Hi,

>>>>> On Sun, 02 Nov 2003 15:49:35 +0200
>>>>> Kostyuk Oleg <[EMAIL PROTECTED]> said:

cub>    Problem is in order of starting /etc/rc.d/ipsec.
cub>    It must start BEFORE any network interaction,
cub>    may be even before configuring interfaces.
cub>    But I not sure in case with diskless mashines.

cub>    -# BEFORE:  DAEMON
cub>    +# BEFORE:  NETWORK

It is not sufficient.  There is setkey(8) in /usr/sbin.  It means that
we cannot protect NFS exported /usr by IPsec.  If there is no
objection, I wish to move setkey(8) into /sbin like NetBSD did.

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
[EMAIL PROTECTED]  [EMAIL PROTECTED]  [EMAIL PROTECTED],jp.}FreeBSD.org
http://www.imasy.org/~ume/
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to