From owner-dev-commits-src-all@freebsd.org  Mon Feb 22 19:22:30 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 486D654BC40;
 Mon, 22 Feb 2021 19:22:30 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4DksWn3Mrjz4d03;
 Mon, 22 Feb 2021 19:22:28 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8AE2733A9;
 Mon, 22 Feb 2021 19:22:28 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 11MJMSY3052569;
 Mon, 22 Feb 2021 19:22:28 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 11MJMSaa052556;
 Mon, 22 Feb 2021 19:22:28 GMT (envelope-from git)
Date: Mon, 22 Feb 2021 19:22:28 GMT
Message-Id: <202102221922.11MJMSaa052556@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-main@FreeBSD.org
From: Cy Schubert <cy@FreeBSD.org>
Subject: git: e2ad10e84792 - main - Remove the redundant ipfilter IPv6 rc
 rules load.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cy
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: e2ad10e84792e8dcfb0e03a9b5cb19cd3d93ddf8
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 19:22:30 -0000

The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=e2ad10e84792e8dcfb0e03a9b5cb19cd3d93ddf8

commit e2ad10e84792e8dcfb0e03a9b5cb19cd3d93ddf8
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2021-02-12 15:17:32 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2021-02-22 19:20:18 +0000

    Remove the redundant ipfilter IPv6 rc rules load.
    
    As of ipfilter 5.1.2 the IPv4 and IPv6 rules tables have been merged.
    The ipf(8) -6 option has been a NOP since then. Currently the additional
    ipf -6 load statement in rc.d/ipfilter simply added the second ipfilter
    rules file to the table already populated by the previous ipf command.
    Plenty of time has passed since ipfilter 5.1.2 was imported. It is time to
    remove the option from rc.conf and the rc script.
    
    Differential Revision:  https://reviews.freebsd.org/D28615
---
 libexec/rc/rc.conf       |  3 ---
 libexec/rc/rc.d/ipfilter | 13 +------------
 2 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf
index 55a7112b15ea..998cd3fd14d6 100644
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@ -546,9 +546,6 @@ stf_interface_ipv6_ifid="0:0:0:1"	# IPv6 interface id for stf0.
 stf_interface_ipv6_slaid="0000"	# IPv6 Site Level Aggregator for stf0
 ipv6_ipv4mapping="NO"		# Set to "YES" to enable IPv4 mapped IPv6 addr
 				# communication. (like ::ffff:a.b.c.d)
-ipv6_ipfilter_rules="/etc/ipf6.rules"	# rules definition file for ipfilter,
-					# see /usr/src/contrib/ipfilter/rules
-					# for examples
 ip6addrctl_enable="YES"	# Set to YES to enable default address selection
 ip6addrctl_verbose="NO"	# Set to YES to enable verbose configuration messages
 ip6addrctl_policy="AUTO"	# A pre-defined address selection policy
diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter
index fe328308e622..abe49c919656 100755
--- a/libexec/rc/rc.d/ipfilter
+++ b/libexec/rc/rc.d/ipfilter
@@ -14,7 +14,7 @@ name="ipfilter"
 desc="IP packet filter"
 rcvar="ipfilter_enable"
 load_rc_config $name
-stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
+stop_precmd="test -f ${ipfilter_rules}"
 
 start_precmd="$stop_precmd"
 start_cmd="ipfilter_start"
@@ -39,10 +39,6 @@ ipfilter_start()
 		${ipfilter_program:-/sbin/ipf} \
 		    -f "${ipfilter_rules}" ${ipfilter_flags}
 	fi
-	if [ -r "${ipv6_ipfilter_rules}" ]; then
-		${ipfilter_program:-/sbin/ipf} -6 \
-		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
-	fi
 }
 
 ipfilter_stop()
@@ -67,13 +63,6 @@ ipfilter_reload()
 			err 1 'Load of rules into alternate set failed; aborting reload'
 		fi
 	fi
-	if [ -r "${ipv6_ipfilter_rules}" ]; then
-		${ipfilter_program:-/sbin/ipf} -I -6 \
-		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
-		if [ $? -ne 0 ]; then
-			err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
-		fi
-	fi
 	${ipfilter_program:-/sbin/ipf} -s
 
 }