From 4e3a86984ad5f8eeaaed1a277f17cba090b93160 Mon Sep 17 00:00:00 2001
From: ceri <ceri@FreeBSD.org>
Date: Sat, 11 Nov 2006 10:48:34 +0000
Subject: Ensure that the load of rules into the alternate ruleset worked
 before loading them into the live one too.

PR:		conf/97311
Submitted by:	David Bushong
Reviewed by:	silence on rc@
Approved by:	ru (mentor)
MFC after:	10 days
---
 etc/rc.d/ipfilter | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter
index 3d91641..9142ec2 100755
--- a/etc/rc.d/ipfilter
+++ b/etc/rc.d/ipfilter
@@ -93,11 +93,17 @@ ipfilter_reload()
 	if [ -r "${ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -I \
 		    -f "${ipfilter_rules}" ${ipfilter_flags}
+		if [ $? -ne 0 ]; then
+			err 1 'Load of rules into alternate set failed; aborting reload'
+		fi
 	fi
 	${ipfilter_program:-/sbin/ipf} -I -6 -Fa
 	if [ -r "${ipv6_ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -I -6 \
 		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
+		if [ $? -ne 0 ]; then
+			err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
+		fi
 	fi
 	${ipfilter_program:-/sbin/ipf} -s
 
-- 
cgit v1.1