diff options
| -rw-r--r-- | etc/network.subr | 13 | ||||
| -rw-r--r-- | etc/rc.d/netoptions | 13 | ||||
| -rw-r--r-- | etc/rc.d/network1 | 13 | ||||
| -rw-r--r-- | etc/rc.d/network2 | 13 | ||||
| -rw-r--r-- | etc/rc.d/network3 | 13 | ||||
| -rw-r--r-- | etc/rc.d/routing | 13 | ||||
| -rw-r--r-- | etc/rc.network | 13 |
7 files changed, 91 insertions, 0 deletions
diff --git a/etc/network.subr b/etc/network.subr index 86db5eaa22fe..9d868af8916a 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -60,8 +60,21 @@ network_pass1() { # Establish ipfilter ruleset as early as possible (best in # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) # + if /sbin/ipfstat -i > /dev/null 2>&1; then + ipfilter_in_kernel=1 + else + ipfilter_in_kernel=0 + fi + case "${ipfilter_enable}" in [Yy][Ee][Ss]) + if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then + ipfilter_in_kernel=1 + echo "Kernel ipfilter module loaded." + elif [ "${ipfilter_in_kernel}" -eq 0 ]; then + echo "Warning: ipfilter kernel module failed to load." + fi + if [ -r "${ipfilter_rules}" ]; then echo -n ' ipfilter'; ${ipfilter_program:-/sbin/ipf -Fa -f} \ diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index 86db5eaa22fe..9d868af8916a 100644 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -60,8 +60,21 @@ network_pass1() { # Establish ipfilter ruleset as early as possible (best in # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) # + if /sbin/ipfstat -i > /dev/null 2>&1; then + ipfilter_in_kernel=1 + else + ipfilter_in_kernel=0 + fi + case "${ipfilter_enable}" in [Yy][Ee][Ss]) + if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then + ipfilter_in_kernel=1 + echo "Kernel ipfilter module loaded." + elif [ "${ipfilter_in_kernel}" -eq 0 ]; then + echo "Warning: ipfilter kernel module failed to load." + fi + if [ -r "${ipfilter_rules}" ]; then echo -n ' ipfilter'; ${ipfilter_program:-/sbin/ipf -Fa -f} \ diff --git a/etc/rc.d/network1 b/etc/rc.d/network1 index 86db5eaa22fe..9d868af8916a 100644 --- a/etc/rc.d/network1 +++ b/etc/rc.d/network1 @@ -60,8 +60,21 @@ network_pass1() { # Establish ipfilter ruleset as early as possible (best in # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) # + if /sbin/ipfstat -i > /dev/null 2>&1; then + ipfilter_in_kernel=1 + else + ipfilter_in_kernel=0 + fi + case "${ipfilter_enable}" in [Yy][Ee][Ss]) + if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then + ipfilter_in_kernel=1 + echo "Kernel ipfilter module loaded." + elif [ "${ipfilter_in_kernel}" -eq 0 ]; then + echo "Warning: ipfilter kernel module failed to load." + fi + if [ -r "${ipfilter_rules}" ]; then echo -n ' ipfilter'; ${ipfilter_program:-/sbin/ipf -Fa -f} \ diff --git a/etc/rc.d/network2 b/etc/rc.d/network2 index 86db5eaa22fe..9d868af8916a 100644 --- a/etc/rc.d/network2 +++ b/etc/rc.d/network2 @@ -60,8 +60,21 @@ network_pass1() { # Establish ipfilter ruleset as early as possible (best in # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) # + if /sbin/ipfstat -i > /dev/null 2>&1; then + ipfilter_in_kernel=1 + else + ipfilter_in_kernel=0 + fi + case "${ipfilter_enable}" in [Yy][Ee][Ss]) + if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then + ipfilter_in_kernel=1 + echo "Kernel ipfilter module loaded." + elif [ "${ipfilter_in_kernel}" -eq 0 ]; then + echo "Warning: ipfilter kernel module failed to load." + fi + if [ -r "${ipfilter_rules}" ]; then echo -n ' ipfilter'; ${ipfilter_program:-/sbin/ipf -Fa -f} \ diff --git a/etc/rc.d/network3 b/etc/rc.d/network3 index 86db5eaa22fe..9d868af8916a 100644 --- a/etc/rc.d/network3 +++ b/etc/rc.d/network3 @@ -60,8 +60,21 @@ network_pass1() { # Establish ipfilter ruleset as early as possible (best in # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) # + if /sbin/ipfstat -i > /dev/null 2>&1; then + ipfilter_in_kernel=1 + else + ipfilter_in_kernel=0 + fi + case "${ipfilter_enable}" in [Yy][Ee][Ss]) + if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then + ipfilter_in_kernel=1 + echo "Kernel ipfilter module loaded." + elif [ "${ipfilter_in_kernel}" -eq 0 ]; then + echo "Warning: ipfilter kernel module failed to load." + fi + if [ -r "${ipfilter_rules}" ]; then echo -n ' ipfilter'; ${ipfilter_program:-/sbin/ipf -Fa -f} \ diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 86db5eaa22fe..9d868af8916a 100644 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -60,8 +60,21 @@ network_pass1() { # Establish ipfilter ruleset as early as possible (best in # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) # + if /sbin/ipfstat -i > /dev/null 2>&1; then + ipfilter_in_kernel=1 + else + ipfilter_in_kernel=0 + fi + case "${ipfilter_enable}" in [Yy][Ee][Ss]) + if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then + ipfilter_in_kernel=1 + echo "Kernel ipfilter module loaded." + elif [ "${ipfilter_in_kernel}" -eq 0 ]; then + echo "Warning: ipfilter kernel module failed to load." + fi + if [ -r "${ipfilter_rules}" ]; then echo -n ' ipfilter'; ${ipfilter_program:-/sbin/ipf -Fa -f} \ diff --git a/etc/rc.network b/etc/rc.network index 86db5eaa22fe..9d868af8916a 100644 --- a/etc/rc.network +++ b/etc/rc.network @@ -60,8 +60,21 @@ network_pass1() { # Establish ipfilter ruleset as early as possible (best in # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) # + if /sbin/ipfstat -i > /dev/null 2>&1; then + ipfilter_in_kernel=1 + else + ipfilter_in_kernel=0 + fi + case "${ipfilter_enable}" in [Yy][Ee][Ss]) + if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then + ipfilter_in_kernel=1 + echo "Kernel ipfilter module loaded." + elif [ "${ipfilter_in_kernel}" -eq 0 ]; then + echo "Warning: ipfilter kernel module failed to load." + fi + if [ -r "${ipfilter_rules}" ]; then echo -n ' ipfilter'; ${ipfilter_program:-/sbin/ipf -Fa -f} \ |