Ensure that the load of rules into the alternate ruleset worked before

loading them into the live one too. PR: conf/97311 Submitted by: David Bushong Reviewed by: silence on rc@ Approved by: ru (mentor) MFC after: 10 days
2006-11-11 10:48:34 +00:00 · 2006-11-11 10:48:34 +00:00 · 8495277664
commit 8495277664
parent 6e92263034
1 changed files with 6 additions and 0 deletions
--- a/etc/rc.d/ipfilter
+++ b/etc/rc.d/ipfilter
@ -93,11 +93,17 @@ ipfilter_reload()
 	if [ -r "${ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -I \
 		    -f "${ipfilter_rules}" ${ipfilter_flags}
+		if [ $? -ne 0 ]; then
+			err 1 'Load of rules into alternate set failed; aborting reload'
+		fi
 	fi
 	${ipfilter_program:-/sbin/ipf} -I -6 -Fa
 	if [ -r "${ipv6_ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -I -6 \
 		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
+		if [ $? -ne 0 ]; then
+			err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
+		fi
 	fi
 	${ipfilter_program:-/sbin/ipf} -s