/etc/rc.d/ipsec starts not in time
Hajimu UMEMOTO
ume at mahoroba.org
Sat Nov 15 02:54:17 PST 2003
Hi,
>>>>> On Sun, 02 Nov 2003 15:49:35 +0200
>>>>> Kostyuk Oleg <cub at cub.org.ua> said:
cub> Problem is in order of starting /etc/rc.d/ipsec.
cub> It must start BEFORE any network interaction,
cub> may be even before configuring interfaces.
cub> But I not sure in case with diskless mashines.
cub> -# BEFORE: DAEMON
cub> +# BEFORE: NETWORK
It is not sufficient. There is setkey(8) in /usr/sbin. It means that
we cannot protect NFS exported /usr by IPsec. If there is no
objection, I wish to move setkey(8) into /sbin like NetBSD did.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org ume at bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
More information about the freebsd-current
mailing list