From owner-svn-src-head@FreeBSD.ORG Wed Jan 28 21:09:00 2015 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9261C9C8; Wed, 28 Jan 2015 21:09:00 +0000 (UTC) Received: from smtp-out-05.shaw.ca (smtp-out-05.shaw.ca [64.59.134.13]) by mx1.freebsd.org (Postfix) with ESMTP id 41405ECF; Wed, 28 Jan 2015 21:08:59 +0000 (UTC) X-Cloudmark-SP-Filtered: true X-Cloudmark-SP-Result: v=1.1 cv=dwjLhcNAn+N65iW9oApC92yF2BXVJAhWBlCn9pRWT9g= c=1 sm=1 a=BLceEmwcHowA:10 a=ICAaq7hcmGcA:10 a=kj9zAlcOel0A:10 a=h/TgSZk7G/tNIXpx92NbsA==:17 a=6I5d2MoRAAAA:8 a=BWvPGDcYAAAA:8 a=YxBL1-UpAAAA:8 a=kSyTvZI6cDitG5HNCukA:9 a=CjuIK1q_8ugA:10 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117 Received: from unknown (HELO slippy.cwsent.com) ([24.69.109.95]) by smtp-out-05.shaw.ca with ESMTP; 28 Jan 2015 14:07:47 -0700 Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.14.9/8.14.9) with ESMTP id t0SL7l7T050199; Wed, 28 Jan 2015 13:07:47 -0800 (PST) (envelope-from Cy.Schubert@komquats.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.14.9/8.14.8/Submit) with ESMTP id t0SL7l7Y050196; Wed, 28 Jan 2015 13:07:47 -0800 (PST) (envelope-from Cy.Schubert@komquats.com) Message-Id: <201501282107.t0SL7l7Y050196@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.komquats.com/ To: Cy Schubert Subject: Re: svn commit: r277854 - head/etc/rc.d In-Reply-To: Message from Cy Schubert of "Wed, 28 Jan 2015 21:01:56 +0000." <201501282101.t0SL1ukn054833@svn.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 28 Jan 2015 13:07:47 -0800 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2015 21:09:00 -0000 In message <201501282101.t0SL1ukn054833@svn.freebsd.org>, Cy Schubert writes: > Author: cy > Date: Wed Jan 28 21:01:55 2015 > New Revision: 277854 > URL: https://svnweb.freebsd.org/changeset/base/277854 > > Log: > ipfilter 5.1.2 (vs 4.1.28 in previous releases of FreeBSD) stores IPv4 > and IPv6 rules in a single table. ipf -6 -Fa will flush the whole table, > including IPv4 rules. This patch removes the redundant ipf -I -6 -Fa > statement. > > PR: 188318 > MFC after: 2 weeks > > Modified: > head/etc/rc.d/ipfilter > > Modified: head/etc/rc.d/ipfilter > ============================================================================= > = > --- head/etc/rc.d/ipfilter Wed Jan 28 20:22:48 2015 (r277853) > +++ head/etc/rc.d/ipfilter Wed Jan 28 21:01:55 2015 (r277854) > @@ -65,7 +65,6 @@ ipfilter_reload() > err 1 'Load of rules into alternate set failed; abortin > g reload' > fi > fi > - ${ipfilter_program:-/sbin/ipf} -I -6 -Fa > if [ -r "${ipv6_ipfilter_rules}" ]; then > ${ipfilter_program:-/sbin/ipf} -I -6 \ > -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} > A subsequent commit to this one will address the redundant ipf rules file issue. As the next commit to this will affect POLA, it will not MFC to stable/10. This commit is safe to MFC. I will hold off committing the next change to this file for a while to allow ample time for this commit to mature. -- Cheers, Cy Schubert or FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.