From pete@ns.altadena.net  Sun Aug  2 21:58:56 1998
Received: from ns.altadena.net (ns.altadena.net [206.126.144.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA25943
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 2 Aug 1998 21:58:55 -0700 (PDT)
          (envelope-from pete@ns.altadena.net)
Received: (from pete@localhost)
	by ns.altadena.net (8.9.1/8.8.6) id VAA02596;
	Sun, 2 Aug 1998 21:58:31 -0700 (PDT)
Message-Id: <199808030458.VAA02596@ns.altadena.net>
Date: Sun, 2 Aug 1998 21:58:31 -0700 (PDT)
From: pete@altadena.net
Reply-To: pete@altadena.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: IPFW problem
X-Send-Pr-Version: 3.2

>Number:         7475
>Category:       bin
>Synopsis:       IPFW -q conflicts with filename arg
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug  2 22:00:00 PDT 1998
>Closed-Date:    Tue Aug 4 06:55:54 PDT 1998
>Last-Modified:  Tue Aug  4 06:56:54 PDT 1998
>Originator:     Pete Carah
>Release:        FreeBSD 2.2.7-STABLE i386
>Organization:
Altadena Internet
>Environment:

	Multiple interfaces, using IPFW for policy

>Description:

	Using a filename as argument to firewall_type in rc.conf,
	results in a boot failure because ipfw will not accept a -q
	option if a filename is given.  I have worked around this
	by replacing the last line in rc.firewall with
	ipfw ${firewall_type} </dev/null

	The -q (or redirection) should be needed since the leading flush in
	the firewall config file makes the boot hang otherwise.  However,
	when the config is coming from a file, there appears to be no
	way to make ipfw accept a -q.

>How-To-Repeat:

	See Description

>Fix:
	
	The first time I ran into this I did a minor rewrite to ipfw
	so it would parse arguments correctly; it currently uses getopt 
	improperly.  Then I did a make world and lost my fixes :-(  
	The removal of -q from that last command line, and redirect of 
	stdin from /dev/null at least works around the problem, though 
	it isn't a real fix.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->suspended 
State-Changed-By: phk 
State-Changed-When: Tue Aug 4 02:38:06 PDT 1998 
State-Changed-Why:  
awaiting committer 
State-Changed-From-To: suspended->closed 
State-Changed-By: thepish 
State-Changed-When: Tue Aug 4 06:55:54 PDT 1998 
State-Changed-Why:  
Fixed by providing support for -q with file input in RELENG 

>Unformatted:

