ipfilter: Load optionlist prior to ippool invocation
As a safety precautiondf381bec2dlimits ippool hash table size to 1K. This causes any legitimely large hash table to fail to load. The htable_size_max ipf tuneable adjusts this but the adjustment is made in the ipfilter rc script, invoked after the ippool script (because it depends on ippool). Let's load the ipfilter_optionlist in ippool as well. ipfilter_optionlist load will also occur in the ipfilter rc script in case the user uses ipfilter without ippool. Fixes:df381bec2dMFC after: 3 days
This commit is contained in:
@@ -27,6 +27,9 @@ required_modules="ipl:ipfilter"
|
||||
ippool_start_precmd()
|
||||
{
|
||||
rc_flags="-f ${ippool_rules} ${rc_flags}"
|
||||
if [ -n "${ifilter_optionlist}" ]; then
|
||||
${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}"
|
||||
fi
|
||||
}
|
||||
|
||||
ippool_reload()
|
||||
|
||||
Reference in New Issue
Block a user