When both shorewall and shorewall6 are installed, their init scripts both provide "firewall" which seems wrong as this suggests /either/ of them started suffices to have the firewall up while in fact /both/ should be started if they're both in the current runlevel. Actually something similar to RC_NET_STRICT_CHECKING in /etc/conf.d/rc might be useful here to define which of them can satisfy a possible dependency on "firewall" - including an option to require both. Reproducible: Always Steps to Reproduce: 1. install net-firewall/shorewall and net-firewall/shorewall6 2. rm /var/lib/init.d/dep{cache,tree} 3. run /sbin/rc Actual Results: * Caching service dependencies ... * Service 'shorewall' already provides 'firewall'!; * Not adding service 'shorewall6'... Expected Results: Those scripts should somehow tell rc more exactly how to handle them (see description above). Setting severity to minor, because: I don't know if there is any service that actullay needs/uses "firewall", and the workaround is to manually add shorewall{,6} to the runlevel. If some service needs both of them started, this might theoretically fail to correctly resolve the startup order, though. Portage 2.2_rc63 (default/linux/x86/10.0, gcc-4.3.4, glibc-2.10.1-r1, 2.6.31-gentoo-r6-stellaware i686) ================================================================= System uname: Linux-2.6.31-gentoo-r6-stellaware-i686-Pentium_III_-Coppermine-with-gentoo-1.12.13 Timestamp of tree: Tue, 02 Mar 2010 10:15:01 +0000 distcc 3.1 i686-pc-linux-gnu [enabled] app-shells/bash: 4.0_p35 dev-lang/python: 2.6.4-r1 dev-util/cmake: 2.6.4-r3 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.18-r3 sys-devel/gcc: 4.3.4 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--jobs --load-average=3.0" FEATURES="assume-digests distcc distlocks fixpackages metadata-transfer news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://de-mirror.org/distro/gentoo/" LC_ALL="de_DE.utf8" LDFLAGS="-Wl,-O1" LINGUAS="en" MAKEOPTS="-j3 -l3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/stellaware" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="acl apache2 avahi berkdb bzip2 cli cracklib crypt cups curl cxx dbus dri fortran gdbm geoip gpm iconv icu ipv6 kerberos lm_sensors lzma mmx modules mudflap ncurses network-cron nls nptl nptlonly openmp pam pcre perl pppd python readline reflection samba session smp spl sqlite sqlite3 sse ssl subversion sysfs tcpd threads unicode usb vhosts vim-syntax x86 xattr xml xorg zeroconf zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" Unset: CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, LANG, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
You can set whatever needs/provides etc. with openrc in /etc/rc.conf, simply using rc_foo_{use,need,provide,before,after}="[!]bar" where foo the service you are configuring and bar is whatever you want to provide or whatnot. baselayout-1* is legacy stuff so don't expect any new features there. :)
As long as both state "before net" this should not cause a gap where the interfaces are up but the firewall is not yet started. This ties in closely with my proposed solution for bug #288992; you are now CC'd there and your opinion is welcomed. Thank you for your bug report. *** This bug has been marked as a duplicate of bug 288992 ***