ipv6_ipfilter_rules= is obsolete ?

Ernie Luzar luzar722 at gmail.com
Thu Jul 9 14:28:50 UTC 2020

Gary Jennejohn wrote:
> On Thu, 9 Jul 2020 10:27:02 +0800
> Marcelo Araujo <araujobsdport at gmail.com> wrote:
>> Em qui., 9 de jul. de 2020 __s 07:34, Rodney W. Grimes <
>> freebsd-rwg at gndrsh.dnsmgr.net> escreveu:
>>>> In /etc/defaults/rc.conf I see this
>>>> ipv6_ipfilter_rules="/etc/ipf6.rules"
>>>> # rules definition file for ipfilter,
>>>> # see /usr/src/contrib/ipfilter/rules for examples
>>>> man 8 ipf  says
>>>> ipf -6  ipv4 and ipv6 rules are stored in a single table and can be read
>>>> from a single file. This option is no longer required to load ipv6 rules.
>>>> I interrupt this to mean that the ipv6_ipfilter_rules="/etc/ipf6.rules"
>>>>    line in /etc/defaults/rc.conf is obsolete and should be removed
>>>> before RELEASE 13.0 is published for users to use.  
>>> Interesting, though I would not remove it.  It should be marked as
>>> depricated and the /etc/rc.d/ipfilter shell script updated to emit
>>> a warning that it is depricated, but it should still be processed
>>> to retain backwards compatibility and NOT lock someone out of a
>>> system who has just done an upgrade to a newer version.
>> Do you mean deprecated or depricated?
>> Got confused here! Sorry English is hard for non-native speakers.
> It's a typo - he meant deprecated.

This "retain backwards compatibility stuff" can be taken too far
backwards. I think ipfilter first can out with NO ipv6 support, then
ipv6 was added using 2 rule files, and later yet it was redesigned to
use a single rules file. Talking about way back around RELEASE 4.0. Now
ipfilter does not work with 2 rules files for a very long time. It's now
time to clean up the old ipv6 only stuff so the documentation and
/etc/rc.d/ipfilter boot script reflects how it works today. And another
thing to point out is the ipfilter source code has been forked and is
now under Freebsd maintainership.

More information about the freebsd-questions mailing list