Author: cy
Date: Tue Sep 10 13:48:33 2013
New Revision: 255450
URL: http://svnweb.freebsd.org/changeset/base/255450
Log:
ipfilter 5.1.2 no longer supports sysctl. Use ipf -V to determine if
available (the kernel module is loaded or compiled into the kernel).
Approved by: glebius (mentor)
Approved by: re (blanket)
Modified:
head/etc/rc.d/ipfilter
head/etc/rc.d/ipfs
head/etc/rc.d/ipmon
Modified: head/etc/rc.d/ipfilter
==============================================================================
--- head/etc/rc.d/ipfilter Tue Sep 10 10:38:15 2013 (r255449)
+++ head/etc/rc.d/ipfilter Tue Sep 10 13:48:33 2013 (r255450)
@@ -29,7 +29,7 @@ required_modules="ipl:ipfilter"
ipfilter_start()
{
echo "Enabling ipfilter."
- if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
+ if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
${ipfilter_program:-/sbin/ipf} -E
fi
${ipfilter_program:-/sbin/ipf} -Fa
@@ -37,7 +37,6 @@ ipfilter_start()
${ipfilter_program:-/sbin/ipf} \
-f "${ipfilter_rules}" ${ipfilter_flags}
fi
- ${ipfilter_program:-/sbin/ipf} -6 -Fa
if [ -r "${ipv6_ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
@@ -46,8 +45,7 @@ ipfilter_start()
ipfilter_stop()
{
- # XXX - The ipf -D command is not effective for 'lkm's
- if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
+ if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
echo "Saving firewall state tables"
${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
echo "Disabling ipfilter."
Modified: head/etc/rc.d/ipfs
==============================================================================
--- head/etc/rc.d/ipfs Tue Sep 10 10:38:15 2013 (r255449)
+++ head/etc/rc.d/ipfs Tue Sep 10 13:48:33 2013 (r255450)
@@ -23,7 +23,7 @@ ipfs_prestart()
if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then
err 1 "${name} requires either ipfilter or ipnat enabled"
fi
- if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+ if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'
>/dev/null 2>&1; then
err 1 "ipfilter module is not loaded"
fi
return 0
Modified: head/etc/rc.d/ipmon
==============================================================================
--- head/etc/rc.d/ipmon Tue Sep 10 10:38:15 2013 (r255449)
+++ head/etc/rc.d/ipmon Tue Sep 10 13:48:33 2013 (r255450)
@@ -23,7 +23,7 @@ ipmon_precmd()
if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then
err 1 "${name} requires either ipfilter or ipnat enabled"
fi
- if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+ if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'
>/dev/null 2>&1; then
err 1 "ipfilter module is not loaded"
fi
return 0
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
