rc.d/ipfilter: ipfilter must be enabled for options to take

ipfilter options are erased and reset to default when ipfilter is
disabled. This results in nullifying options from rc.conf that were
previously set.

8d6feaaaa26f, which added this code, was incorrect as it was for a bug in
ipfilter 4.2.28 and no longer applies to ipfilter 5.1.2.

Fixes:		8d6feaaaa26f
MFC after:	1 day

1 files changed, 3 insertions, 6 deletions

diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter
index 1253294b09cf..a68e6f60a6f2 100755
--- a/libexec/rc/rc.d/ipfilter
+++ b/libexec/rc/rc.d/ipfilter
@@ -33,14 +33,11 @@ required_modules="ipl:ipfilter"
 ipfilter_start()
 {
 	echo "Enabling ipfilter."
+	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
+		${ipfilter_program:-/sbin/ipf} -E
+	fi
 	if [ -n "${ipfilter_optionlist}" ]; then
-		if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
-			${ipfilter_program:-/sbin/ipf} -D
-		fi
 		${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}"
-		${ipfilter_program:-/sbin/ipf} -E
-	elif ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
-		${ipfilter_program:-/sbin/ipf} -E
 	fi
 	${ipfilter_program:-/sbin/ipf} -Fa
 	if [ -r "${ipfilter_rules}" ]; then