git: d7129761f5fc - stable/15 - ipfilter: Load optionlist prior to ippool invocation

The branch stable/15 has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=d7129761f5fc8828d5701cfe14adffee58659648

commit d7129761f5fc8828d5701cfe14adffee58659648
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2025-11-26 19:40:36 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2025-12-02 15:28:15 +0000

    ipfilter: Load optionlist prior to ippool invocation
    
    As a safety precaution df381bec2d2b limits ippool hash table size to 1K.
    This causes any legitimely large hash table to fail to load. The
    htable_size_max ipf tuneable adjusts this but the adjustment is made
    in the ipfilter rc script, invoked after the ippool script (because it
    depends on ippool). Let's load the ipfilter_optionlist in ippool as well.
    ipfilter_optionlist load will also occur in the ipfilter rc script in case
    the user uses ipfilter without ippool.
    
    Fixes:          df381bec2d2b
    (cherry picked from commit d5d005e9bf4933d5680dd0bb5d42bdf440122aa4)
---
 libexec/rc/rc.d/ippool | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool
index 0db8bbe98f61..5ef0d0522621 100755
--- a/libexec/rc/rc.d/ippool
+++ b/libexec/rc/rc.d/ippool
@@ -27,6 +27,9 @@ required_modules="ipl:ipfilter"
 ippool_start_precmd()
 {
 	rc_flags="-f ${ippool_rules} ${rc_flags}"
+	if [ -n "${ifilter_optionlist}" ]; then
+		${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}"
+	fi
 }
 
 ippool_reload()