ipfilter 5.1.2 no longer supports sysctl. Use ipf -V to determine if

available (the kernel module is loaded or compiled into the kernel). Approved by: glebius (mentor) Approved by: re (blanket)
author: cy <cy@FreeBSD.org> 2013-09-10 13:48:33 +0000
committer: cy <cy@FreeBSD.org> 2013-09-10 13:48:33 +0000
commit: fb54646ac9d6c54d3873fc73c0ddfaec79b684a2 (patch)
tree: 68f474cc80a59a39d364f2b20a7a81f984f6fb58 /etc
parent: 7ebbaecc5c38f3e926243328ea7a642e554edaa8 (diff)
download: FreeBSD-src-fb54646ac9d6c54d3873fc73c0ddfaec79b684a2.zip
FreeBSD-src-fb54646ac9d6c54d3873fc73c0ddfaec79b684a2.tar.gz
3 files changed, 4 insertions, 6 deletions
diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter
index ec8e2f1..d540a6f 100755
--- a/etc/rc.d/ipfilter
+++ b/etc/rc.d/ipfilter
@@ -29,7 +29,7 @@ required_modules="ipl:ipfilter"
 ipfilter_start()
 {
 	echo "Enabling ipfilter."
-	if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
 		${ipfilter_program:-/sbin/ipf} -E
 	fi
 	${ipfilter_program:-/sbin/ipf} -Fa
@@ -37,7 +37,6 @@ ipfilter_start()
 		${ipfilter_program:-/sbin/ipf} \
 		    -f "${ipfilter_rules}" ${ipfilter_flags}
 	fi
-	${ipfilter_program:-/sbin/ipf} -6 -Fa
 	if [ -r "${ipv6_ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -6 \
 		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
@@ -46,8 +45,7 @@ ipfilter_start()
 
 ipfilter_stop()
 {
-	# XXX - The ipf -D command is not effective for 'lkm's
-	if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
+	if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
 		echo "Saving firewall state tables"
 		${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
 		echo "Disabling ipfilter."
diff --git a/etc/rc.d/ipfs b/etc/rc.d/ipfs
index ff4c74d..ac6d5c2 100755
--- a/etc/rc.d/ipfs
+++ b/etc/rc.d/ipfs
@@ -23,7 +23,7 @@ ipfs_prestart()
 	if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then
 		err 1  "${name} requires either ipfilter or ipnat enabled"
 	fi
-	if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
 		err 1 "ipfilter module is not loaded"
 	fi
 	return 0
diff --git a/etc/rc.d/ipmon b/etc/rc.d/ipmon
index 27f483c..cdd8742 100755
--- a/etc/rc.d/ipmon
+++ b/etc/rc.d/ipmon
@@ -23,7 +23,7 @@ ipmon_precmd()
 	if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then
 		err 1  "${name} requires either ipfilter or ipnat enabled"
 	fi
-	if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
 		err 1 "ipfilter module is not loaded"
 	fi
 	return 0
author	cy <cy@FreeBSD.org>	2013-09-10 13:48:33 +0000
committer	cy <cy@FreeBSD.org>	2013-09-10 13:48:33 +0000
commit	fb54646ac9d6c54d3873fc73c0ddfaec79b684a2 (patch)
tree	68f474cc80a59a39d364f2b20a7a81f984f6fb58 /etc
parent	7ebbaecc5c38f3e926243328ea7a642e554edaa8 (diff)
download	FreeBSD-src-fb54646ac9d6c54d3873fc73c0ddfaec79b684a2.zip FreeBSD-src-fb54646ac9d6c54d3873fc73c0ddfaec79b684a2.tar.gz