Hi, >>>>> On Sun, 02 Nov 2003 15:49:35 +0200 >>>>> Kostyuk Oleg <cub_at_cub.org.ua> said: cub> Problem is in order of starting /etc/rc.d/ipsec. cub> It must start BEFORE any network interaction, cub> may be even before configuring interfaces. cub> But I not sure in case with diskless mashines. cub> -# BEFORE: DAEMON cub> +# BEFORE: NETWORK It is not sufficient. There is setkey(8) in /usr/sbin. It means that we cannot protect NFS exported /usr by IPsec. If there is no objection, I wish to move setkey(8) into /sbin like NetBSD did. Sincerely, -- Hajimu UMEMOTO _at_ Internet Mutual Aid Society Yokohama, Japan ume_at_mahoroba.org ume_at_bisd.hitachi.co.jp ume_at_{,jp.}FreeBSD.org http://www.imasy.org/~ume/Received on Sat Nov 15 2003 - 01:54:17 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:29 UTC