git: e2ad10e84792 - main - Remove the redundant ipfilter IPv6 rc rules load.
Cy Schubert
cy at FreeBSD.org
Mon Feb 22 19:22:30 UTC 2021
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=e2ad10e84792e8dcfb0e03a9b5cb19cd3d93ddf8
commit e2ad10e84792e8dcfb0e03a9b5cb19cd3d93ddf8
Author: Cy Schubert <cy at FreeBSD.org>
AuthorDate: 2021-02-12 15:17:32 +0000
Commit: Cy Schubert <cy at FreeBSD.org>
CommitDate: 2021-02-22 19:20:18 +0000
Remove the redundant ipfilter IPv6 rc rules load.
As of ipfilter 5.1.2 the IPv4 and IPv6 rules tables have been merged.
The ipf(8) -6 option has been a NOP since then. Currently the additional
ipf -6 load statement in rc.d/ipfilter simply added the second ipfilter
rules file to the table already populated by the previous ipf command.
Plenty of time has passed since ipfilter 5.1.2 was imported. It is time to
remove the option from rc.conf and the rc script.
Differential Revision: https://reviews.freebsd.org/D28615
---
libexec/rc/rc.conf | 3 ---
libexec/rc/rc.d/ipfilter | 13 +------------
2 files changed, 1 insertion(+), 15 deletions(-)
diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf
index 55a7112b15ea..998cd3fd14d6 100644
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@ -546,9 +546,6 @@ stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0.
stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0
ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr
# communication. (like ::ffff:a.b.c.d)
-ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter,
- # see /usr/src/contrib/ipfilter/rules
- # for examples
ip6addrctl_enable="YES" # Set to YES to enable default address selection
ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages
ip6addrctl_policy="AUTO" # A pre-defined address selection policy
diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter
index fe328308e622..abe49c919656 100755
--- a/libexec/rc/rc.d/ipfilter
+++ b/libexec/rc/rc.d/ipfilter
@@ -14,7 +14,7 @@ name="ipfilter"
desc="IP packet filter"
rcvar="ipfilter_enable"
load_rc_config $name
-stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
+stop_precmd="test -f ${ipfilter_rules}"
start_precmd="$stop_precmd"
start_cmd="ipfilter_start"
@@ -39,10 +39,6 @@ ipfilter_start()
${ipfilter_program:-/sbin/ipf} \
-f "${ipfilter_rules}" ${ipfilter_flags}
fi
- if [ -r "${ipv6_ipfilter_rules}" ]; then
- ${ipfilter_program:-/sbin/ipf} -6 \
- -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
- fi
}
ipfilter_stop()
@@ -67,13 +63,6 @@ ipfilter_reload()
err 1 'Load of rules into alternate set failed; aborting reload'
fi
fi
- if [ -r "${ipv6_ipfilter_rules}" ]; then
- ${ipfilter_program:-/sbin/ipf} -I -6 \
- -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
- if [ $? -ne 0 ]; then
- err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
- fi
- fi
${ipfilter_program:-/sbin/ipf} -s
}
More information about the dev-commits-src-main
mailing list