[src/netbsd-1-6]: src/etc/rc.d Pull up revision 1.39 (requested by tron in ti...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-6]: src/etc/rc.d Pull up revision 1.39 (requested by tron in ti...
From: lukem <lukem%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 11:14:28 +0000

details:   https://anonhg.NetBSD.org/src/rev/1bf15858f99e
branches:  netbsd-1-6
changeset: 529188:1bf15858f99e
user:      lukem <lukem%NetBSD.org@localhost>
date:      Wed Oct 23 12:34:40 2002 +0000

description:
Pull up revision 1.39 (requested by tron in ticket #901):
Automatically create and destroy cloning interfaces and sync IP Filter
immediately afterwards before bringing the interface up. This avoids
a small security gap existing in the previous scheme where IP Filter
was synced after all cloning interfaces were created and brought up.

diffstat:

 etc/rc.d/network |  28 +++++++++++++++-------------
 1 files changed, 15 insertions(+), 13 deletions(-)

diffs (72 lines):

diff -r e1d1eb25d8b2 -r 1bf15858f99e etc/rc.d/network
--- a/etc/rc.d/network  Wed Oct 23 12:22:35 2002 +0000
+++ b/etc/rc.d/network  Wed Oct 23 12:34:40 2002 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: network,v 1.38 2002/05/04 13:53:02 tron Exp $
+# $NetBSD: network,v 1.38.2.1 2002/10/23 12:34:40 lukem Exp $
 #
 
 # PROVIDE: network
@@ -185,6 +185,13 @@
                echo -n 'Configuring network interfaces:'
                for int in $tmp; do
                        eval args=\$ifconfig_$int
+                       if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then
+                               if ifconfig $int create 2>/dev/null && \
+                                  checkyesno ipfilter; then
+                                       # resync ipf(4)
+                                       ipf -y >/dev/null
+                               fi
+                       fi
                        if [ -n "$args" ]; then
                                echo -n " $int"
                                ifconfig $int $args
@@ -193,7 +200,7 @@
                                while read args; do
                                        [ -z "$args" ] && continue
                                        case "$args" in
-                                       "#"*)
+                                       "#"*|create)
                                                ;;
                                        "!"*)
                                                eval ${args#*!}
@@ -308,11 +315,6 @@
                fi
        fi
 
-       # resync ipf(4)
-       if checkyesno ipfilter; then
-               /sbin/ipf -y
-       fi
-
        # XXX this must die
        if [ -s /etc/netstart.local ]; then
                sh /etc/netstart.local start
@@ -360,6 +362,11 @@
                        if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then
                                echo -n " $int"
                                ifconfig $int down
+                               if ifconfig $int destroy 2>/dev/null && \
+                                  checkyesno ipfilter; then
+                                       # resync ipf(4)
+                                       ipf -y >/dev/null
+                               fi
                        fi
                done
                echo "."
@@ -369,12 +376,7 @@
        #
        route -n flush
 
-       # resync ipf(4)
-       if checkyesno ipfilter; then
-               /sbin/ipf -y
-       fi
-
 }
 
-load_rc_config $name
+load_rc_config $name ipfilter
 run_rc_command "$1"

Prev by Date: [src/netbsd-1-6]: src/doc Pullups for tickets: 901 932 935 937 938 940
Next by Date: [src/netbsd-1-6]: src/etc Pull up revision 1.58 (requested by thorpej in tick...
Previous by Thread: [src/netbsd-1-6]: src/doc Pullups for tickets: 901 932 935 937 938 940
Next by Thread: [src/netbsd-1-6]: src/etc Pull up revision 1.58 (requested by thorpej in tick...
Indexes:

Home | Main Index | Thread Index | Old Index