Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Jan 2015 13:07:47 -0800
From:      Cy Schubert <Cy.Schubert@komquats.com>
To:        Cy Schubert <cy@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r277854 - head/etc/rc.d
Message-ID:  <201501282107.t0SL7l7Y050196@slippy.cwsent.com>
In-Reply-To: Message from Cy Schubert <cy@FreeBSD.org> of "Wed, 28 Jan 2015 21:01:56 %2B0000." <201501282101.t0SL1ukn054833@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <201501282101.t0SL1ukn054833@svn.freebsd.org>, Cy Schubert 
writes:
> Author: cy
> Date: Wed Jan 28 21:01:55 2015
> New Revision: 277854
> URL: https://svnweb.freebsd.org/changeset/base/277854
> 
> Log:
>   ipfilter 5.1.2 (vs 4.1.28 in previous releases of FreeBSD) stores IPv4
>   and IPv6 rules in a single table. ipf -6 -Fa will flush the whole table,
>   including IPv4 rules. This patch removes the redundant ipf -I -6 -Fa
>   statement.
>   
>   PR:		188318
>   MFC after:	2 weeks
> 
> Modified:
>   head/etc/rc.d/ipfilter
> 
> Modified: head/etc/rc.d/ipfilter
> =============================================================================
> =
> --- head/etc/rc.d/ipfilter	Wed Jan 28 20:22:48 2015	(r277853)
> +++ head/etc/rc.d/ipfilter	Wed Jan 28 21:01:55 2015	(r277854)
> @@ -65,7 +65,6 @@ ipfilter_reload()
>  			err 1 'Load of rules into alternate set failed; abortin
> g reload'
>  		fi
>  	fi
> -	${ipfilter_program:-/sbin/ipf} -I -6 -Fa
>  	if [ -r "${ipv6_ipfilter_rules}" ]; then
>  		${ipfilter_program:-/sbin/ipf} -I -6 \
>  		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
> 

A subsequent commit to this one will address the redundant ipf rules file 
issue. As the next commit to this will affect POLA, it will not MFC to 
stable/10. This commit is safe to MFC.

I will hold off committing the next change to this file for a while to 
allow ample time for this commit to mature.


-- 
Cheers,
Cy Schubert <Cy.Schubert@komquats.com> or <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201501282107.t0SL7l7Y050196>