git: cc1e4aae5a67 - main - rc.d/ipfilter: ipfilter must be enabled for options to take

[Cy Schubert]

The branch main has been updated by cy:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=cc1e4aae5a67a20f3c0fff13612364e6e4404f93

commit cc1e4aae5a67a20f3c0fff13612364e6e4404f93
Author:     Cy Schubert <c...@freebsd.org>
AuthorDate: 2025-12-09 23:42:07 +0000
Commit:     Cy Schubert <c...@freebsd.org>
CommitDate: 2025-12-10 00:03:38 +0000

    rc.d/ipfilter: ipfilter must be enabled for options to take
    
    ipfilter options are erased and reset to default when ipfilter is
    disabled. This results in nullifying options from rc.conf that were
    previously set.
    
    8d6feaaaa26f, which added this code, was incorrect as it was for a bug in
    ipfilter 4.2.28 and no longer applies to ipfilter 5.1.2.
    
    Fixes:          8d6feaaaa26f
    MFC after:      1 day
---
 libexec/rc/rc.d/ipfilter | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter
index 1253294b09cf..a68e6f60a6f2 100755
--- a/libexec/rc/rc.d/ipfilter
+++ b/libexec/rc/rc.d/ipfilter
@@ -33,14 +33,11 @@ required_modules="ipl:ipfilter"
 ipfilter_start()
 {
        echo "Enabling ipfilter."
+       if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
+               ${ipfilter_program:-/sbin/ipf} -E
+       fi
        if [ -n "${ipfilter_optionlist}" ]; then
-               if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; 
then
-                       ${ipfilter_program:-/sbin/ipf} -D
-               fi
                ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}"
-               ${ipfilter_program:-/sbin/ipf} -E
-       elif ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
-               ${ipfilter_program:-/sbin/ipf} -E
        fi
        ${ipfilter_program:-/sbin/ipf} -Fa
        if [ -r "${ipfilter_rules}" ]; then