From 9a711a67d4aa86f9a25f182702a0f82bc85a7859 Mon Sep 17 00:00:00 2001
From: hrs <hrs@FreeBSD.org>
Date: Mon, 9 Jul 2012 07:16:19 +0000
Subject: Make ipfw0 logging pseudo-interface clonable.  It can be created
 automatically by $firewall_logif rc.conf(5) variable at boot time or manually
 by ifconfig(8) after a boot.

Discussed on:	freebsd-ipfw@
---
 etc/defaults/rc.conf | 1 +
 etc/rc.d/ipfw        | 4 ++++
 2 files changed, 5 insertions(+)

(limited to 'etc')

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 0d31d54..c04dab2b 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -123,6 +123,7 @@ firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
 firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
 firewall_logging="NO"		# Set to YES to enable events logging
+firewall_logif="NO"		# Set to YES to create logging-pseudo interface
 firewall_flags=""		# Flags passed to ipfw when type is a file
 firewall_coscripts=""		# List of executables/scripts to run after
 				# firewall starts/stops
diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw
index 4beb609..625d07d 100755
--- a/etc/rc.d/ipfw
+++ b/etc/rc.d/ipfw
@@ -57,6 +57,10 @@ ipfw_start()
 		echo 'Firewall logging enabled.'
 		sysctl net.inet.ip.fw.verbose=1 >/dev/null
 	fi
+	if checkyesno firewall_logif; then
+		ifconfig ipfw0 create
+		echo 'Firewall logging pseudo-interface (ipfw0) created.'
+	fi
 }
 
 ipfw_poststart()
-- 
cgit v1.1