In message <201501282101.t0sl1ukn054...@svn.freebsd.org>, Cy Schubert writes: > Author: cy > Date: Wed Jan 28 21:01:55 2015 > New Revision: 277854 > URL: https://svnweb.freebsd.org/changeset/base/277854 > > Log: > ipfilter 5.1.2 (vs 4.1.28 in previous releases of FreeBSD) stores IPv4 > and IPv6 rules in a single table. ipf -6 -Fa will flush the whole table, > including IPv4 rules. This patch removes the redundant ipf -I -6 -Fa > statement. > > PR: 188318 > MFC after: 2 weeks > > Modified: > head/etc/rc.d/ipfilter > > Modified: head/etc/rc.d/ipfilter > ============================================================================= > = > --- head/etc/rc.d/ipfilter Wed Jan 28 20:22:48 2015 (r277853) > +++ head/etc/rc.d/ipfilter Wed Jan 28 21:01:55 2015 (r277854) > @@ -65,7 +65,6 @@ ipfilter_reload() > err 1 'Load of rules into alternate set failed; abortin > g reload' > fi > fi > - ${ipfilter_program:-/sbin/ipf} -I -6 -Fa > if [ -r "${ipv6_ipfilter_rules}" ]; then > ${ipfilter_program:-/sbin/ipf} -I -6 \ > -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} >
A subsequent commit to this one will address the redundant ipf rules file issue. As the next commit to this will affect POLA, it will not MFC to stable/10. This commit is safe to MFC. I will hold off committing the next change to this file for a while to allow ample time for this commit to mature. -- Cheers, Cy Schubert <cy.schub...@komquats.com> or <cy.schub...@cschubert.com> FreeBSD UNIX: <c...@freebsd.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
