/etc/rc.d/ipsec starts not in time

Terry Lambert tlambert2 at mindspring.com
Sat Nov 15 15:22:23 PST 2003


Hajimu UMEMOTO wrote:
> >>>>> Kostyuk Oleg <cub at cub.org.ua> said:
> 
> cub>    Problem is in order of starting /etc/rc.d/ipsec.
> cub>    It must start BEFORE any network interaction,
> cub>    may be even before configuring interfaces.
> cub>    But I not sure in case with diskless mashines.
> 
> cub>    -# BEFORE:  DAEMON
> cub>    +# BEFORE:  NETWORK
> 
> It is not sufficient.  There is setkey(8) in /usr/sbin.  It means that
> we cannot protect NFS exported /usr by IPsec.  If there is no
> objection, I wish to move setkey(8) into /sbin like NetBSD did.

This type of order inversion is common.

Can we simply delay exportation until later in the boot process?
Wouldn't this have the same effect?

-- Terry


More information about the freebsd-current mailing list