Date: Tue, 02 Dec 2025 15:29:04 +0000 From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: c7cfc16f7ce0 - stable/13 - ipfilter: Load optionlist prior to ippool invocation Message-ID: <692f05c0.34a80.76077ad6@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/13 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=c7cfc16f7ce08ae91b9ec6544348d750d08e65c1 commit c7cfc16f7ce08ae91b9ec6544348d750d08e65c1 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2025-11-26 19:40:36 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2025-12-02 15:28:55 +0000 ipfilter: Load optionlist prior to ippool invocation As a safety precaution df381bec2d2b limits ippool hash table size to 1K. This causes any legitimely large hash table to fail to load. The htable_size_max ipf tuneable adjusts this but the adjustment is made in the ipfilter rc script, invoked after the ippool script (because it depends on ippool). Let's load the ipfilter_optionlist in ippool as well. ipfilter_optionlist load will also occur in the ipfilter rc script in case the user uses ipfilter without ippool. Fixes: df381bec2d2b (cherry picked from commit d5d005e9bf4933d5680dd0bb5d42bdf440122aa4) --- libexec/rc/rc.d/ippool | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool index 42cef3faf7eb..527e1fc780b2 100755 --- a/libexec/rc/rc.d/ippool +++ b/libexec/rc/rc.d/ippool @@ -23,6 +23,9 @@ required_modules="ipl:ipfilter" ippool_start_precmd() { rc_flags="-f ${ippool_rules} ${rc_flags}" + if [ -n "${ifilter_optionlist}" ]; then + ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" + fi } ippool_reload()help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?692f05c0.34a80.76077ad6>