Add IPv6 setup for ipfilter. `ipv6_ipfilter_rules' was added

to specify rules definition file for ipfilter.  The default is
/etc/ipf6.rules.  If there is a file which is specified by
'ipv6_ipfilter_rules', IPv6 rule is installed.

Reviewed by:	Ronald van der Pol <Ronald.vanderPol@rvdp.org>
MFC after:	1 week

etc/defaults/rc.conf

@@ -311,6 +311,9 @@ ipv6_firewall_type="UNKNOWN"	# IPv6 Firewall type (see /etc/rc.firewall6)
 ipv6_firewall_quiet="NO"	# Set to YES to suppress rule display
 ipv6_firewall_logging="NO"	# Set to YES to enable events logging
 ipv6_firewall_flags=""		# Flags passed to ip6fw when type is a file
+ipv6_ipfilter_rules="/etc/ipf6.rules"	# rules definition file for ipfilter,
+					# see /usr/src/contrib/ipfilter/rules
+					# for examples
 
 ##############################################################
 ###  System console options  #################################

etc/rc.d/ipfilter

@@ -16,7 +16,7 @@ load_rc_config $name
 
 case ${OSTYPE} in
 FreeBSD)
-	stop_precmd="test -f ${ipfilter_rules}"
+	stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
 	;;
 NetBSD)
 	stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
@@ -49,7 +49,8 @@ FreeBSD)
 	fi
 
 	# check for ipfilter rules
-	if [ ! -r "${ipfilter_rules}" ]; then
+	if [ ! -r "${ipfilter_rules}" ] && [ ! -r "${ipv6_ipfilter_rules}" ]
+	then
 		warn 'IP-filter: NO IPF RULES'
 		return 1
 	fi
@@ -78,8 +79,15 @@ ipfilter_start()
 	echo "Enabling ipfilter."
 	case ${OSTYPE} in
 	FreeBSD)
-		${ipfilter_program:-/sbin/ipf} -Fa -f \
-		    "${ipfilter_rules}" ${ipfilter_flags}
+		${ipfilter_program:-/sbin/ipf} -Fa
+		if [ -r "${ipfilter_rules}" ]; then
+			${ipfilter_program:-/sbin/ipf} \
+			    -f "${ipfilter_rules}" ${ipfilter_flags}
+		fi
+		if [ -r "${ipv6_ipfilter_rules}" ]; then
+			${ipfilter_program:-/sbin/ipf} -6 \
+			    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
+		fi
 		;;
 	NetBSD)
 		/sbin/ipf -E -Fa
@@ -114,8 +122,15 @@ ipfilter_reload()
 
 	case ${OSTYPE} in
 	FreeBSD)
-		${ipfilter_program:-/sbin/ipf} -I -Fa -f \
-		    "${ipfilter_rules}" ${ipfilter_flags}
+		${ipfilter_program:-/sbin/ipf} -I -Fa
+		if [ -r "${ipfilter_rules}" ]; then
+			${ipfilter_program:-/sbin/ipf} -I \
+			    -f "${ipfilter_rules}" ${ipfilter_flags}
+		fi
+		if [ -r "${ipv6_ipfilter_rules}" ]; then
+			${ipfilter_program:-/sbin/ipf} -I -6 \
+			    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
+		fi
 		;;
 	NetBSD)
 		/sbin/ipf -I -Fa

etc/rc.network

@@ -101,10 +101,20 @@ network_pass1() {
 		esac
 		case "${ipfilter_enable}" in
 		[Yy][Ee][Ss])
-			if [ -r "${ipfilter_rules}" ]; then
+			if [ -r "${ipfilter_rules}" -o \
+			     -r "${ipv6_ipfilter_rules}" ]; then
 				echo -n ' ipfilter'
-				${ipfilter_program:-/sbin/ipf} -Fa -f \
-				    "${ipfilter_rules}" ${ipfilter_flags}
+				${ipfilter_program:-/sbin/ipf} -Fa
+				if [ -r "${ipfilter_rules}" ]; then
+					${ipfilter_program:-/sbin/ipf} \
+					    -f "${ipfilter_rules}" \
+					    ${ipfilter_flags}
+				fi
+				if [ -r "${ipv6_ipfilter_rules}" ]; then
+					${ipfilter_program:-/sbin/ipf} -6 \
+					    -f "${ipv6_ipfilter_rules}" \
+					    ${ipfilter_flags}
+				fi
 			else
 				ipfilter_enable="NO"
 				echo -n ' NO IPF RULES'