Bug 248254 - /etc/rc.d/ipfw should support ipdivert_enable="YES"
Summary: /etc/rc.d/ipfw should support ipdivert_enable="YES"
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ipfw (Nobody)
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2020-07-25 04:54 UTC by WHR
Modified: 2020-07-25 13:49 UTC (History)
0 users

See Also:


Attachments
ipfw-rc-script-ipdivert-config.diff (1.11 KB, patch)
2020-07-25 04:54 UTC, WHR
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description WHR 2020-07-25 04:54:41 UTC
Created attachment 216753 [details]
ipfw-rc-script-ipdivert-config.diff

Currently this RC script will load ipdivert.ko only on natd_enable="YES"; this patch however added another RC variable to load the kernel module along with ipfw.ko, if enabled.

I uses some ipdivert-based programs that work with ipfw(4), however I don't use natd(8), so I need another way to automatically load ipdivert.ko without adding ipdivert_load=YES in /boot/loader.conf, because I don't want ipfw be enabled so early at boot.

For example to enable ipdivert without natd, add following to /etc/rc.conf:

firewall_enable="YES"
ipdivert_enable="YES"

Of course other ipfw-related variables may be required to complete the whole configuration.