From nobody  Thu Mar  5 00:55:29 1998
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA07068;
          Thu, 5 Mar 1998 00:55:29 -0800 (PST)
          (envelope-from nobody)
Message-Id: <199803050855.AAA07068@hub.freebsd.org>
Date: Thu, 5 Mar 1998 00:55:29 -0800 (PST)
From: vadim@gc.lviv.ua
To: freebsd-gnats-submit@freebsd.org
Subject: "ipfw" can't start if "named" on this computer
X-Send-Pr-Version: www-1.0

>Number:         5922
>Category:       conf
>Synopsis:       "ipfw" can't start if "named" on this computer
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar  5 01:00:01 PST 1998
>Closed-Date:    Thu Mar 5 16:38:47 PST 1998
>Last-Modified:  Thu Mar  5 16:40:19 PST 1998
>Originator:     Vadim Chekan
>Release:        2.2.5
>Organization:
Galitsky Kontrakty
>Environment:
FreeBSD gate.gc.lviv.ua 2.2.5-RELEASE FreeBSD 2.2.5-RELEASE #0: Thu Feb 26 16:51
:19 GMT 1998     root@gate.gc.lviv.ua:/usr/src/sys/compile/GATE  i386
>Description:
In configuration rc.firewall I use host names. But DNS is on this 
computer. In rc.network ipfw start before named, can't found host
(named is not running) and rules not loaded.
>How-To-Repeat:
Run named on some computer as ipfw and use in resolv.conf only this 
computer.
>Fix:
Move start ipfw after named in rc.network
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: alex 
State-Changed-When: Thu Mar 5 16:38:47 PST 1998 
State-Changed-Why:  
Sorry, but you'll have to use IP addresses instead of hostnames. 
ipfw must be started before network services such as named so that it 
may clear a channel for those services to communicate.  Starting named 
before initializing the firewall doesn't help because ipfw still won't 
be able to lookup names (because the firewall will reject the packets 
unless compiled with IPFIREWALL_DEFAULT_TO_ACCEPT). 
>Unformatted:
