From nobody Tue Nov 19 00:28:12 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XslhX5q5Fz5dGLS; Tue, 19 Nov 2024 00:28:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XslhX5Lfhz4gM8; Tue, 19 Nov 2024 00:28:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1731976092; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vkga5q4z+RGUkVTdCfO89MvGno0p5xhn3kfcf83QCHU=; b=NKnQhBmnooKzg24YSE72qHS694oJAxEJotOTqgb8jIh1STeTdnyK6t0bR7kYdQkuHEFSsp rXExYAvzQ3KG2OrU8r9/4mXPuidCa3vUgtjUwoBOk1vqzMksv7cQ9DHmqKAlbksY51Pvh5 bjDe1cZJGP4XNIa/a9x2BI6F8MUqlV0+HE4AhuThjtMFLHEDkHoDoIzbbZ4Bh+/buS9Et1 eXz91lUgNUzxz3D4RdcNZipURGSwCN0ooTkKX8yIaSrQdqa8YS2jWlsJ0pvWl4s/GAzG9O S3Ev+lY4wCPlCv2hwFdQyIpk80+yiu2bYnL0uYknNvWjVf6Ims76z460K/P6UA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1731976092; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vkga5q4z+RGUkVTdCfO89MvGno0p5xhn3kfcf83QCHU=; b=wFYEkW8y41L5wT16p5VG9yDAK217KfsG/z9jOI90a94lml6YFPSe+Rvzwb9kMwN9KhGpvr wajveOnK2108UdI5o7i6iLf7FEB1T0Mf+Xib++h7hbYudyjggAZPfJw3bFDgRySR9eYdRb 0Z5C7pUY/jnrSHlVQcNP0Sc7lmPoIImQVoje8GhWpEmLA/VUUcb02F5Ix5IH2qWO6XHG4g JBDGdW8MGZCmfrjP1xNkSI6GkmTsJztVATv8zXZ+Wji2tATRdTh+CI6OvEhKZg2dX0Rbix wxeEOi42bMC+zHZmcl4FmfUWfqQMVFVy82Hp2mgA3WpOT33urCR1kpEx2bYDtQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731976092; a=rsa-sha256; cv=none; b=QL4jSYC6frIgYiQxlSa+/ETwFqI5wOZGi3c1zzgxY9XJmYe17P1mjiUS38iFaSAvpuz7lp 3Mqf34FDhcjtnZaMhEVbVodox8Z2OSa63hVz2MHu7PEHrGVFGGO92rGoNi92/y8TKkTNPp 0fF+uYJ7sl7sHPQ9lmR89N4GYRGc21yBrg1v45JQ8QOenZTY+j3DOyjhYRkC0V8dIi+zXv 2f0Km6yJbUuzS7Do89xyMxOgcI3g4acKsyPbPEpSiaghdPRpM5h4LsFwaYwmFeVmo/72oD XqJv35ZfmniVqovqOkU7p7ahg53vM+pcTaO939AjZtfPKIZY/bGkdEc+3bBUmw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XslhX4yKhz12Q2; Tue, 19 Nov 2024 00:28:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4AJ0SC2Z064549; Tue, 19 Nov 2024 00:28:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4AJ0SC3a064546; Tue, 19 Nov 2024 00:28:12 GMT (envelope-from git) Date: Tue, 19 Nov 2024 00:28:12 GMT Message-Id: <202411190028.4AJ0SC3a064546@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: 6739198793e4 - stable/13 - ipfilter: Set ipf -T optionlist at boot List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 6739198793e469f9f9c414ddad49b7c0e08eb03e Auto-Submitted: auto-generated The branch stable/13 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=6739198793e469f9f9c414ddad49b7c0e08eb03e commit 6739198793e469f9f9c414ddad49b7c0e08eb03e Author: Cy Schubert AuthorDate: 2024-10-30 19:28:31 +0000 Commit: Cy Schubert CommitDate: 2024-11-19 00:27:06 +0000 ipfilter: Set ipf -T optionlist at boot There is no easy way to set ipfilter optionlist variables during boot. Add plumbing to the rc script to support this. PR: 130555 Reviewed by: jlduran Differential Revision: https://reviews.freebsd.org/D47346 (cherry picked from commit 8d6feaaaa26f444abb209360e52b993e39cb81bb) --- libexec/rc/rc.conf | 1 + libexec/rc/rc.d/ipfilter | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf index 6c9a58ff72c1..5e70aa5cbc06 100644 --- a/libexec/rc/rc.conf +++ b/libexec/rc/rc.conf @@ -217,6 +217,7 @@ ipfilter_program="/sbin/ipf" # where the ipfilter program lives ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see # /usr/src/contrib/ipfilter/rules for examples ipfilter_flags="" # additional flags for ipfilter +ipfilter_optionlist="" # optionlist for ipf(8) -T ippool_enable="NO" # Set to YES to enable ip filter pools ippool_program="/sbin/ippool" # where the ippool program lives ippool_rules="/etc/ippool.tables" # rules definition file for ippool diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter index 816db50540ff..de406f8e1740 100755 --- a/libexec/rc/rc.d/ipfilter +++ b/libexec/rc/rc.d/ipfilter @@ -30,7 +30,13 @@ required_modules="ipl:ipfilter" ipfilter_start() { echo "Enabling ipfilter." - if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then + if [ -n "${ifilter_optionlist}" ]; then + if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then + ${ipfilter_program:-/sbin/ipf} -D + fi + ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" + ${ipfilter_program:-/sbin/ipf} -E + elif ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then ${ipfilter_program:-/sbin/ipf} -E fi ${ipfilter_program:-/sbin/ipf} -Fa