diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf index 8f585bc02856..a21c587dcc07 100644 --- a/libexec/rc/rc.conf +++ b/libexec/rc/rc.conf @@ -214,6 +214,7 @@ ipfilter_program="/sbin/ipf" # where the ipfilter program lives ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see # /usr/src/contrib/ipfilter/rules for examples ipfilter_flags="" # additional flags for ipfilter +ipfilter_optionlist="" # optionlist for ipf(8) -T ippool_enable="NO" # Set to YES to enable ip filter pools ippool_program="/sbin/ippool" # where the ippool program lives ippool_rules="/etc/ippool.tables" # rules definition file for ippool diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter index d0cb09ab527c..9b64fcff0c7a 100755 --- a/libexec/rc/rc.d/ipfilter +++ b/libexec/rc/rc.d/ipfilter @@ -33,7 +33,13 @@ required_modules="ipl:ipfilter" ipfilter_start() { echo "Enabling ipfilter." - if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then + if [ -n "${ifilter_optionlist}" ]; then + if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then + ${ipfilter_program:-/sbin/ipf} -D + fi + ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" + ${ipfilter_program:-/sbin/ipf} -E + elif ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then ${ipfilter_program:-/sbin/ipf} -E fi ${ipfilter_program:-/sbin/ipf} -Fa