rc.d/natd loads ipdivert.ko too late
Mykola Dzham
i at levsha.me
Thu Nov 18 22:31:06 UTC 2010
Currently starting natd moved to separate script rc.d/natd . In this
script ipdivert is set in required_modules . But rc.d/natd called from
rc.firewall after loading firewall rules.
As result, when no ipdivert in kernel, firewall_type is OPEN or CLIENT
and natd_enable is set to yes, rc.firewall attempt to add rule
${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface}
and error
ipfw: getsockopt(IP_FW_ADD): Invalid argument
occurs.
I think correct solution is add natd_enable checking into ipfw prestart
function (patch attached). Is this correct?
--
LEFT-(UANIC|RIPE)
JID: levsha at jabber.net.ua
PGP fingerprint: 1BCD 7C80 2E04 7282 C944 B0E0 7E67 619E 4E72 9280
More information about the freebsd-rc
mailing list