diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2025-11-26 11:40:36 -0800 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2025-11-26 14:26:38 -0800 |
| commit | d5d005e9bf4933d5680dd0bb5d42bdf440122aa4 (patch) | |
| tree | 5b927b0e28192da15803d9e9bb024543c8427c42 /libexec | |
| parent | 3e69618d4bfbd0d952f86703c00a979f93e6152b (diff) | |
ipfilter: Load optionlist prior to ippool invocation
As a safety precaution df381bec2d2b limits ippool hash table size to 1K.
This causes any legitimely large hash table to fail to load. The
htable_size_max ipf tuneable adjusts this but the adjustment is made
in the ipfilter rc script, invoked after the ippool script (because it
depends on ippool). Let's load the ipfilter_optionlist in ippool as well.
ipfilter_optionlist load will also occur in the ipfilter rc script in case
the user uses ipfilter without ippool.
Fixes: df381bec2d2b
MFC after: 3 days
Diffstat (limited to 'libexec')
| -rwxr-xr-x | libexec/rc/rc.d/ippool | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool index 0db8bbe98f61..5ef0d0522621 100755 --- a/libexec/rc/rc.d/ippool +++ b/libexec/rc/rc.d/ippool @@ -27,6 +27,9 @@ required_modules="ipl:ipfilter" ippool_start_precmd() { rc_flags="-f ${ippool_rules} ${rc_flags}" + if [ -n "${ifilter_optionlist}" ]; then + ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" + fi } ippool_reload() |