Add support to npf_rules to rc.conf

- Allows overriding default from /etc/npf.conf - Indicate rules file used in output - Drop check for file presence in script - rely on npf exiting with error
2023-10-05 08:19:27 +00:00 · 2023-10-05 08:19:27 +00:00 · 011f078b4d
parent fc8a227a5a
commit 011f078b4d
2 changed files with 7 additions and 18 deletions
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@ -1,4 +1,4 @@
-#	$NetBSD: rc.conf,v 1.166 2023/09/27 01:27:32 riastradh Exp $
+#	$NetBSD: rc.conf,v 1.167 2023/10/05 08:19:27 abs Exp $
 #
 # /etc/defaults/rc.conf --
 #	default configuration of /etc/rc.conf
@ -181,7 +181,7 @@ securelevel=""					# securelevel to set to
 ifconfig_wait_dad_flags="-w 15 -W 5"

 mdnsd=NO
-npf=NO
+npf=NO			npf_rules="/etc/npf.conf"
 npfd=NO			npfd_flags=""
 ipfilter=NO		ipfilter_flags=""	# uses /etc/ipf.conf
 ipnat=NO					# uses /etc/ipnat.conf
--- a/etc/rc.d/npf
+++ b/etc/rc.d/npf
@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: npf,v 1.7 2020/09/08 12:52:18 martin Exp $
+# $NetBSD: npf,v 1.8 2023/10/05 08:19:27 abs Exp $
 #
 # Public Domain.
 #
@ -14,8 +14,6 @@ $_rc_subr_loaded . /etc/rc.subr
 name="npf"
 rcvar=$name

-config="/etc/npf.conf"
-
 start_cmd="npf_start"
 stop_cmd="npf_stop"

@ -23,19 +21,11 @@ reload_cmd="npf_reload"
 status_cmd="npf_status"
 extra_commands="reload status"

-npf_cfg_check()
-{
-	if [ ! -f ${config} ]; then
-		warn "${config} is not readable; failed."
-		exit 1
-	fi
-}

 npf_start()
 {
-	echo "Enabling NPF."
-	npf_cfg_check
-	/sbin/npfctl reload
+	echo "Enabling NPF $npf_rules"
+	/sbin/npfctl reload "$npf_rules"

 	# The npf_boot script has enabled npf already.
 	if [ "$autoboot" != "yes" ]; then
@ -52,9 +42,8 @@ npf_stop()

 npf_reload()
 {
-	echo "Reloading NPF ruleset."
-	npf_cfg_check
-	/sbin/npfctl reload
+	echo "Reloading NPF ruleset $npf_rules"
+	/sbin/npfctl reload "$npf_rules"
 }

 npf_status()