From fb54646ac9d6c54d3873fc73c0ddfaec79b684a2 Mon Sep 17 00:00:00 2001
From: cy <cy@FreeBSD.org>
Date: Tue, 10 Sep 2013 13:48:33 +0000
Subject: ipfilter 5.1.2 no longer supports sysctl. Use ipf -V to determine if
 available (the kernel module is loaded or compiled into the kernel).

Approved by:	glebius (mentor)
Approved by:	re (blanket)
---
 etc/rc.d/ipfilter | 6 ++----
 etc/rc.d/ipfs     | 2 +-
 etc/rc.d/ipmon    | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

(limited to 'etc')

diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter
index ec8e2f1..d540a6f 100755
--- a/etc/rc.d/ipfilter
+++ b/etc/rc.d/ipfilter
@@ -29,7 +29,7 @@ required_modules="ipl:ipfilter"
 ipfilter_start()
 {
 	echo "Enabling ipfilter."
-	if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
 		${ipfilter_program:-/sbin/ipf} -E
 	fi
 	${ipfilter_program:-/sbin/ipf} -Fa
@@ -37,7 +37,6 @@ ipfilter_start()
 		${ipfilter_program:-/sbin/ipf} \
 		    -f "${ipfilter_rules}" ${ipfilter_flags}
 	fi
-	${ipfilter_program:-/sbin/ipf} -6 -Fa
 	if [ -r "${ipv6_ipfilter_rules}" ]; then
 		${ipfilter_program:-/sbin/ipf} -6 \
 		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
@@ -46,8 +45,7 @@ ipfilter_start()
 
 ipfilter_stop()
 {
-	# XXX - The ipf -D command is not effective for 'lkm's
-	if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
+	if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
 		echo "Saving firewall state tables"
 		${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
 		echo "Disabling ipfilter."
diff --git a/etc/rc.d/ipfs b/etc/rc.d/ipfs
index ff4c74d..ac6d5c2 100755
--- a/etc/rc.d/ipfs
+++ b/etc/rc.d/ipfs
@@ -23,7 +23,7 @@ ipfs_prestart()
 	if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then
 		err 1  "${name} requires either ipfilter or ipnat enabled"
 	fi
-	if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
 		err 1 "ipfilter module is not loaded"
 	fi
 	return 0
diff --git a/etc/rc.d/ipmon b/etc/rc.d/ipmon
index 27f483c..cdd8742 100755
--- a/etc/rc.d/ipmon
+++ b/etc/rc.d/ipmon
@@ -23,7 +23,7 @@ ipmon_precmd()
 	if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then
 		err 1  "${name} requires either ipfilter or ipnat enabled"
 	fi
-	if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
 		err 1 "ipfilter module is not loaded"
 	fi
 	return 0
-- 
cgit v1.1