Date: Tue, 02 Dec 2025 15:28:20 +0000 From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: d7129761f5fc - stable/15 - ipfilter: Load optionlist prior to ippool invocation Message-ID: <692f0594.33d16.1108862@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/15 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=d7129761f5fc8828d5701cfe14adffee58659648 commit d7129761f5fc8828d5701cfe14adffee58659648 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2025-11-26 19:40:36 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2025-12-02 15:28:15 +0000 ipfilter: Load optionlist prior to ippool invocation As a safety precaution df381bec2d2b limits ippool hash table size to 1K. This causes any legitimely large hash table to fail to load. The htable_size_max ipf tuneable adjusts this but the adjustment is made in the ipfilter rc script, invoked after the ippool script (because it depends on ippool). Let's load the ipfilter_optionlist in ippool as well. ipfilter_optionlist load will also occur in the ipfilter rc script in case the user uses ipfilter without ippool. Fixes: df381bec2d2b (cherry picked from commit d5d005e9bf4933d5680dd0bb5d42bdf440122aa4) --- libexec/rc/rc.d/ippool | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool index 0db8bbe98f61..5ef0d0522621 100755 --- a/libexec/rc/rc.d/ippool +++ b/libexec/rc/rc.d/ippool @@ -27,6 +27,9 @@ required_modules="ipl:ipfilter" ippool_start_precmd() { rc_flags="-f ${ippool_rules} ${rc_flags}" + if [ -n "${ifilter_optionlist}" ]; then + ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" + fi } ippool_reload()help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?692f0594.33d16.1108862>