From nobody@FreeBSD.org  Fri Jun 25 10:22:39 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 716F2106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 25 Jun 2010 10:22:39 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 604AD8FC0C
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 25 Jun 2010 10:22:39 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o5PAMc2n024358
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 25 Jun 2010 10:22:38 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o5PAMcqD024357;
	Fri, 25 Jun 2010 10:22:38 GMT
	(envelope-from nobody)
Message-Id: <201006251022.o5PAMcqD024357@www.freebsd.org>
Date: Fri, 25 Jun 2010 10:22:38 GMT
From: Vitezslav Novy <vnovy@vnovy.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: call order of natd and ipfw startup scripts
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         148137
>Category:       conf
>Synopsis:       [ipfw] call order of natd and ipfw startup scripts
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    hrs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 25 10:30:01 UTC 2010
>Closed-Date:    
>Last-Modified:  Sat Jan 15 16:15:40 UTC 2011
>Originator:     Vitezslav Novy
>Release:        8.1-PRERELEASE
>Organization:
>Environment:
FreeBSD vn.chello.upc.cz 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #2: Thu Jun 24 10:46:33 CEST 2010     rumik@vn.chello.upc.cz:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
From 8.0-RELEASE ipfw startup script doesn't call natd startup script.
Also there is no information about call order of ipfw a natd startup
script. On my system ipfw is called before natd. If ipdivert module is
not loaded using loader.conf, natd loads it, but ipfw running before fail
to install divert rules. 
>How-To-Repeat:
Configure "open" type ipfw with userland natd and do not configure loading
of ipdivert in loader.conf. Use GENERIC kernel (without ipfw compiled in).
After reboot divert rules are not installed.
>Fix:
Define right order (natd, ipfw) of startup scripts
or
load ipdivert module in ipfw startup script if natd_enable="YES"
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-rc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Jun 27 04:16:16 UTC 2010 
Responsible-Changed-Why:  
I don't know if this is an issue more for the rc folks or for the ipfw folks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=148137 
Responsible-Changed-From-To: freebsd-rc->freebsd-ipfw 
Responsible-Changed-By: dougb 
Responsible-Changed-When: Sun Jun 27 04:43:52 UTC 2010 
Responsible-Changed-Why:  

I vote the latter. :) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=148137 

From: candy-sendpr@kgc.co.jp
To: bug-followup@FreeBSD.org, vnovy@vnovy.ne, freebsd-ipfw@FreeBSD.org
Cc: candy-sendpr@kgc.co.jp
Subject: Re: conf/148137: [ipfw] call order of natd and ipfw startup scripts
Date: Wed, 14 Jul 2010 10:41:57 +0900 (JST)

 Fix:
 Just copy 8.0-RELEASE version /etc/rc.d/ipfw script to your 8.1 box :-)
 
 
 It seems /etc/rc.d/ipfw 1.21.2.2's bug.
 
 <URL:http://www.jp.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw.diff?r1=text&tr1=1.21&r2=text&tr2=1.21.2.2>
 
 It moved `/etc/rc.d/natd quietstart' sequence
 from ipfw_start() to ipfw_poststart().
 
 Natd(8) must be started before ipfw(8) rules are proceeded.
 Should be in ipfw_prestart() or ipfw_start().
 
 
 > From 8.0-RELEASE ipfw startup script doesn't call natd startup script.
 > Also there is no information about call order of ipfw a natd startup
 > script. On my system ipfw is called before natd. If ipdivert module is
 > not loaded using loader.conf, natd loads it, but ipfw running before fail
 > to install divert rules.
 
 KANDA Toshihiro <candy-sendpr@kgc.co.jp>

From: Ceri Davies <ceri@submonkey.net>
To: FreeBSD Gnats Submit <freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: conf/148137
Date: Wed, 22 Dec 2010 22:48:39 +0000

 --6c2NcOVqGQ03X4Wi
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 This still seems to be a problem in 7.4-PRERELEASE too; the attached
 patch seems to fix it here.
 
 Ceri
 
 --6c2NcOVqGQ03X4Wi
 Content-Type: text/x-diff; charset=us-ascii
 Content-Disposition: attachment; filename="148137.diff"
 
 --- src/etc/rc.d/ipfw	2010-12-04 12:27:32.000000000 +0000
 +++ /etc/rc.d/ipfw	2010-12-22 19:38:14.000000000 +0000
 @@ -34,10 +34,19 @@
  
  ipfw_start()
  {
 +	local	_coscript
  	local   _firewall_type
  
  	_firewall_type=$1
  
 +	# Start firewall coscripts
 +	#
 +	for _coscript in ${firewall_coscripts} ; do
 +		if [ -f "${_coscript}" ]; then
 +			${_coscript} quietstart
 +		fi
 +	done
 +
  	# set the firewall rules script if none was specified
  	[ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
  
 @@ -60,16 +69,6 @@
  
  ipfw_poststart()
  {
 -	local	_coscript
 -
 -	# Start firewall coscripts
 -	#
 -	for _coscript in ${firewall_coscripts} ; do
 -		if [ -f "${_coscript}" ]; then
 -			${_coscript} quietstart
 -		fi
 -	done
 -
  	# Enable the firewall
  	#
  	${SYSCTL_W} net.inet.ip.fw.enable=1
 
 --6c2NcOVqGQ03X4Wi--
Responsible-Changed-From-To: freebsd-ipfw->hrs 
Responsible-Changed-By: hrs 
Responsible-Changed-When: Sat Jan 15 16:15:20 UTC 2011 
Responsible-Changed-Why:  
I'll take this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=148137 
>Unformatted:
