[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netbsd-tech-net
Subject:    Re: ipf race (was: Flag to exclude an interface from INADDR_ANY?)
From:       Darren Reed <darrenr () reed ! wattle ! id ! au>
Date:       2002-01-02 21:42:22
[Download RAW message or body]

In some email I received from Wolfgang Rupprecht, sie wrote:
> 
> > configuring ipf to block all services invisibly on the outside
> > interface(s) is both error-prone and subject to both race conditions
> 
> Is it possible to eliminate the race condition by swapping filters as such:
> 
> 	ipf -I -F a -f /etc/ipf.conf
> 	ipf -I -6   -f /etc/ipf-v6.conf
> 	ipf -s
> 
> Or does the "ipf -s" have a small race condition of its own?  If so,
> I'm going to have to rethink how I reload filters. (eg. perhaps something
> along the lines of ifconfig down, reload, ifconfig up)

There is no race condition there.

Darren
[prev in list] [next in list] [prev in thread] [next in thread]