Hajimu UMEMOTO wrote: > Hi, > > The ipfw and ip6fw were unified into ipfw2, now. But, we still have > rc.firewall and rc.firewall6. However, there are conflicts with each > other, and it confuses the users, IMHO. > So, I made a patch to unify rc.firewall and rc.firewall6, and obsolete > rc.firewall6 and rc.d/ip6fw. > Please review the attached patch. If there is no objection, I'll > commit it in next weekend. Overall I think this is good, and I'm definitely in favor of more integration of IPv6 into the mainstream rather than something that is glued on. A few comments: In rc.firewall you seem to have copied afexists() from network.subr. Is there a reason that you did not simply source that file? That would be the preferred method. Also in that file you call "if afexists inet6" quite a few times. My preference from a performance standpoint would be to call it once, perhaps in a start_precmd then cache the value. And of course, you have regression tested this thoroughly, yes? :) Please include scenarios where there is no INET6 in the kernel as well. hth, Doug -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/Received on Sun Nov 22 2009 - 18:12:27 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:58 UTC