From cc1e4aae5a67a20f3c0fff13612364e6e4404f93 Mon Sep 17 00:00:00 2001 From: Cy Schubert Date: Tue, 9 Dec 2025 15:42:07 -0800 Subject: [PATCH] rc.d/ipfilter: ipfilter must be enabled for options to take ipfilter options are erased and reset to default when ipfilter is disabled. This results in nullifying options from rc.conf that were previously set. 8d6feaaaa26f, which added this code, was incorrect as it was for a bug in ipfilter 4.2.28 and no longer applies to ipfilter 5.1.2. Fixes: 8d6feaaaa26f MFC after: 1 day --- libexec/rc/rc.d/ipfilter | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter index 1253294b09c..a68e6f60a6f 100755 --- a/libexec/rc/rc.d/ipfilter +++ b/libexec/rc/rc.d/ipfilter @@ -33,14 +33,11 @@ required_modules="ipl:ipfilter" ipfilter_start() { echo "Enabling ipfilter." + if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then + ${ipfilter_program:-/sbin/ipf} -E + fi if [ -n "${ipfilter_optionlist}" ]; then - if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then - ${ipfilter_program:-/sbin/ipf} -D - fi ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" - ${ipfilter_program:-/sbin/ipf} -E - elif ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then - ${ipfilter_program:-/sbin/ipf} -E fi ${ipfilter_program:-/sbin/ipf} -Fa if [ -r "${ipfilter_rules}" ]; then