Merge in patch to automagically decide whether or not a kldload of ipfilter

is required into rc.network.

Person failed to use a real name so both email addresses from PR included
(Sent was different to From).

PR:		22998
Submitted by:	dl@leo.org/spock@empire.trek.org

7 files changed, 91 insertions, 0 deletions

diff --git a/etc/network.subr b/etc/network.subr
index 86db5ea..9d868af 100644
--- a/etc/network.subr
+++ b/etc/network.subr
@@ -60,8 +60,21 @@ network_pass1() {
 	# Establish ipfilter ruleset as early as possible (best in
 	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
 	#
+	if /sbin/ipfstat -i > /dev/null 2>&1; then
+		ipfilter_in_kernel=1
+	else
+		ipfilter_in_kernel=0
+	fi
+
 	case "${ipfilter_enable}" in
 	[Yy][Ee][Ss])
+		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
+			ipfilter_in_kernel=1
+			echo "Kernel ipfilter module loaded."
+		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
+			echo "Warning: ipfilter kernel module failed to load."
+		fi
+
 		if [ -r "${ipfilter_rules}" ]; then
 			echo -n ' ipfilter';
 			${ipfilter_program:-/sbin/ipf -Fa -f} \
diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions
index 86db5ea..9d868af 100644
--- a/etc/rc.d/netoptions
+++ b/etc/rc.d/netoptions
@@ -60,8 +60,21 @@ network_pass1() {
 	# Establish ipfilter ruleset as early as possible (best in
 	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
 	#
+	if /sbin/ipfstat -i > /dev/null 2>&1; then
+		ipfilter_in_kernel=1
+	else
+		ipfilter_in_kernel=0
+	fi
+
 	case "${ipfilter_enable}" in
 	[Yy][Ee][Ss])
+		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
+			ipfilter_in_kernel=1
+			echo "Kernel ipfilter module loaded."
+		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
+			echo "Warning: ipfilter kernel module failed to load."
+		fi
+
 		if [ -r "${ipfilter_rules}" ]; then
 			echo -n ' ipfilter';
 			${ipfilter_program:-/sbin/ipf -Fa -f} \
diff --git a/etc/rc.d/network1 b/etc/rc.d/network1
index 86db5ea..9d868af 100644
--- a/etc/rc.d/network1
+++ b/etc/rc.d/network1
@@ -60,8 +60,21 @@ network_pass1() {
 	# Establish ipfilter ruleset as early as possible (best in
 	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
 	#
+	if /sbin/ipfstat -i > /dev/null 2>&1; then
+		ipfilter_in_kernel=1
+	else
+		ipfilter_in_kernel=0
+	fi
+
 	case "${ipfilter_enable}" in
 	[Yy][Ee][Ss])
+		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
+			ipfilter_in_kernel=1
+			echo "Kernel ipfilter module loaded."
+		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
+			echo "Warning: ipfilter kernel module failed to load."
+		fi
+
 		if [ -r "${ipfilter_rules}" ]; then
 			echo -n ' ipfilter';
 			${ipfilter_program:-/sbin/ipf -Fa -f} \
diff --git a/etc/rc.d/network2 b/etc/rc.d/network2
index 86db5ea..9d868af 100644
--- a/etc/rc.d/network2
+++ b/etc/rc.d/network2
@@ -60,8 +60,21 @@ network_pass1() {
 	# Establish ipfilter ruleset as early as possible (best in
 	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
 	#
+	if /sbin/ipfstat -i > /dev/null 2>&1; then
+		ipfilter_in_kernel=1
+	else
+		ipfilter_in_kernel=0
+	fi
+
 	case "${ipfilter_enable}" in
 	[Yy][Ee][Ss])
+		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
+			ipfilter_in_kernel=1
+			echo "Kernel ipfilter module loaded."
+		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
+			echo "Warning: ipfilter kernel module failed to load."
+		fi
+
 		if [ -r "${ipfilter_rules}" ]; then
 			echo -n ' ipfilter';
 			${ipfilter_program:-/sbin/ipf -Fa -f} \
diff --git a/etc/rc.d/network3 b/etc/rc.d/network3
index 86db5ea..9d868af 100644
--- a/etc/rc.d/network3
+++ b/etc/rc.d/network3
@@ -60,8 +60,21 @@ network_pass1() {
 	# Establish ipfilter ruleset as early as possible (best in
 	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
 	#
+	if /sbin/ipfstat -i > /dev/null 2>&1; then
+		ipfilter_in_kernel=1
+	else
+		ipfilter_in_kernel=0
+	fi
+
 	case "${ipfilter_enable}" in
 	[Yy][Ee][Ss])
+		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
+			ipfilter_in_kernel=1
+			echo "Kernel ipfilter module loaded."
+		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
+			echo "Warning: ipfilter kernel module failed to load."
+		fi
+
 		if [ -r "${ipfilter_rules}" ]; then
 			echo -n ' ipfilter';
 			${ipfilter_program:-/sbin/ipf -Fa -f} \
diff --git a/etc/rc.d/routing b/etc/rc.d/routing
index 86db5ea..9d868af 100644
--- a/etc/rc.d/routing
+++ b/etc/rc.d/routing
@@ -60,8 +60,21 @@ network_pass1() {
 	# Establish ipfilter ruleset as early as possible (best in
 	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
 	#
+	if /sbin/ipfstat -i > /dev/null 2>&1; then
+		ipfilter_in_kernel=1
+	else
+		ipfilter_in_kernel=0
+	fi
+
 	case "${ipfilter_enable}" in
 	[Yy][Ee][Ss])
+		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
+			ipfilter_in_kernel=1
+			echo "Kernel ipfilter module loaded."
+		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
+			echo "Warning: ipfilter kernel module failed to load."
+		fi
+
 		if [ -r "${ipfilter_rules}" ]; then
 			echo -n ' ipfilter';
 			${ipfilter_program:-/sbin/ipf -Fa -f} \
diff --git a/etc/rc.network b/etc/rc.network
index 86db5ea..9d868af 100644
--- a/etc/rc.network
+++ b/etc/rc.network
@@ -60,8 +60,21 @@ network_pass1() {
 	# Establish ipfilter ruleset as early as possible (best in
 	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
 	#
+	if /sbin/ipfstat -i > /dev/null 2>&1; then
+		ipfilter_in_kernel=1
+	else
+		ipfilter_in_kernel=0
+	fi
+
 	case "${ipfilter_enable}" in
 	[Yy][Ee][Ss])
+		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
+			ipfilter_in_kernel=1
+			echo "Kernel ipfilter module loaded."
+		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
+			echo "Warning: ipfilter kernel module failed to load."
+		fi
+
 		if [ -r "${ipfilter_rules}" ]; then
 			echo -n ' ipfilter';
 			${ipfilter_program:-/sbin/ipf -Fa -f} \