Make ipfw0 logging pseudo-interface clonable. It can be created automatically

by $firewall_logif rc.conf(5) variable at boot time or manually by ifconfig(8)
after a boot.

Discussed on:	freebsd-ipfw@

2 files changed, 5 insertions, 0 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 0d31d54..c04dab2b 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -123,6 +123,7 @@ firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
 firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
 firewall_logging="NO"		# Set to YES to enable events logging
+firewall_logif="NO"		# Set to YES to create logging-pseudo interface
 firewall_flags=""		# Flags passed to ipfw when type is a file
 firewall_coscripts=""		# List of executables/scripts to run after
 				# firewall starts/stops
diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw
index 4beb609..625d07d 100755
--- a/etc/rc.d/ipfw
+++ b/etc/rc.d/ipfw
@@ -57,6 +57,10 @@ ipfw_start()
 		echo 'Firewall logging enabled.'
 		sysctl net.inet.ip.fw.verbose=1 >/dev/null
 	fi
+	if checkyesno firewall_logif; then
+		ifconfig ipfw0 create
+		echo 'Firewall logging pseudo-interface (ipfw0) created.'
+	fi
 }
 
 ipfw_poststart()