OS-7685 smartos-live overlay should be merged into illumos-joyent

Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: Mike Gerdts <mike.gerdts@joyent.com>
Approved by: Mike Gerdts <mike.gerdts@joyent.com>

4 files changed, 33 insertions, 22 deletions

diff --git a/usr/src/cmd/ipf/etc/Makefile b/usr/src/cmd/ipf/etc/Makefile
index 3e06187ae9..a5eb399f56 100644
--- a/usr/src/cmd/ipf/etc/Makefile
+++ b/usr/src/cmd/ipf/etc/Makefile
@@ -22,42 +22,31 @@
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-#cmd/ipf/etc/Makefile
+# Copyright 2019 Joyent, Inc.
 #
 
-IPFCONF=	ipf.conf
-IPFPROG=	$(IPFCONF)
+IPFFILES = ipf.conf smartos_version
 
 include ../../Makefile.cmd
 
-
 ETCIPF= $(ROOTETC)/ipf
 
-DIRS=  $(ETCIPF)
-
-ETCIPFPROG=	$(IPFPROG:%=$(ETCIPF)/%)
+ROOTETCIPFFILES = $(IPFFILES:%=$(ETCIPF)/%)
 
-$(ETCIPFPROG):=	FILEMODE= 0644
+$(ETCIPF)/ipf.conf := FILEMODE= 0644
+$(ETCIPF)/smartos_version := FILEMODE= 0444
 
 .KEEP_STATE:
 
-all: $(IPFPROG) $(DIRS) $(ETCIPFPROG)
-
-install: all $(DIRS)
+all:
 
-$(PFILAP):
-	$(SH) $@.sh
+install: all $(ROOTETCIPFFILES)
 
-$(ETCIPF)/% : % $(ETCIPF)
+$(ETCIPF)/% : %
 	$(INS.file)
 
-$(DIRS):
-	$(INS.dir)
-
 clean:
 
 clobber:
 
-lint:
-
 .PARALLEL:
diff --git a/usr/src/cmd/ipf/etc/smartos_version b/usr/src/cmd/ipf/etc/smartos_version
new file mode 100644
index 0000000000..0cfbf08886
--- /dev/null
+++ b/usr/src/cmd/ipf/etc/smartos_version
@@ -0,0 +1 @@
+2
diff --git a/usr/src/cmd/ipf/svc/ipfilter b/usr/src/cmd/ipf/svc/ipfilter
index 48e3e2e915..bb25316b44 100644
--- a/usr/src/cmd/ipf/svc/ipfilter
+++ b/usr/src/cmd/ipf/svc/ipfilter
@@ -23,9 +23,12 @@
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
+# Copyright (c) 2013, Joyent, Inc. All rights reserved.
 # Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
 #
 
+set -o xtrace
+
 . /lib/svc/share/smf_include.sh
 . /lib/svc/share/ipf_include.sh
 
@@ -152,8 +155,25 @@ upgrade_config()
 	svcadm refresh $SMF_FMRI >/dev/null 2>&1
 }
 
+symlink_persistent_file()
+{
+	persist_file=/var/fw/$1
+	etc_file=$ETC_IPF_DIR/$1
+
+	[ ! -e $persist_file ] && return 0
+	[ -L $etc_file ] && return 0
+
+	[ -e $etc_file ] && mv $etc_file{,.orig}
+
+	ln -s $persist_file $etc_file
+}
+
+
 configure_firewall()
 {
+	symlink_persistent_file ipnat.conf
+	symlink_persistent_file ipf.conf
+	symlink_persistent_file ipf6.conf
 	create_global_rules || exit $SMF_EXIT_ERR_CONFIG
 	create_global_ovr_rules || exit $SMF_EXIT_ERR_CONFIG
 	create_services_rules || exit $SMF_EXIT_ERR_CONFIG
diff --git a/usr/src/cmd/ipf/svc/ipfilter.xml b/usr/src/cmd/ipf/svc/ipfilter.xml
index 5f088f5344..8b6506795f 100644
--- a/usr/src/cmd/ipf/svc/ipfilter.xml
+++ b/usr/src/cmd/ipf/svc/ipfilter.xml
@@ -4,6 +4,7 @@
  Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
  Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
 
+
  CDDL HEADER START
 
  The contents of this file are subject to the terms of the
@@ -97,13 +98,13 @@
 		type='method'
 		name='refresh'
 		exec='/lib/svc/method/ipfilter reload'
-		timeout_seconds='120' >
+		timeout_seconds='1200' >
 	</exec_method>
 
-	<instance name='default' enabled='false'>
+	<instance name='default' enabled='true'>
 		<property_group name='firewall_config_default'
 			type='com.sun,fw_configuration'>
-			<propval name='policy' type='astring' value='none' />
+			<propval name='policy' type='astring' value='custom' />
 			<propval name='block_policy' type='astring'
 				value='none' />
 			<propval name='custom_policy_file' type='astring'