svn commit: r255450 - head/etc/rc.d

Cy Schubert cy at FreeBSD.org
Tue Sep 10 13:48:35 UTC 2013 

Author: cy
Date: Tue Sep 10 13:48:33 2013
New Revision: 255450
URL: http://svnweb.freebsd.org/changeset/base/255450

Log:
  ipfilter 5.1.2 no longer supports sysctl. Use ipf -V to determine if
  available (the kernel module is loaded or compiled into the kernel).
  
  Approved by:	glebius (mentor)
  Approved by:	re (blanket)

Modified:
  head/etc/rc.d/ipfilter
  head/etc/rc.d/ipfs
  head/etc/rc.d/ipmon

Modified: head/etc/rc.d/ipfilter
==============================================================================
--- head/etc/rc.d/ipfilter	Tue Sep 10 10:38:15 2013	(r255449)
+++ head/etc/rc.d/ipfilter	Tue Sep 10 13:48:33 2013	(r255450)
@@ -29,7 +29,7 @@ required_modules="ipl:ipfilter"
 ipfilter_start()
 {
 	echo "Enabling ipfilter."
-	if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
 		${ipfilter_program:-/sbin/ipf} -E
 	fi
 	${ipfilter_program:-/sbin/ipf} -Fa
@@ -37,7 +37,6 @@ ipfilter_start()
 		${ipfilter_program:-/sbin/ipf} \
 		    -f "${ipfilter_rules}" ${ipfilter_flags}
 	fi
-	${ipfilter_program:-/sbin/ipf} -6 -Fa
 	if [ -r "${ipv6_ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -6 \
 		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
@@ -46,8 +45,7 @@ ipfilter_start()
 
 ipfilter_stop()
 {
-	# XXX - The ipf -D command is not effective for 'lkm's
-	if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
+	if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
 		echo "Saving firewall state tables"
 		${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
 		echo "Disabling ipfilter."

Modified: head/etc/rc.d/ipfs
==============================================================================
--- head/etc/rc.d/ipfs	Tue Sep 10 10:38:15 2013	(r255449)
+++ head/etc/rc.d/ipfs	Tue Sep 10 13:48:33 2013	(r255450)
@@ -23,7 +23,7 @@ ipfs_prestart()
 	if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then
 		err 1  "${name} requires either ipfilter or ipnat enabled"
 	fi
-	if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
 		err 1 "ipfilter module is not loaded"
 	fi
 	return 0

Modified: head/etc/rc.d/ipmon
==============================================================================
--- head/etc/rc.d/ipmon	Tue Sep 10 10:38:15 2013	(r255449)
+++ head/etc/rc.d/ipmon	Tue Sep 10 13:48:33 2013	(r255450)
@@ -23,7 +23,7 @@ ipmon_precmd()
 	if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then
 		err 1  "${name} requires either ipfilter or ipnat enabled"
 	fi
-	if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
 		err 1 "ipfilter module is not loaded"
 	fi
 	return 0

More information about the svn-src-head mailing list