Bug 27070

Summary: save/restore IP Filter's state tables at shutdown/reboot (patch)
Product: Base System Reporter: stefan.schmidt <stefan.schmidt>
Component: confAssignee: Darern Reed <darrenr>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description stefan.schmidt 2001-05-04 00:30:03 UTC 
IP Filter's utility program "ipfs" is supposed to save and restore IP
Filter's internal state tables. By saving state tables at shutdown and
restoring them at boot-time, already established connections aren't
disconnected (or hang, depending on your rules).

Fix: I've added a few new configuration parameters (ipfs_*) to 
etc/defaults/rc.conf that maybe overridden in etc/rc.conf:
ipfs_enable, ipfs_flags, ipfs_program.

The attached patches (against RELENG_4, but should also 
apply to CURRENT) also modify rc.network for restoring
the state tables at boot-time. rc.shutdown saves the tables
at shutdown-time. (is there a better place to put this?)

Directory db/ipf was added to etc/mtree.var.dist.

rc.conf(5) isn't ready yet but I'll happily provide patches to
anyone who wants to commit this functionality.

Note that PR bin/27063 (/sbin/ipfs missing) is a prerequisit.
How-To-Repeat: (new functionality, thus no How-To-Repeat)
Comment 1 Peter Pentchev freebsd_committer freebsd_triage 2001-05-04 06:53:43 UTC 
Responsible Changed
From-To: freebsd-bugs->darrenr

Over to the maintainer (and author) of the IPFilter suite.
Comment 2 Darern Reed freebsd_committer freebsd_triage 2001-10-20 05:33:18 UTC 
State Changed
From-To: open->feedback

these changes have been applied to -current. 

updates for rc.conf and rc.conf(5) would be appreciated.
Comment 3 Guido van Rooij 2001-11-14 13:35:26 UTC 
Arjan de Vet and Doug Barton have made patches to the FreeBSD rc system
that should solve all of the known problems with IPFilter.
Current and stable patches are available at the URL underneath.
Please be so kind to:
1) Test the patches if they do work for you
2) mail your feedback to Arjan de Vet (devet@devet.org)
3) If al is worked out and Arjan has the patches committed, please
update the PR.

Url:
http://home.iae.nl/users/devet/freebsd/
Comment 4 Darern Reed freebsd_committer freebsd_triage 2002-03-26 10:02:52 UTC 
State Changed
From-To: feedback->closed

the patches for this change have been integrated.