Re: git: 79e374217d69 - main - blocklist: Fix rcorder(8)

Reply: Jose Luis Duran : "Re: git: 79e374217d69 - main - blocklist: Fix rcorder(8)"
In reply to: Jose Luis Duran : "Re: git: 79e374217d69 - main - blocklist: Fix rcorder(8)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Mon, 27 Oct 2025 16:17:55 UTC

In message <CAPwQLce4Rrp_Vofg=MNyyFLXQPwuKgAShv3J9_hae9Rod4bQ7Q@mail.gmail.c
om>
, Jose Luis Duran writes:
> On Mon, Oct 27, 2025 at 12:58=E2=80=AFPM Cy Schubert <Cy.Schubert@cschubert=
> .com> wrote:
> >
> > In message <202510271547.59RFlnxW096622@gitrepo.freebsd.org>, Jose Luis
> > Duran w
> > rites:
> > > The branch main has been updated by jlduran:
> > >
> > > URL: https://cgit.FreeBSD.org/src/commit/?id=3D79e374217d69a98161fc91a2=
> 86dacf1f
> > > 78090894
> > >
> > > commit 79e374217d69a98161fc91a286dacf1f78090894
> > > Author:     Jose Luis Duran <jlduran@FreeBSD.org>
> > > AuthorDate: 2025-10-27 15:46:32 +0000
> > > Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
> > > CommitDate: 2025-10-27 15:46:32 +0000
> > >
> > >     blocklist: Fix rcorder(8)
> > >
> > >     The blocklist daemon depends on a packet filter in order to block.
> > >
> > >     Add all supported packet filters to the REQUIRE line, not just pf, =
> to
> > >     indicate rcorder(8) that it should start after the packet filter se=
> rvice
> > >     has started.
> > >
> > >     While here, change the mode of the rc file to include the executabl=
> e
> > >     bit, just like the rest of the files in the rc.d source directory.
> > >
> > >     Reviewed by:    0mp
> > >     MFC after:      2 days
> > >     Differential Revision:  https://reviews.freebsd.org/D53364
> > > ---
> > >  libexec/rc/rc.d/blacklistd | 2 +-
> > >  libexec/rc/rc.d/blocklistd | 2 +-
> > >  2 files changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/libexec/rc/rc.d/blacklistd b/libexec/rc/rc.d/blacklistd
> > > index 9157e258f43f..175e3e8c56b3 100755
> > > --- a/libexec/rc/rc.d/blacklistd
> > > +++ b/libexec/rc/rc.d/blacklistd
> > > @@ -29,7 +29,7 @@
> > >  #
> > >
> > >  # PROVIDE: blacklistd
> > > -# REQUIRE: netif pf
> > > +# REQUIRE: netif ipfilter ipfw pf
> >
> > This means all three, ipfilter AND ipfw AND pf, must be enabled and
> > started. What if one uses only one of the three?
>
> No, per rcorder(8) BUGS section:
>
> The REQUIRE keyword is misleading:
> It does not describe which daemons have to be running before a script
> will be started.
> It describes which scripts must be placed before it in the dependency order=
> ing.
>
> 0mp@ even suggests creating a FIREWALL(S) script to represent that an
> rc script should start after the firewall (any one or many) has
> started. I agree, but I cannot immediately submit a patch for it.

I stand corrected. Thanks.

>
> > >
> > >  . /etc/rc.subr
> > >
> > > diff --git a/libexec/rc/rc.d/blocklistd b/libexec/rc/rc.d/blocklistd
> > > old mode 100644
> > > new mode 100755
> > > index 24cbae77fd40..f979162ec3e0
> > > --- a/libexec/rc/rc.d/blocklistd
> > > +++ b/libexec/rc/rc.d/blocklistd
> > > @@ -29,7 +29,7 @@
> > >  #
> > >
> > >  # PROVIDE: blocklistd
> > > -# REQUIRE: netif pf
> > > +# REQUIRE: netif ipfilter ipfw pf
> >
> > Ditto.
> >
> > >
> > >  . /etc/rc.subr
> > >
> > >
> >
> >
> > --
> > Cheers,
> > Cy Schubert <Cy.Schubert@cschubert.com>
> > FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
> > NTP:           <cy@nwtime.org>    Web:  https://nwtime.org
> >
> >                         e**(i*pi)+1=3D0
> >
> >
>
>
> --=20
> Jose Luis Duran



-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e**(i*pi)+1=0