Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/etc/rc.d/ipfilter,v
rcsdiff: /ftp/cvs/cvsroot/src/etc/rc.d/ipfilter,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.1.1.1
retrieving revision 1.17
diff -u -p -r1.1.1.1 -r1.17
--- src/etc/rc.d/ipfilter	2000/03/10 11:53:25	1.1.1.1
+++ src/etc/rc.d/ipfilter	2008/11/22 20:23:33	1.17
@@ -1,35 +1,60 @@
 #!/bin/sh
 #
-# $NetBSD: ipfilter,v 1.1.1.1 2000/03/10 11:53:25 lukem Exp $
+# $NetBSD: ipfilter,v 1.17 2008/11/22 20:23:33 tsutsui Exp $
 #
 
 # PROVIDE: ipfilter
-# REQUIRE: root beforenetlkm mountcritlocal tty
+# REQUIRE: root bootconf mountcritlocal tty
 
-. /etc/rc.subr
-. /etc/rc.conf
+$_rc_subr_loaded . /etc/rc.subr
 
 name="ipfilter"
+rcvar=$name
+start_precmd="ipfilter_prestart"
 start_cmd="ipfilter_start"
-stop_precmd="checkyesno ipfilter && [ -f /etc/ipf.conf ]"
+stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
 stop_cmd="ipfilter_stop"
 reload_precmd="$stop_precmd"
 reload_cmd="ipfilter_reload"
+resync_precmd="$stop_precmd"
+resync_cmd="ipfilter_resync"
+status_precmd="$stop_precmd"
+status_cmd="ipfilter_status"
+extra_commands="reload resync status"
+
+ipfilter_prestart()
+{
+	if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then
+		warn "/etc/ipf*.conf not readable; ipfilter start aborted."
+
+		stop_boot
+		return 1
+	fi
+	return 0
+}
 
 ipfilter_start()
 {
-	if [ ! checkyesno ipfilter ]; then
-		return 0
+	echo "Enabling ipfilter."
+	/sbin/ipf -E
+
+		# Do the flush first; since older ipf has different semantics.
+		#
+	if [ -f /etc/ipf.conf ]; then
+		/sbin/ipf -Fa
+	fi
+	if [ -f /etc/ipf6.conf ]; then
+		/sbin/ipf -6 -Fa
 	fi
 
-	#	if /etc/ipf.conf isn't readable, abort the boot rather
-	#	than risk a security problem
-	#
-	if [ ! -f /etc/ipf.conf ]; then
-		err 1 "/etc/ipf.conf not readable; ipfilter start aborted."
+		# Now load the config files
+		#
+	if [ -f /etc/ipf.conf ]; then
+		/sbin/ipf -f /etc/ipf.conf
+	fi
+	if [ -f /etc/ipf6.conf ]; then
+		/sbin/ipf -6 -f /etc/ipf6.conf
 	fi
-	echo "Enabling ipfilter."
-	/sbin/ipf -E -Fa -f /etc/ipf.conf
 }
 
 ipfilter_stop()
@@ -41,12 +66,39 @@ ipfilter_stop()
 ipfilter_reload()
 {
 	echo "Reloading ipfilter rules."
-	/sbin/ipf -I -Fa -f /etc/ipf.conf
-	if [ $? -eq 0 ]; then
-		/sbin/ipf -s
-	else
-		warn "Reload failed; not swapping to new ruleset."
+
+		# Do the flush first; since older ipf has different semantics.
+		#
+	if [ -f /etc/ipf.conf ]; then
+		/sbin/ipf -I -Fa
 	fi
+	if [ -f /etc/ipf6.conf ]; then
+		/sbin/ipf -6 -I -Fa
+	fi
+
+		# Now load the config files into the Inactive set
+		#
+	if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
+		err 1 "reload of ipf.conf failed; not swapping to new ruleset."
+	fi
+	if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
+		err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
+	fi
+		
+		# Swap in the new rules
+		#
+	/sbin/ipf -s
+}
+
+ipfilter_resync()
+{
+	/sbin/ipf -y
+}
+
+ipfilter_status()
+{
+	/sbin/ipf -V
 }
 
-run_rc_command "$1" "reload"
+load_rc_config $name
+run_rc_command "$1"