From owner-svn-src-all@FreeBSD.ORG  Tue Sep 10 13:48:35 2013
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 15639E98;
 Tue, 10 Sep 2013 13:48:35 +0000 (UTC) (envelope-from cy@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id DBB242B9D;
 Tue, 10 Sep 2013 13:48:34 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r8ADmYWx037510;
 Tue, 10 Sep 2013 13:48:34 GMT (envelope-from cy@svn.freebsd.org)
Received: (from cy@localhost)
 by svn.freebsd.org (8.14.7/8.14.5/Submit) id r8ADmYS7037507;
 Tue, 10 Sep 2013 13:48:34 GMT (envelope-from cy@svn.freebsd.org)
Message-Id: <201309101348.r8ADmYS7037507@svn.freebsd.org>
From: Cy Schubert <cy@FreeBSD.org>
Date: Tue, 10 Sep 2013 13:48:34 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r255450 - head/etc/rc.d
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2013 13:48:35 -0000

Author: cy
Date: Tue Sep 10 13:48:33 2013
New Revision: 255450
URL: http://svnweb.freebsd.org/changeset/base/255450

Log:
  ipfilter 5.1.2 no longer supports sysctl. Use ipf -V to determine if
  available (the kernel module is loaded or compiled into the kernel).
  
  Approved by:	glebius (mentor)
  Approved by:	re (blanket)

Modified:
  head/etc/rc.d/ipfilter
  head/etc/rc.d/ipfs
  head/etc/rc.d/ipmon

Modified: head/etc/rc.d/ipfilter
==============================================================================
--- head/etc/rc.d/ipfilter	Tue Sep 10 10:38:15 2013	(r255449)
+++ head/etc/rc.d/ipfilter	Tue Sep 10 13:48:33 2013	(r255450)
@@ -29,7 +29,7 @@ required_modules="ipl:ipfilter"
 ipfilter_start()
 {
 	echo "Enabling ipfilter."
-	if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
 		${ipfilter_program:-/sbin/ipf} -E
 	fi
 	${ipfilter_program:-/sbin/ipf} -Fa
@@ -37,7 +37,6 @@ ipfilter_start()
 		${ipfilter_program:-/sbin/ipf} \
 		    -f "${ipfilter_rules}" ${ipfilter_flags}
 	fi
-	${ipfilter_program:-/sbin/ipf} -6 -Fa
 	if [ -r "${ipv6_ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -6 \
 		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
@@ -46,8 +45,7 @@ ipfilter_start()
 
 ipfilter_stop()
 {
-	# XXX - The ipf -D command is not effective for 'lkm's
-	if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
+	if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
 		echo "Saving firewall state tables"
 		${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
 		echo "Disabling ipfilter."

Modified: head/etc/rc.d/ipfs
==============================================================================
--- head/etc/rc.d/ipfs	Tue Sep 10 10:38:15 2013	(r255449)
+++ head/etc/rc.d/ipfs	Tue Sep 10 13:48:33 2013	(r255450)
@@ -23,7 +23,7 @@ ipfs_prestart()
 	if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then
 		err 1  "${name} requires either ipfilter or ipnat enabled"
 	fi
-	if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
 		err 1 "ipfilter module is not loaded"
 	fi
 	return 0

Modified: head/etc/rc.d/ipmon
==============================================================================
--- head/etc/rc.d/ipmon	Tue Sep 10 10:38:15 2013	(r255449)
+++ head/etc/rc.d/ipmon	Tue Sep 10 13:48:33 2013	(r255450)
@@ -23,7 +23,7 @@ ipmon_precmd()
 	if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then
 		err 1  "${name} requires either ipfilter or ipnat enabled"
 	fi
-	if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
 		err 1 "ipfilter module is not loaded"
 	fi
 	return 0