svn commit: r277854 - head/etc/rc.d
Cy Schubert
Cy.Schubert at komquats.com
Wed Jan 28 21:09:00 UTC 2015
In message <201501282101.t0SL1ukn054833 at svn.freebsd.org>, Cy Schubert
writes:
> Author: cy
> Date: Wed Jan 28 21:01:55 2015
> New Revision: 277854
> URL: https://svnweb.freebsd.org/changeset/base/277854
>
> Log:
> ipfilter 5.1.2 (vs 4.1.28 in previous releases of FreeBSD) stores IPv4
> and IPv6 rules in a single table. ipf -6 -Fa will flush the whole table,
> including IPv4 rules. This patch removes the redundant ipf -I -6 -Fa
> statement.
>
> PR: 188318
> MFC after: 2 weeks
>
> Modified:
> head/etc/rc.d/ipfilter
>
> Modified: head/etc/rc.d/ipfilter
> =============================================================================
> =
> --- head/etc/rc.d/ipfilter Wed Jan 28 20:22:48 2015 (r277853)
> +++ head/etc/rc.d/ipfilter Wed Jan 28 21:01:55 2015 (r277854)
> @@ -65,7 +65,6 @@ ipfilter_reload()
> err 1 'Load of rules into alternate set failed; abortin
> g reload'
> fi
> fi
> - ${ipfilter_program:-/sbin/ipf} -I -6 -Fa
> if [ -r "${ipv6_ipfilter_rules}" ]; then
> ${ipfilter_program:-/sbin/ipf} -I -6 \
> -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
>
A subsequent commit to this one will address the redundant ipf rules file
issue. As the next commit to this will affect POLA, it will not MFC to
stable/10. This commit is safe to MFC.
I will hold off committing the next change to this file for a while to
allow ample time for this commit to mature.
--
Cheers,
Cy Schubert <Cy.Schubert at komquats.com> or <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
More information about the svn-src-all
mailing list