misc/123119: rc script for ipfw does not handle IPv6
Kevin at es.net
Kevin at es.net
Sat Apr 26 19:50:02 UTC 2008
>Number: 123119
>Category: misc
>Synopsis: rc script for ipfw does not handle IPv6
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Apr 26 19:50:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Kevin Oberman
>Release: FreeBSD 7.0-STABLE i386
>Organization:
ESnet--The Energy Sciences Network
>Environment:
System: FreeBSD slan.es.net 7.0-STABLE FreeBSD 7.0-STABLE #0: Fri Apr 25 11:32:19 PDT 2008 root at slan.es.net:/usr/obj/usr/src/sys/IBM-T43 i386
>Description:
/etc/rc.d/ipfw only sets and clears the sysctl to enable or disable
IPv4. A check for ipv6_eanble and the IPv6 sysctl need to be added.
>How-To-Repeat:
On a system running IPv6 and IPv4, stop IPFW. It only stops for IPv4
>Fix:
There might be better ways to check on IPv6, but this was the obvious one.
# diff -u ipfw.orig ipfw
--- ipfw.orig 2008-04-26 12:34:16.000000000 -0700
+++ ipfw 2008-04-25 15:39:41.000000000 -0700
@@ -44,6 +44,9 @@
# Enable the firewall
#
${SYSCTL_W} net.inet.ip.fw.enable=1
+ if checkyesno ipv6_enable; then
+ sysctl net.inet6.ip6.fw.enable=1 >/dev/null
+ fi
}
ipfw_stop()
@@ -51,6 +54,10 @@
# Disable the firewall
#
${SYSCTL_W} net.inet.ip.fw.enable=0
+ if checkyesno ipv6_enable; then
+ sysctl net.inet6.ip6.fw.enable=0
+ fi
+
if [ -f /etc/rc.d/natd ] ; then
/etc/rc.d/natd stop
fi
@@ -58,4 +65,3 @@
load_rc_config $name
run_rc_command "$1"
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list