C944  B0E0 7E67 619E 4E72 9280


More information about the freebsd-rc mailing list