Bug 26275

Summary: ipfilter_enable in rc.conf does not load kld
Product: Base System Reporter: thomas+freebsd <thomas+freebsd>
Component: confAssignee: Darern Reed <darrenr>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description thomas+freebsd 2001-04-01 22:20:01 UTC 
ipfilter_enable and ipnat_enable in rc.conf is next to useless, because:

1) ipfilter_enable will only work if it's built into the kernel. Unlike
ipfw, it will not test to see if it's loaded, and load it's kernel module. This
definitely breaks 'principle of least suprise'. 

2) ipnat_enable will only work if /etc/ipf.rules exists. This assumption
does not work very well for people who are just setting up a basic NAT, and
don't need to (yet) set up any firewalling.

This is definitely a big support problem on the IRC channels. The patch
included fixes both of these problems. I'd love to see this committed for
4.3-RELEASE, to save on all the confusion we have in #FreeBSDhelp.

Fix: This patch applies cleanly to 4.3-RC, and 5.0-CURRENT
How-To-Repeat: 	set ipfilter_enable="YES" in /etc/rc.conf. Reboot. Run kldstat, you
will see that the ipl module is not loaded. Even if you do have it in your
kernel, ipnat will not enable without ipf.rules.
Comment 1 dd freebsd_committer freebsd_triage 2001-04-29 03:20:56 UTC 
Responsible Changed
From-To: freebsd-bugs->darrenr

Over to IPFilter maintainer.
Comment 2 guido freebsd_committer freebsd_triage 2001-11-14 13:20:58 UTC 
State Changed
From-To: open->feedback

Arjan de Vet and Doug Barton have made patches to the FreeBSD rc system 
that should solve all of the known problems with IPFilter. 
Current and stable patches are available at the URL underneath. 
Please be so kind to: 
1) Test the patches if they do work for you 
2) mail your feedback to Arjan de Vet (devet@devet.org) 
3) If al is worked out and Arjan has the patches committed, please 
update the PR. 

Url: 
http://home.iae.nl/users/devet/freebsd/
Comment 3 Darern Reed freebsd_committer freebsd_triage 2002-03-26 10:09:50 UTC 
State Changed
From-To: feedback->closed

this problem has been resolved in -current