The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=d5d005e9bf4933d5680dd0bb5d42bdf440122aa4
commit d5d005e9bf4933d5680dd0bb5d42bdf440122aa4 Author: Cy Schubert <[email protected]> AuthorDate: 2025-11-26 19:40:36 +0000 Commit: Cy Schubert <[email protected]> CommitDate: 2025-11-26 22:26:38 +0000 ipfilter: Load optionlist prior to ippool invocation As a safety precaution df381bec2d2b limits ippool hash table size to 1K. This causes any legitimely large hash table to fail to load. The htable_size_max ipf tuneable adjusts this but the adjustment is made in the ipfilter rc script, invoked after the ippool script (because it depends on ippool). Let's load the ipfilter_optionlist in ippool as well. ipfilter_optionlist load will also occur in the ipfilter rc script in case the user uses ipfilter without ippool. Fixes: df381bec2d2b MFC after: 3 days --- libexec/rc/rc.d/ippool | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool index 0db8bbe98f61..5ef0d0522621 100755 --- a/libexec/rc/rc.d/ippool +++ b/libexec/rc/rc.d/ippool @@ -27,6 +27,9 @@ required_modules="ipl:ipfilter" ippool_start_precmd() { rc_flags="-f ${ippool_rules} ${rc_flags}" + if [ -n "${ifilter_optionlist}" ]; then + ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" + fi } ippool_reload()
