From owner-freebsd-rc@FreeBSD.ORG  Sun Nov  5 18:50:20 2006
Return-Path: <owner-freebsd-rc@FreeBSD.ORG>
X-Original-To: rc@FreeBSD.org
Delivered-To: freebsd-rc@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3FA5916A40F
	for <rc@FreeBSD.org>; Sun,  5 Nov 2006 18:50:20 +0000 (UTC)
	(envelope-from ceri@submonkey.net)
Received: from shrike.submonkey.net (cpc2-cdif2-0-0-cust107.cdif.cable.ntl.com
	[81.104.168.108])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AF77643D5F
	for <rc@FreeBSD.org>; Sun,  5 Nov 2006 18:50:19 +0000 (GMT)
	(envelope-from ceri@submonkey.net)
Received: from ceri by shrike.submonkey.net with local (Exim 4.63 (FreeBSD))
	(envelope-from <ceri@submonkey.net>) id 1Ggn4U-000E5F-Eb
	for rc@FreeBSD.org; Sun, 05 Nov 2006 18:50:18 +0000
Date: Sun, 5 Nov 2006 18:50:18 +0000
From: Ceri Davies <ceri@submonkey.net>
To: rc@FreeBSD.org
Message-ID: <20061105185018.GG36592@submonkey.net>
Mail-Followup-To: Ceri Davies <ceri@submonkey.net>, rc@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="4D0iojmU0rbTyz/6"
Content-Disposition: inline
X-PGP: finger ceri@FreeBSD.org
User-Agent: Mutt/1.5.13 (2006-08-11)
Sender: Ceri Davies <ceri@submonkey.net>
Cc: 
Subject: IPfilter rulesets
X-BeenThere: freebsd-rc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion related to /etc/rc.d design and implementation."
	<freebsd-rc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-rc>,
	<mailto:freebsd-rc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-rc>
List-Post: <mailto:freebsd-rc@freebsd.org>
List-Help: <mailto:freebsd-rc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-rc>,
	<mailto:freebsd-rc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Nov 2006 18:50:20 -0000


--4D0iojmU0rbTyz/6
Content-Type: multipart/mixed; boundary="pS0IeWLqOQV1qy0L"
Content-Disposition: inline


--pS0IeWLqOQV1qy0L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


The attached patch is a re-expression of a patch in PR 97311, which
tests that the load of rules into IP Filter's alternate ruleset was
successful before trying to overwrite the active ruleset.

Would anyone here object if I committed it?

Cheers,

Ceri
--=20
That must be wonderful!  I don't understand it at all.
                                                  -- Moliere

--pS0IeWLqOQV1qy0L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="97311.diff"
Content-Transfer-Encoding: quoted-printable

Index: ipfilter
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /usr/home/ncvs/src/etc/rc.d/ipfilter,v
retrieving revision 1.24
diff -u -r1.24 ipfilter
--- ipfilter	7 Jul 2005 05:59:44 -0000	1.24
+++ ipfilter	4 Nov 2006 13:09:15 -0000
@@ -93,11 +93,17 @@
 	if [ -r "${ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -I \
 		    -f "${ipfilter_rules}" ${ipfilter_flags}
+		if [ $? -ne 0 ]; then
+		    err 1 'Load of rules into alternate set failed; aborting reload'
+		fi
 	fi
 	${ipfilter_program:-/sbin/ipf} -I -6 -Fa
 	if [ -r "${ipv6_ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -I -6 \
 		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
+		if [ $? -ne 0 ]; then
+		    err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
+		fi
 	fi
 	${ipfilter_program:-/sbin/ipf} -s
=20

--pS0IeWLqOQV1qy0L--

--4D0iojmU0rbTyz/6
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFFTjJqocfcwTS3JF8RArApAKCO1sQxtI/njCUVU4KyhSgCvChhBACeLNTG
5GfuSsQDXQOWwGwKytcz5Do=
=+pPx
-----END PGP SIGNATURE-----

--4D0iojmU0rbTyz/6--