Regression in /etc/rc.conf.d support
Sean McNeil
sean at mcneil.com
Thu Jun 14 22:47:07 UTC 2007
I don't know why this was done, but now we are no longer able to place
firewall rule info as once possible in /etc/rc.conf.d/ipfw. I had
firewall_enable="YES"
firewall_type="/etc/fw/rc.firewall.rules"
firewall_quiet="YES"
and now the last two variables no longer make it into /etc/rc.firewall.
They have to be placed in /etc/rc.conf or /etc/rc.conf.local which is
what /etc/rc.conf.d was trying to mitigate.
I see:
Revision *1.15*: download
<http://www.freebsd.org/cgi/cvsweb.cgi/%7Echeckout%7E/src/etc/rc.d/ipfw?rev=1.15;content-type=text%2Fplain>
- view: text
<http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?rev=1.15;content-type=text%2Fplain>,
annotated
<http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?annotate=1.15>
- select for diffs
<http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?r1=1.15#rev1.15>
/Mon Apr 2 15:38:53 2007 UTC/ (2 months, 1 week ago) by /mtm/
Branches: MAIN
<http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?only_with_tag=MAIN>
CVS tags: HEAD
<http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw?only_with_tag=HEAD>
Instead of directly sourcing the firewall script, run it in a separate shell.
If the firewall script is sourced directly from the script, then any
exit statements in it will also terminate the rc.d script prematurely.
I think this should be reverted and anyone using exit statements in
their firewall_script should be told to remove them. It certainly
should not have been MFCd.
Cheers,
Sean
More information about the freebsd-stable
mailing list