Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 5 Nov 2006 18:50:18 +0000
From:      Ceri Davies <ceri@submonkey.net>
To:        rc@FreeBSD.org
Subject:   IPfilter rulesets
Message-ID:  <20061105185018.GG36592@submonkey.net>
next in thread | raw e-mail | index | archive | help 

--4D0iojmU0rbTyz/6
Content-Type: multipart/mixed; boundary="pS0IeWLqOQV1qy0L"
Content-Disposition: inline


--pS0IeWLqOQV1qy0L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


The attached patch is a re-expression of a patch in PR 97311, which
tests that the load of rules into IP Filter's alternate ruleset was
successful before trying to overwrite the active ruleset.

Would anyone here object if I committed it?

Cheers,

Ceri
--=20
That must be wonderful!  I don't understand it at all.
                                                  -- Moliere

--pS0IeWLqOQV1qy0L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="97311.diff"
Content-Transfer-Encoding: quoted-printable

Index: ipfilter
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /usr/home/ncvs/src/etc/rc.d/ipfilter,v
retrieving revision 1.24
diff -u -r1.24 ipfilter
--- ipfilter	7 Jul 2005 05:59:44 -0000	1.24
+++ ipfilter	4 Nov 2006 13:09:15 -0000
@@ -93,11 +93,17 @@
 	if [ -r "${ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -I \
 		    -f "${ipfilter_rules}" ${ipfilter_flags}
+		if [ $? -ne 0 ]; then
+		    err 1 'Load of rules into alternate set failed; aborting reload'
+		fi
 	fi
 	${ipfilter_program:-/sbin/ipf} -I -6 -Fa
 	if [ -r "${ipv6_ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -I -6 \
 		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
+		if [ $? -ne 0 ]; then
+		    err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
+		fi
 	fi
 	${ipfilter_program:-/sbin/ipf} -s
=20

--pS0IeWLqOQV1qy0L--

--4D0iojmU0rbTyz/6
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFFTjJqocfcwTS3JF8RArApAKCO1sQxtI/njCUVU4KyhSgCvChhBACeLNTG
5GfuSsQDXQOWwGwKytcz5Do=
=+pPx
-----END PGP SIGNATURE-----

--4D0iojmU0rbTyz/6--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061105185018.GG36592>