From 8495277664aae941a721e7d963c0042c97a1b53b Mon Sep 17 00:00:00 2001
From: Ceri Davies <ceri@FreeBSD.org>
Date: Sat, 11 Nov 2006 10:48:34 +0000
Subject: [PATCH] Ensure that the load of rules into the alternate ruleset
 worked before loading them into the live one too.

PR:		conf/97311
Submitted by:	David Bushong
Reviewed by:	silence on rc@
Approved by:	ru (mentor)
MFC after:	10 days
---
 etc/rc.d/ipfilter | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter
index 3d9164174411..9142ec20765c 100755
--- a/etc/rc.d/ipfilter
+++ b/etc/rc.d/ipfilter
@@ -93,11 +93,17 @@ ipfilter_reload()
 	if [ -r "${ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -I \
 		    -f "${ipfilter_rules}" ${ipfilter_flags}
+		if [ $? -ne 0 ]; then
+			err 1 'Load of rules into alternate set failed; aborting reload'
+		fi
 	fi
 	${ipfilter_program:-/sbin/ipf} -I -6 -Fa
 	if [ -r "${ipv6_ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -I -6 \
 		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
+		if [ $? -ne 0 ]; then
+			err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
+		fi
 	fi
 	${ipfilter_program:-/sbin/ipf} -s