Instead of directly sourcing the firewall script, run it in a separate shell.

If the firewall script is sourced directly from the script, then any
exit statements in it will also terminate the rc.d script prematurely.

PR: conf/78762
MFC-After: 2 weeks

2 files changed, 2 insertions, 2 deletions

diff --git a/etc/rc.d/ip6fw b/etc/rc.d/ip6fw
index b96daec..131d7a0 100644
--- a/etc/rc.d/ip6fw
+++ b/etc/rc.d/ip6fw
@@ -26,7 +26,7 @@ ip6fw_start()
 	# Load rules
 	#
 	if [ -r "${ipv6_firewall_script}" ]; then
-		. "${ipv6_firewall_script}"
+		/bin/sh "${ipv6_firewall_script}"
 		echo 'IPv6 Firewall rules loaded.'
 	elif [ "`ipfw show 65535`" = "65535 deny ip from any to any" ]; then
 		warn 'IPv6 firewall rules have not been loaded. Default' \
diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw
index 849a62c..920eb28 100644
--- a/etc/rc.d/ipfw
+++ b/etc/rc.d/ipfw
@@ -26,7 +26,7 @@ ipfw_start()
 		if [ -f /etc/rc.d/natd ] ; then
 			/etc/rc.d/natd start
 		fi
-		. "${firewall_script}"
+		/bin/sh "${firewall_script}"
 		echo 'Firewall rules loaded.'
 	elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then
 		echo 'Warning: kernel has firewall functionality, but' \