/etc/rc.d/ipsec starts not in time
tlambert2 at mindspring.com
Sat Nov 15 15:22:23 PST 2003
Hajimu UMEMOTO wrote:
> >>>>> Kostyuk Oleg <cub at cub.org.ua> said:
> cub> Problem is in order of starting /etc/rc.d/ipsec.
> cub> It must start BEFORE any network interaction,
> cub> may be even before configuring interfaces.
> cub> But I not sure in case with diskless mashines.
> cub> -# BEFORE: DAEMON
> cub> +# BEFORE: NETWORK
> It is not sufficient. There is setkey(8) in /usr/sbin. It means that
> we cannot protect NFS exported /usr by IPsec. If there is no
> objection, I wish to move setkey(8) into /sbin like NetBSD did.
This type of order inversion is common.
Can we simply delay exportation until later in the boot process?
Wouldn't this have the same effect?
More information about the freebsd-current