There is no easy way to set ipfilter optionlist variables during boot.
Add plumbing to the rc script to support this.
Original by: G. Paul Ziemba <p-fbsd-bugs@ziemba.us>
PR: 130555
MFC 1 week
Details
Details
Running here
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
| libexec/rc/rc.d/ipfilter | ||
|---|---|---|
| 37 | I believe this should now be: if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; thenReference: 854cb10a5882ba2577bafb8eea9a1e383315f53e | |
Comment Actions
Fixed, plus another change.
| libexec/rc/rc.d/ipfilter | ||
|---|---|---|
| 37 | You're indeed correct. Thanks for reminding me. | |
Comment Actions
This update makes the following changes:
- It fixes the issue jlduran pinted out.
- It reduces the check for ipfilter running by one grep.
Comment Actions
I would have just added:
if [ -n "${ifilter_optionlist}" ]; then
if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
${ipfilter_program:-/sbin/ipf} -D
fi
${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}"
fiBut the current code does the job well and it's arguably more explicit.
Comment Actions
Sorry, thinking more about it, this is essentially an rc patch.
The start action will always restart if there is an ipfilter_optionlist defined. Two questions:
- Can ipfilter rely more on rc.subr?
- If i understand 130555 wouldn't this want an extra action?
EDIT: Not suggesting that it should be changed/added in this review.
Comment Actions
No. Unless ipfilter options can/should be shared with other rc scripts, this is specific to ipfilter.
- If i understand 130555 wouldn't this want an extra action?
EDIT: Not suggesting that it should be changed/added in this review.
The PR just wants ipfilter options to be set at boot. One could do it as in this revision or a new rc script. Best to be done here, as one could change the optionlist and service ipfilter restart.