d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove the redundant ipfilter IPv6 rc rules load.

Browse Source 
As of ipfilter 5.1.2 the IPv4 and IPv6 rules tables have been merged.
The ipf(8) -6 option has been a NOP since then. Currently the additional
ipf -6 load statement in rc.d/ipfilter simply added the second ipfilter
rules file to the table already populated by the previous ipf command.
Plenty of time has passed since ipfilter 5.1.2 was imported. It is time to
remove the option from rc.conf and the rc script.

Differential Revision:	https://reviews.freebsd.org/D28615
This commit is contained in:
Cy Schubert 2021-02-12 07:17:32 -08:00
parent 519496a598
commit e2ad10e847
2 changed files with 1 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libexec/rc/rc.conf
View File

@ -546,9 +546,6 @@ stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0.
stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0
ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr
# communication. (like ::ffff:a.b.c.d)
ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter,
# see /usr/src/contrib/ipfilter/rules
# for examples
ip6addrctl_enable="YES" # Set to YES to enable default address selection
ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages
ip6addrctl_policy="AUTO" # A pre-defined address selection policy

13
libexec/rc/rc.d/ipfilter
View File

@ -14,7 +14,7 @@ name="ipfilter"
desc="IP packet filter"
rcvar="ipfilter_enable"
load_rc_config $name
stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
stop_precmd="test -f ${ipfilter_rules}"
start_precmd="$stop_precmd"
start_cmd="ipfilter_start"
@ -39,10 +39,6 @@ ipfilter_start()
${ipfilter_program:-/sbin/ipf} \
-f "${ipfilter_rules}" ${ipfilter_flags}
fi
if [ -r "${ipv6_ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
fi
}
ipfilter_stop()
@ -67,13 +63,6 @@ ipfilter_reload()
err 1 'Load of rules into alternate set failed; aborting reload'
fi
fi
if [ -r "${ipv6_ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} -I -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
if [ $? -ne 0 ]; then
err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
fi
fi
${ipfilter_program:-/sbin/ipf} -s
}