From e58f4666201e7afc071824f20aff350c9c974cbc Mon Sep 17 00:00:00 2001
From: Darren Reed <darrenr@FreeBSD.org>
Date: Mon, 30 Jul 2001 23:12:02 +0000
Subject: Merge in patch to automagically decide whether or not a kldload of
 ipfilter is required into rc.network.

Person failed to use a real name so both email addresses from PR included
(Sent was different to From).

PR:		22998
Submitted by:	dl@leo.org/spock@empire.trek.org
---
 etc/rc.network | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'etc/rc.network')

diff --git a/etc/rc.network b/etc/rc.network
index 86db5eaa22fe..9d868af8916a 100644
--- a/etc/rc.network
+++ b/etc/rc.network
@@ -60,8 +60,21 @@ network_pass1() {
 	# Establish ipfilter ruleset as early as possible (best in
 	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
 	#
+	if /sbin/ipfstat -i > /dev/null 2>&1; then
+		ipfilter_in_kernel=1
+	else
+		ipfilter_in_kernel=0
+	fi
+
 	case "${ipfilter_enable}" in
 	[Yy][Ee][Ss])
+		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
+			ipfilter_in_kernel=1
+			echo "Kernel ipfilter module loaded."
+		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
+			echo "Warning: ipfilter kernel module failed to load."
+		fi
+
 		if [ -r "${ipfilter_rules}" ]; then
 			echo -n ' ipfilter';
 			${ipfilter_program:-/sbin/ipf -Fa -f} \
-- 
cgit v1.2.3