MFC r329817:

The firewall_type is ignored if not set in rc.conf or rc.conf.local,
after r190575 there is an option to call rc.firewall with the firewall_type
passed in as an argument.

Submitted by:	David P. Discher <dpd@dpdtech.com>
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D14286

2 files changed, 15 insertions, 3 deletions

diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw
index b9417f6..1f1e5d2 100755
--- a/etc/rc.d/ipfw
+++ b/etc/rc.d/ipfw
@@ -40,7 +40,11 @@ ipfw_start()
 {
 	local   _firewall_type
 
-	_firewall_type=$1
+	if [ -n "${1}" ]; then
+		_firewall_type=$1
+	else
+		_firewall_type=${firewall_type}
+	fi
 
 	# set the firewall rules script if none was specified
 	[ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
diff --git a/etc/rc.firewall b/etc/rc.firewall
index c936da6..8389d76 100644
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@@ -112,12 +112,20 @@ setup_ipv6_mandatory() {
 	${fwcmd} add pass ipv6-icmp from any to any icmp6types 2,135,136
 }
 
+. /etc/rc.subr
+. /etc/network.subr
+
 if [ -n "${1}" ]; then
 	firewall_type="${1}"
 fi
+if [ -z "${firewall_rc_config_load}" ]; then
+        load_rc_config ipfw
+else
+        for i in ${firewall_rc_config_load}; do
+                load_rc_config $i
+        done
+fi
 
-. /etc/rc.subr
-. /etc/network.subr
 afexists inet6
 ipv6_available=$?