Re: git: 79e374217d69 - main - blocklist: Fix rcorder(8)

Reply: Cy Schubert : "Re: git: 79e374217d69 - main - blocklist: Fix rcorder(8)"
In reply to: Cy Schubert : "Re: git: 79e374217d69 - main - blocklist: Fix rcorder(8)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Jose Luis Duran <jlduran_at_freebsd.org>
Date: Mon, 27 Oct 2025 16:04:16 UTC

On Mon, Oct 27, 2025 at 12:58 PM Cy Schubert <Cy.Schubert@cschubert.com> wrote:
>
> In message <202510271547.59RFlnxW096622@gitrepo.freebsd.org>, Jose Luis
> Duran w
> rites:
> > The branch main has been updated by jlduran:
> >
> > URL: https://cgit.FreeBSD.org/src/commit/?id=79e374217d69a98161fc91a286dacf1f
> > 78090894
> >
> > commit 79e374217d69a98161fc91a286dacf1f78090894
> > Author:     Jose Luis Duran <jlduran@FreeBSD.org>
> > AuthorDate: 2025-10-27 15:46:32 +0000
> > Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
> > CommitDate: 2025-10-27 15:46:32 +0000
> >
> >     blocklist: Fix rcorder(8)
> >
> >     The blocklist daemon depends on a packet filter in order to block.
> >
> >     Add all supported packet filters to the REQUIRE line, not just pf, to
> >     indicate rcorder(8) that it should start after the packet filter service
> >     has started.
> >
> >     While here, change the mode of the rc file to include the executable
> >     bit, just like the rest of the files in the rc.d source directory.
> >
> >     Reviewed by:    0mp
> >     MFC after:      2 days
> >     Differential Revision:  https://reviews.freebsd.org/D53364
> > ---
> >  libexec/rc/rc.d/blacklistd | 2 +-
> >  libexec/rc/rc.d/blocklistd | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libexec/rc/rc.d/blacklistd b/libexec/rc/rc.d/blacklistd
> > index 9157e258f43f..175e3e8c56b3 100755
> > --- a/libexec/rc/rc.d/blacklistd
> > +++ b/libexec/rc/rc.d/blacklistd
> > @@ -29,7 +29,7 @@
> >  #
> >
> >  # PROVIDE: blacklistd
> > -# REQUIRE: netif pf
> > +# REQUIRE: netif ipfilter ipfw pf
>
> This means all three, ipfilter AND ipfw AND pf, must be enabled and
> started. What if one uses only one of the three?

No, per rcorder(8) BUGS section:

The REQUIRE keyword is misleading:
It does not describe which daemons have to be running before a script
will be started.
It describes which scripts must be placed before it in the dependency ordering.

0mp@ even suggests creating a FIREWALL(S) script to represent that an
rc script should start after the firewall (any one or many) has
started. I agree, but I cannot immediately submit a patch for it.

> >
> >  . /etc/rc.subr
> >
> > diff --git a/libexec/rc/rc.d/blocklistd b/libexec/rc/rc.d/blocklistd
> > old mode 100644
> > new mode 100755
> > index 24cbae77fd40..f979162ec3e0
> > --- a/libexec/rc/rc.d/blocklistd
> > +++ b/libexec/rc/rc.d/blocklistd
> > @@ -29,7 +29,7 @@
> >  #
> >
> >  # PROVIDE: blocklistd
> > -# REQUIRE: netif pf
> > +# REQUIRE: netif ipfilter ipfw pf
>
> Ditto.
>
> >
> >  . /etc/rc.subr
> >
> >
>
>
> --
> Cheers,
> Cy Schubert <Cy.Schubert@cschubert.com>
> FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
> NTP:           <cy@nwtime.org>    Web:  https://nwtime.org
>
>                         e**(i*pi)+1=0
>
>


-- 
Jose Luis Duran