[src/trunk]: src/etc/rc.d Explicitly flush (-Fa) rules when loading or reload...

[lukem <lukem%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d4f678751fda
branches:  trunk
changeset: 569840:d4f678751fda
user:      lukem <lukem%NetBSD.org@localhost>
date:      Thu Sep 09 00:33:03 2004 +0000

description:
Explicitly flush (-Fa) rules when loading or reloading IPv4 and IPv6 rules,
rather than relying upon running "ipf -Fa" beforehand (which only flushes IPv4)
Should fix PR 26885 and PR 26857.

diffstat:

 etc/rc.d/ipfilter |  11 +++++------
 1 files changed, 5 insertions(+), 6 deletions(-)

diffs (38 lines):

diff -r ea7706dac151 -r d4f678751fda etc/rc.d/ipfilter
--- a/etc/rc.d/ipfilter Wed Sep 08 20:13:52 2004 +0000
+++ b/etc/rc.d/ipfilter Thu Sep 09 00:33:03 2004 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: ipfilter,v 1.11 2004/08/13 18:08:03 mycroft Exp $
+# $NetBSD: ipfilter,v 1.12 2004/09/09 00:33:03 lukem Exp $
 #
 
 # PROVIDE: ipfilter
@@ -45,10 +45,10 @@
        echo "Enabling ipfilter."
        /sbin/ipf -E -Fa
        if [ -f /etc/ipf.conf ]; then
-               /sbin/ipf -f /etc/ipf.conf
+               /sbin/ipf -Fa -f /etc/ipf.conf
        fi
        if [ -f /etc/ipf6.conf ]; then
-               /sbin/ipf -6 -f /etc/ipf6.conf
+               /sbin/ipf -6 -Fa -f /etc/ipf6.conf
        fi
 }
 
@@ -62,11 +62,10 @@
 {
        echo "Reloading ipfilter rules."
 
-       /sbin/ipf -I -Fa
-       if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
+       if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -Fa -f /etc/ipf.conf; then
                err 1 "reload of ipf.conf failed; not swapping to new ruleset."
        fi
-       if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
+       if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -6 -I -Fa -f /etc/ipf6.conf; then
                err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
        fi
        /sbin/ipf -s