From pjones@pmade.org  Wed Mar 13 16:37:10 2002
Return-Path: <pjones@pmade.org>
Received: from pmade.org (pmade.org [206.157.70.61])
	by hub.freebsd.org (Postfix) with ESMTP id 5C83E37B419
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 13 Mar 2002 16:37:10 -0800 (PST)
Received: (from pjones@localhost)
	by pmade.org (8.11.6/8.11.6) id g2E0bAb03963;
	Wed, 13 Mar 2002 16:37:10 -0800 (PST)
	(envelope-from pjones)
Message-Id: <200203140037.g2E0bAb03963@pmade.org>
Date: Wed, 13 Mar 2002 16:37:10 -0800 (PST)
From: Peter J Jones <pjones@pmade.org>
Reply-To: Peter J Jones <pjones@pmade.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: rc.firewall? does not setup lo0
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         35877
>Category:       conf
>Synopsis:       rc.firewall? does not setup lo0
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 13 16:40:01 PST 2002
>Closed-Date:    Wed Mar 13 21:58:43 PST 2002
>Last-Modified:  Wed Mar 13 22:00:02 PST 2002
>Originator:     Peter Jones
>Release:        FreeBSD 4.5-STABLE i386
>Organization:
>Environment:
4.5-STABLE as of 03-12-2002
System: FreeBSD pmade.org 4.5-STABLE FreeBSD 4.5-STABLE #0: Tue Mar 12 19:47:49 PST 2002 pjones@pmade.org:/usr/src/sys/compile/KERNEL i386


>Description:
    Default behavior of the /etc/rc.firewall and /etc/rc.firewall6 scripts
has changed for systems that use firewall_type="somefile", where somefile
is an exteral file with firewall rules. Before 4.5-STABLE the rc.firewall?
scripts would setup the loopback interface with the correct firewall rules.

The scripts no longer setup the loopback interface. I don't know if we
should update our firewall script or the rc.firewall? files. Here is a patch
anyway.

>How-To-Repeat:
   cvsup to 4.5-STABLE. Use a firewall script. ipfw list.

>Fix:
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	rc.firewall.patch
#	rc.firewall6.patch
#
echo x - rc.firewall.patch
sed 's/^X//' >rc.firewall.patch << 'END-of-rc.firewall.patch'
X--- rc.firewall.orig	Wed Mar 13 16:15:04 2002
X+++ rc.firewall	Wed Mar 13 16:16:03 2002
X@@ -294,6 +294,7 @@
X [Uu][Nn][Kk][Nn][Oo][Ww][Nn])
X 	;;
X *)
X+	setup_loopback
X 	if [ -r "${firewall_type}" ]; then
X 		${fwcmd} ${firewall_flags} ${firewall_type}
X 	fi
END-of-rc.firewall.patch
echo x - rc.firewall6.patch
sed 's/^X//' >rc.firewall6.patch << 'END-of-rc.firewall6.patch'
X--- rc.firewall6.orig	Wed Mar 13 16:17:09 2002
X+++ rc.firewall6	Wed Mar 13 16:17:31 2002
X@@ -279,6 +279,7 @@
X [Uu][Nn][Kk][Nn][Oo][Ww][Nn])
X 	;;
X *)
X+	setup_local
X 	if [ -r "${ipv6_firewall_type}" ]; then
X 		${fw6cmd} ${ipv6_firewall_flags} ${ipv6_firewall_type}
X 	fi
END-of-rc.firewall6.patch
exit

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: cjc 
State-Changed-When: Wed Mar 13 21:58:43 PST 2002 
State-Changed-Why:  
This is the correct behavior. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=35877 

From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Peter J Jones <pjones@pmade.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: conf/35877: rc.firewall? does not setup lo0
Date: Wed, 13 Mar 2002 21:58:33 -0800

 On Wed, Mar 13, 2002 at 04:37:10PM -0800, Peter J Jones wrote:
 [snip]
 
 > >Description:
 >     Default behavior of the /etc/rc.firewall and /etc/rc.firewall6 scripts
 > has changed for systems that use firewall_type="somefile", where somefile
 > is an exteral file with firewall rules. Before 4.5-STABLE the rc.firewall?
 > scripts would setup the loopback interface with the correct firewall rules.
 > 
 > The scripts no longer setup the loopback interface. I don't know if we
 > should update our firewall script or the rc.firewall? files. Here is a patch
 > anyway.
 
 This is the intended behavior. People who track -STABLE should keep an
 eye on freebsd-stable@freebsd.org,
 
   http://docs.freebsd.org/cgi/getmsg.cgi?fetch=310047+0+archive/2002/freebsd-stable/20020303.freebsd-stable
 
 
 -- 
 Crist J. Clark                     |     cjclark@alum.mit.edu
                                    |     cjclark@jhu.edu
 http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
>Unformatted:
