ipfw: create "ipfw0" and "ipfwlog0" bpf tapping points without ifnet(9)

As a free bonus the tapping points are now able to match packet direction.

Reviewed by:		ae
Differential Revision:	https://reviews.freebsd.org/D53875

2 files changed, 0 insertions, 11 deletions

diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf
index ada9094360f6..e8f146807f33 100644
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@ -157,7 +157,6 @@ firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
 firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
 firewall_logging="NO"		# Set to YES to enable events logging
-firewall_logif="NO"		# Set to YES to create logging-pseudo interface
 firewall_flags=""		# Flags passed to ipfw when type is a file
 firewall_coscripts=""		# List of executables/scripts to run after
 				# firewall starts/stops
diff --git a/libexec/rc/rc.d/ipfw b/libexec/rc/rc.d/ipfw
index 6d6f7577828f..a9b05ee11132 100755
--- a/libexec/rc/rc.d/ipfw
+++ b/libexec/rc/rc.d/ipfw
@@ -85,16 +85,6 @@ ipfw_start()
 		echo 'Firewall logging enabled.'
 		${SYSCTL} net.inet.ip.fw.verbose=1 >/dev/null
 	fi
-	if checkyesno firewall_logif; then
-		if ! ifconfig ipfw0 >/dev/null 2>&1; then
-			ifconfig ipfw0 create
-			echo 'Firewall logging pseudo-interface (ipfw0)' \
-			    'created.'
-		else
-			echo 'Firewall logging pseudo-interface (ipfw0)' \
-			    'already created.'
-		fi
-	fi
 }
 
 ipfw_poststart()