rc.order wrong (ipfw)

Oliver Fromme olli at lurza.secnetix.de
Fri Mar 16 11:52:35 UTC 2007 

JoaoBR <joao at matik.com.br> wrote:
 > On Friday 16 March 2007 07:51, Oliver Fromme wrote:
 > > JoaoBR <joao at matik.com.br> wrote:
 > > > since some time now it seems ipfw starts first of all, I think that is
 > > > not correct
 > > 
 > > No, it starts after networking is up, which is the correct
 > > behaviour, I think.
 > 
 > it should

Sorry, I made a typo there.  Of course IPFW rules must be
in effect as a prerequisite to NETWORKING.  So I meant to
say _before_, not after.

 > 
 > > > rcorder: file `/etc/rc.d/ipfw' is before unknown provision `NETWORKING'
 > > > rcorder: requirement `ppp' in file `/etc/rc.d/ipfw' has no providers.
 > > 
 > > That sounds like you have accidentally deleted the files
 > > /etc/rc.d/NETWORKING and /etc/rc.d/ppp (or forgot to run
 > > mergemaster properly after an update).
 > 
 > noo, both are there 

Then they are broken on your machine.  Did you check the
"provide" and "require" lines in them?  The ordering works
perfectly fine for me on all of my machines.

 > even if working as supposed NETWORKING is ordered before syslogd and ipfw 
 > should better start after syslogd

No, the packet filter and forwarding rules must be in
effect as early as possible, i.e. before any network
daemons are started (which includes syslogd).  There-
fore it must be a requirement of NETWORKING.

If IPFW rules where loaded after daemons such as syslogd
are started, that would break several of my machines.
(And on some others which have "default to accept" it
would even open a security hole by introducing a race-
condition.)

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"Python tricks" is a tough one, cuz the language is so clean. E.g.,
C makes an art of confusing pointers with arrays and strings, which
leads to lotsa neat pointer tricks; APL mistakes everything for an
array, leading to neat one-liners; and Perl confuses everything
period, making each line a joyous adventure <wink>.
        -- Tim Peters

More information about the freebsd-stable mailing list