From olgeni@colby.it  Thu Mar 11 05:51:53 2004
Return-Path: <olgeni@colby.it>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6A6F016A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 11 Mar 2004 05:51:53 -0800 (PST)
Received: from server.localdomain.net (unknown [81.208.57.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6D20243D4C
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 11 Mar 2004 05:51:51 -0800 (PST)
	(envelope-from olgeni@colby.it)
Received: from server.localdomain.net (localhost [127.0.0.1])
	by server.localdomain.net (8.12.9p2/8.12.8) with ESMTP id i2BDpngN041652
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 11 Mar 2004 14:51:50 +0100 (CET)
	(envelope-from olgeni@server.localdomain.net)
Received: (from olgeni@localhost)
	by server.localdomain.net (8.12.9p2/8.12.9/Submit) id i2BDpmiP041641;
	Thu, 11 Mar 2004 14:51:48 +0100 (CET)
	(envelope-from olgeni)
Message-Id: <200403111351.i2BDpmiP041641@server.localdomain.net>
Date: Thu, 11 Mar 2004 14:51:48 +0100 (CET)
From: Jimmy Olgeni <g.olgeni@colby.it>
Reply-To: Jimmy Olgeni <g.olgeni@colby.it>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: rc.d: incorrect depencency between ipfilter and ipmon
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         64106
>Category:       bin
>Synopsis:       rc.d: incorrect depencency between ipfilter and ipmon
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 11 06:00:34 PST 2004
>Closed-Date:    Sat Apr 24 01:12:31 PDT 2004
>Last-Modified:  Sat Apr 24 01:12:31 PDT 2004
>Originator:     Jimmy Olgeni
>Release:        FreeBSD 5.2.1-RELEASE i386
>Organization:
Colby
>Environment:

	5.2.1-RELEASE, -CURRENT.

>Description:

The ipmon script in rc.d checks if either ipfilter_enable or ipnat_enable
are set, as it needs the ipl.ko module to work.

Unfortunately, the rc.d/ipfilter script has ipmon listed in its REQUIRED
line, so ipmon will never have a chance to start after ipfilter. If
ipfilter is not compiled into the kernel, ipmon will always fail to start
from rc.d at boot time.

>How-To-Repeat:

Set ipfilter_enable and ipmon_enable in rc.conf, then reboot and check
for the following console messages:

console: Setting hostname: whatever.it.is
console: /etc/rc: ERROR: ipfilter module is not loaded
 kernel: IP Filter: v3.4.31 initialized.  Default = pass all, Logging = enabled
console: /etc/rc: WARNING: IP-filter: NO IPF RULES
console: lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

>Fix:

The rc.d/ipmon script should "REQUIRE" ipfilter, not the other way around.
As ipnat also requires ipfilter, this should take care of any ipnat issues.
>Release-Note:
>Audit-Trail:

From: Jimmy Olgeni <g.olgeni@colby.it>
To: freebsd-gnats-submit@FreeBSD.org, g.olgeni@colby.it
Cc:  
Subject: Re: bin/64106: rc.d: incorrect depencency between ipfilter and ipmon
Date: Wed, 17 Mar 2004 22:18:10 +0100

 This should sort them out.
 
 Index: ipfilter
 ===================================================================
 RCS file: /home/ncvs/src/etc/rc.d/ipfilter,v
 retrieving revision 1.19
 diff -u -r1.19 ipfilter
 --- ipfilter	8 Mar 2004 12:25:05 -0000	1.19
 +++ ipfilter	17 Mar 2004 21:11:12 -0000
 @@ -5,7 +5,7 @@
   #
 
   # PROVIDE: ipfilter
 -# REQUIRE: root mountcritlocal ipmon
 +# REQUIRE: root mountcritlocal
   # BEFORE:  netif
   # KEYWORD: FreeBSD nojail
 
 Index: ipmon
 ===================================================================
 RCS file: /home/ncvs/src/etc/rc.d/ipmon,v
 retrieving revision 1.9
 diff -u -r1.9 ipmon
 --- ipmon	8 Mar 2004 12:25:05 -0000	1.9
 +++ ipmon	17 Mar 2004 21:11:12 -0000
 @@ -5,7 +5,7 @@
   #
 
   # PROVIDE: ipmon
 -# REQUIRE: mountcritlocal hostname sysctl cleanvar
 +# REQUIRE: mountcritlocal hostname sysctl cleanvar ipfilter
   # BEFORE:  SERVERS
   # KEYWORD: FreeBSD nojail
 
State-Changed-From-To: open->closed 
State-Changed-By: olgeni 
State-Changed-When: Sat Apr 24 01:11:01 PDT 2004 
State-Changed-Why:  
Fixed by darrenr@ (src/etc/rc.d/ipfilter 1.21, src/etc/rc.d/ipmoN 1.11). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=64106 
>Unformatted:
