From nobody@FreeBSD.ORG  Fri May 12 19:35:17 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 4B58B37B63D; Fri, 12 May 2000 19:35:17 -0700 (PDT)
Message-Id: <20000513023517.4B58B37B63D@hub.freebsd.org>
Date: Fri, 12 May 2000 19:35:17 -0700 (PDT)
From: larse@isi.edu
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: 4.0-STABLE: problem in rc.network (with patch)
X-Send-Pr-Version: www-1.0

>Number:         18521
>Category:       conf
>Synopsis:       4.0-STABLE: problem in rc.network (with patch)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 12 19:40:01 PDT 2000
>Closed-Date:    Sun Jul 22 08:35:14 PDT 2001
>Last-Modified:  Sun Jul 22 08:36:33 PDT 2001
>Originator:     Lars Eggert
>Release:        FreeBSD-4.0-STABLE
>Organization:
USC/ISI
>Environment:
FreeBSD hbo.isi.edu 4.0-STABLE FreeBSD 4.0-STABLE #36: Thu May 11 16:30:43 PDT 2000     larse@hbo.isi.edu:/usr/src/sys/compile/PRECISION  i386

>Description:
I've finally tracked down a strange problem that I've also seen under
3.X before. It seems that setting the NIS domain name in rc.network
before ipfw is initialized causes ipfw rule adds later on in 
the boot process to be extremely slow. (I see about a minute delay 
per rule).

Fix: Set the NIS domain name after ipfw is initialized.

Note: I've no idea why this fixes it, or why setting the NIS
      domain name would slow down ipfw to a crawl...
>How-To-Repeat:
Include these lines in /etc/rc.conf:

firewall_enable="client"
firewall_type="/etc/rc.firewall.local"

nisdomainname="mydomain"
nis_client_enable="YES"

Reboot.
>Fix:
--- rc.network  2000/03/31 01:54:16     1.3
+++ rc.network  2000/05/13 02:25:27
@@ -20,17 +20,6 @@
                echo -n ' hostname'
        fi
 
-       # Set the domainname if we're using NIS
-       #
-       case ${nisdomainname} in
-       [Nn][Oo] | '')
-               ;;
-       *)
-               domainname ${nisdomainname}
-               echo -n ' domain'
-               ;;
-       esac
-
        echo '.'
 
        # Initial ATM interface configuration
@@ -404,6 +393,17 @@
        case ${portmap_enable} in
        [Yy][Ee][Ss])
                echo -n ' portmap';     ${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
+               ;;
+       esac
+
+       # Set the domainname if we're using NIS
+       #
+       case ${nisdomainname} in
+       [Nn][Oo] | '')
+               ;;
+       *)
+               domainname ${nisdomainname}
+               echo -n ' domain'
                ;;
        esac
 


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dd 
State-Changed-When: Sun Jul 22 08:35:14 PDT 2001 
State-Changed-Why:  
If this is still a problem, the right fix is to fix ipfw.  The proposed patch 
is wrong not only because it masks the problem, but because NIS may be 
needed before ipfw is initialized: ipfw allows one to use DNS names instead 
of IP addresses on the command line, and NIS may be needed to resolve those 
names. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=18521 
>Unformatted:
