/etc/rc.d/ipsec starts not in time

Hajimu UMEMOTO ume at mahoroba.org
Sat Nov 15 02:54:17 PST 2003


Hi,

>>>>> On Sun, 02 Nov 2003 15:49:35 +0200
>>>>> Kostyuk Oleg <cub at cub.org.ua> said:

cub> 	Problem is in order of starting /etc/rc.d/ipsec.
cub> 	It must start BEFORE any network interaction,
cub> 	may be even before configuring interfaces.
cub> 	But I not sure in case with diskless mashines.

cub> 	-# BEFORE:  DAEMON
cub> 	+# BEFORE:  NETWORK

It is not sufficient.  There is setkey(8) in /usr/sbin.  It means that
we cannot protect NFS exported /usr by IPsec.  If there is no
objection, I wish to move setkey(8) into /sbin like NetBSD did.

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org  ume at bisd.hitachi.co.jp  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/


More information about the freebsd-current mailing list