From sean@dreamfire.net  Tue Nov 14 07:23:02 2000
Return-Path: <sean@dreamfire.net>
Received: from indigo.dreamfire.net (indigo.dreamfire.net [207.113.154.29])
	by hub.freebsd.org (Postfix) with ESMTP id E641037B4CF
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 14 Nov 2000 07:22:58 -0800 (PST)
Received: from valiant.pcl.dreamfire.net (valiant.dreamfire.net [24.11.227.21])
	by indigo.dreamfire.net (Postfix) with ESMTP id 159719454
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 14 Nov 2000 07:22:57 -0800 (PST)
Received: by valiant.pcl.dreamfire.net (Postfix, from userid 1000)
	id 45B69E8804; Tue, 14 Nov 2000 07:22:57 -0800 (PST)
Message-Id: <20001114152257.45B69E8804@valiant.pcl.dreamfire.net>
Date: Tue, 14 Nov 2000 07:22:57 -0800 (PST)
From: sean@seanrees.com
Sender: sean@dreamfire.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: rc.firewall does not install NAT rules
X-Send-Pr-Version: 3.2

>Number:         22843
>Category:       conf
>Synopsis:       rc.firewall will not install NAT rules if firewall_type is "custom"
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    ru
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 14 07:30:01 PST 2000
>Closed-Date:    Wed Nov 15 00:06:50 PST 2000
>Last-Modified:  Wed Nov 15 00:13:35 PST 2000
>Originator:     Sean-Paul Rees
>Release:        FreeBSD 4.1.1-STABLE i386
>Organization:
>Environment:

	4.1.1-STABLE with 4.2-BETA userland from 10-Nov-2000. rc.firewall
	1.30.2.7 from 2000/10/30

>Description:

	If one has firewall_type != open or != client in /etc/rc.conf, *AND*
	natd_enable="yes", rc.firewall will not install the natd firewall
	divert rule.
	
>How-To-Repeat:

	Install default rc.firewall and rc.network, set
	firewall_type="/etc/ipfw.rules" and natd_enable="yes"

>Fix:

	Hack rc.firewall - I changed line 105-106 to say:

	case ${firewall_type} in
	*)

	Or, add a new rc.conf entry with natd_fw_rule="yes".

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: jedgar 
Responsible-Changed-When: Tue Nov 14 13:15:16 PST 2000 
Responsible-Changed-Why:  
Misfiled PR 

http://www.freebsd.org/cgi/query-pr.cgi?pr=22843 
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Wed Nov 15 00:06:50 PST 2000 
State-Changed-Why:  
This change was intentional: 

RCS file: /home/ncvs/src/etc/rc.firewall,v 
Working file: rc.firewall 
head: 1.38 
branch: 
locks: strict 
access list: 
keyword substitution: kv 
total revisions: 61;    selected revisions: 2 
description: 
---------------------------- 
revision 1.37 
date: 2000/08/30 13:14:32;  author: ru;  state: Exp;  lines: +2 -4 
Only install `divert natd' rule for predefined firewall types, 
not when ${firewall_type} is set to a filename, as we know 
nothing about user's script specifics. 

Reported by:	Bernhard Valenti <bernhard.valenti@gmx.net> 
---------------------------- 
revision 1.30.2.6 
date: 2000/09/21 07:44:53;  author: ru;  state: Exp;  lines: +2 -4 
MFC: (rev 1.37) only install `divert natd' rule for predefined types. 
===================================================================== 


Responsible-Changed-From-To: freebsd-bugs->ru 
Responsible-Changed-By: ru 
Responsible-Changed-When: Wed Nov 15 00:06:50 PST 2000 
Responsible-Changed-Why:  
I did this change. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=22843 
>Unformatted:
