IPFilter may need to be re-sync'ed even if we are not filtering, but

only doing ipnat(8). Go back to using $ipfilter_active, but turn off
$ipfilter_active when loading ipl.ko has failed.

Submitted by:	devet@devet.org (Arjan de Vet)
MFC after:	3 days

5 files changed, 15 insertions, 5 deletions

diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions
index 2146b9057b99..59f53708c59e 100644
--- a/etc/rc.d/netoptions
+++ b/etc/rc.d/netoptions
@@ -85,6 +85,7 @@ network_pass1() {
 			else
 				echo 'Warning: IP-filter module failed to load.'
 				# avoid further errors
+				ipfilter_active="NO"
 				ipmon_enable="NO"
 				ipfilter_enable="NO"
 				ipnat_enable="NO"
@@ -298,11 +299,12 @@ network_pass1() {
 
 	# Re-Sync ipfilter so it picks up any new network interfaces
 	#
-	case ${ipfilter_enable} in
+	case ${ipfilter_active} in
 	[Yy][Ee][Ss])
 		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
 		;;
 	esac
+	unset ipfilter_active
 
 	# Initialize IP filtering using ipfw
 	#
diff --git a/etc/rc.d/network1 b/etc/rc.d/network1
index 2146b9057b99..59f53708c59e 100644
--- a/etc/rc.d/network1
+++ b/etc/rc.d/network1
@@ -85,6 +85,7 @@ network_pass1() {
 			else
 				echo 'Warning: IP-filter module failed to load.'
 				# avoid further errors
+				ipfilter_active="NO"
 				ipmon_enable="NO"
 				ipfilter_enable="NO"
 				ipnat_enable="NO"
@@ -298,11 +299,12 @@ network_pass1() {
 
 	# Re-Sync ipfilter so it picks up any new network interfaces
 	#
-	case ${ipfilter_enable} in
+	case ${ipfilter_active} in
 	[Yy][Ee][Ss])
 		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
 		;;
 	esac
+	unset ipfilter_active
 
 	# Initialize IP filtering using ipfw
 	#
diff --git a/etc/rc.d/network2 b/etc/rc.d/network2
index 2146b9057b99..59f53708c59e 100644
--- a/etc/rc.d/network2
+++ b/etc/rc.d/network2
@@ -85,6 +85,7 @@ network_pass1() {
 			else
 				echo 'Warning: IP-filter module failed to load.'
 				# avoid further errors
+				ipfilter_active="NO"
 				ipmon_enable="NO"
 				ipfilter_enable="NO"
 				ipnat_enable="NO"
@@ -298,11 +299,12 @@ network_pass1() {
 
 	# Re-Sync ipfilter so it picks up any new network interfaces
 	#
-	case ${ipfilter_enable} in
+	case ${ipfilter_active} in
 	[Yy][Ee][Ss])
 		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
 		;;
 	esac
+	unset ipfilter_active
 
 	# Initialize IP filtering using ipfw
 	#
diff --git a/etc/rc.d/network3 b/etc/rc.d/network3
index 2146b9057b99..59f53708c59e 100644
--- a/etc/rc.d/network3
+++ b/etc/rc.d/network3
@@ -85,6 +85,7 @@ network_pass1() {
 			else
 				echo 'Warning: IP-filter module failed to load.'
 				# avoid further errors
+				ipfilter_active="NO"
 				ipmon_enable="NO"
 				ipfilter_enable="NO"
 				ipnat_enable="NO"
@@ -298,11 +299,12 @@ network_pass1() {
 
 	# Re-Sync ipfilter so it picks up any new network interfaces
 	#
-	case ${ipfilter_enable} in
+	case ${ipfilter_active} in
 	[Yy][Ee][Ss])
 		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
 		;;
 	esac
+	unset ipfilter_active
 
 	# Initialize IP filtering using ipfw
 	#
diff --git a/etc/rc.d/routing b/etc/rc.d/routing
index 2146b9057b99..59f53708c59e 100644
--- a/etc/rc.d/routing
+++ b/etc/rc.d/routing
@@ -85,6 +85,7 @@ network_pass1() {
 			else
 				echo 'Warning: IP-filter module failed to load.'
 				# avoid further errors
+				ipfilter_active="NO"
 				ipmon_enable="NO"
 				ipfilter_enable="NO"
 				ipnat_enable="NO"
@@ -298,11 +299,12 @@ network_pass1() {
 
 	# Re-Sync ipfilter so it picks up any new network interfaces
 	#
-	case ${ipfilter_enable} in
+	case ${ipfilter_active} in
 	[Yy][Ee][Ss])
 		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
 		;;
 	esac
+	unset ipfilter_active
 
 	# Initialize IP filtering using ipfw
 	#