On Mon, 23 Nov 2009, John Baldwin wrote: > On Monday 23 November 2009 10:13:54 am Hajimu UMEMOTO wrote: >> Hi, >> >>>>>>> On Sun, 22 Nov 2009 11:12:33 -0800 >>>>>>> Doug Barton <dougb_at_FreeBSD.org> said: >> >> dougb> In rc.firewall you seem to have copied afexists() from network.subr. >> dougb> Is there a reason that you did not simply source that file? That > would >> dougb> be the preferred method. Also in that file you call "if afexists >> dougb> inet6" quite a few times. My preference from a performance standpoint >> dougb> would be to call it once, perhaps in a start_precmd then cache the > value. >> >> Thank you for the comments. >> Ah, yes, afexists() is only in 9-CURRENT, and is not MFC'ed into 8, >> yet. So, I thought the patch should be able to work on both 9 and 8, >> for review. I've changed to source network.subr for afexists(). >> Calling afexists() several times was not good idea. So, I've changed >> to call afexists() just once. >> The new patch is attached. >> >> dougb> And of course, you have regression tested this thoroughly, yes? :) >> dougb> Please include scenarios where there is no INET6 in the kernel as > well. >> >> Okay, I've tested it on INET6-less kernel, as well. > > Some comments I have: > > _at__at_ -178,6 +212,16 _at__at_ > # Allow any traffic to or from my own net. > ${fwcmd} add pass all from me to ${net} > ${fwcmd} add pass all from ${net} to me I haven't looked at the entire update but as I see this I shall note unless I missed a fix to ipfw, you need to make that ip and use ip6 and me6 for the new world order. Please make sure that this works as expected in mixed-world scenarios as well as legacy IP and IPv6 only worlds. /bz -- Bjoern A. Zeeb It will not break if you know what you are doing.Received on Mon Nov 23 2009 - 15:15:07 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:58 UTC