Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Dec 2025 21:10:53 +0000
From:      Cy Schubert <cy@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: d077ec7c0fa3 - stable/13 - rc.d/ipfilter: ipfilter must be enabled for options to take
Message-ID:  <6939e1dd.2fcf0.7e6f15ae@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 

The branch stable/13 has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=d077ec7c0fa3d1fef03cbd63e1b70dae625b05b7

commit d077ec7c0fa3d1fef03cbd63e1b70dae625b05b7
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2025-12-09 23:42:07 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2025-12-10 21:10:47 +0000

    rc.d/ipfilter: ipfilter must be enabled for options to take
    
    ipfilter options are erased and reset to default when ipfilter is
    disabled. This results in nullifying options from rc.conf that were
    previously set.
    
    8d6feaaaa26f, which added this code, was incorrect as it was for a bug in
    ipfilter 4.2.28 and no longer applies to ipfilter 5.1.2.
    
    Fixes:          8d6feaaaa26f
    
    (cherry picked from commit cc1e4aae5a67a20f3c0fff13612364e6e4404f93)
---
 libexec/rc/rc.d/ipfilter | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter
index 449b8f0741b8..f027faa9d13a 100755
--- a/libexec/rc/rc.d/ipfilter
+++ b/libexec/rc/rc.d/ipfilter
@@ -30,14 +30,11 @@ required_modules="ipl:ipfilter"
 ipfilter_start()
 {
 	echo "Enabling ipfilter."
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
+		${ipfilter_program:-/sbin/ipf} -E
+	fi
 	if [ -n "${ipfilter_optionlist}" ]; then
-		if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
-			${ipfilter_program:-/sbin/ipf} -D
-		fi
 		${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}"
-		${ipfilter_program:-/sbin/ipf} -E
-	elif ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
-		${ipfilter_program:-/sbin/ipf} -E
 	fi
 	${ipfilter_program:-/sbin/ipf} -Fa
 	if [ -r "${ipfilter_rules}" ]; then

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6939e1dd.2fcf0.7e6f15ae>