Index: etc/defaults/rc.conf
===================================================================
--- etc/defaults/rc.conf	(revision 317819)
+++ etc/defaults/rc.conf	(working copy)
@@ -184,6 +184,10 @@
 ipfilter_rules="/etc/ipf.rules"	# rules definition file for ipfilter, see
 				# /usr/src/contrib/ipfilter/rules for examples
 ipfilter_flags=""		# additional flags for ipfilter
+ippool_enable="NO"		# Set to YES to enable ip filter pools
+ippool_program="/sbin/ippool"	# where the ippool program lives
+ippool_rules="/etc/ippool.tables"	# rules definition file for ippool
+ippool_flags=""			# additional flags for ippool
 ipnat_enable="NO"		# Set to YES to enable ipnat functionality
 ipnat_program="/sbin/ipnat"	# where the ipnat program lives
 ipnat_rules="/etc/ipnat.rules"	# rules definition file for ipnat
Index: etc/rc.d/ippool
===================================================================
--- etc/rc.d/ippool	(nonexistent)
+++ etc/rc.d/ippool	(working copy)
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# $FreeBSD: head/etc/rc.d/ipnat 298514 2016-04-23 16:10:54Z lme $
+#
+
+# PROVIDE: ippool
+# REQUIRE: FILESYSTEMS
+# BEFORE:  ipfilter
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="ippool"
+desc="user interface to the IPFilter pools"
+rcvar="ippool_enable"
+load_rc_config $name
+start_cmd="ippool_start"
+stop_cmd="${ippool_program} -F"
+reload_cmd="ippool_reload"
+extra_commands="reload"
+required_files="${ippool_rules}"
+required_modules="ipl:ipfilter"
+
+ippool_start()
+{
+	if [ -r "${ippool_rules}" ]; then
+		echo "Loading IP Pools."
+		${ippool_program} -f ${ippool_rules} ${ippool_flags}
+	fi
+}
+
+ippool_reload()
+{
+	echo "Reloading IP Pools."
+	${ippool_program} -F
+	ippool_start
+}
+
+
+run_rc_command "$1"

Property changes on: etc/rc.d/ippool
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: contrib/ipfilter/man/ippool.8
===================================================================
--- contrib/ipfilter/man/ippool.8	(revision 317819)
+++ contrib/ipfilter/man/ippool.8	(working copy)
@@ -12,7 +12,7 @@
 -A [-dnv] [-m <name>] [-o <role>] [-S <seed>] [-t <type>]
 .br
 .B ippool
--f <file> [-dnuv]
+-f <file> [-dnuvR]
 .br
 .B ippool
 -F [-dv] [-o <role>] [-t <type>]
@@ -24,7 +24,7 @@
 -r [-dnv] [-m <name>] [-o <role>] [-t <type>] -i <ipaddr>[/<netmask>]
 .br
 .B ippool
--R [-dnv] [-m <name>] [-o <role>] [-t <type>]
+-R [-dnv] [-m <name>] [-o <role>] -t <type>
 .br
 .B ippool
 -s [-dtv] [-M <core>] [-N <namelist>]
@@ -123,7 +123,7 @@
 .B -u
 When parsing a configuration file, rather than load new pool data into the
 kernel, unload it.
-.DT
+.TP
 .SH FILES
 .br
 /dev/iplookup
Index: contrib/ipfilter/tools/ippool.c
===================================================================
--- contrib/ipfilter/tools/ippool.c	(revision 317819)
+++ contrib/ipfilter/tools/ippool.c	(working copy)
@@ -77,11 +77,11 @@
 	fprintf(stderr, "Usage:\t%s\n", prog);
 	fprintf(stderr, "\t-a [-dnv] [-m <name>] [-o <role>] [-t type] [-T ttl] -i <ipaddr>[/netmask]\n");
 	fprintf(stderr, "\t-A [-dnv] [-m <name>] [-o <role>] [-S <seed>] [-t <type>]\n");
-	fprintf(stderr, "\t-f <file> [-dnuv]\n");
+	fprintf(stderr, "\t-f <file> [-dnuvR]\n");
 	fprintf(stderr, "\t-F [-dv] [-o <role>] [-t <type>]\n");
 	fprintf(stderr, "\t-l [-dv] [-m <name>] [-t <type>] [-O <fields>]\n");
 	fprintf(stderr, "\t-r [-dnv] [-m <name>] [-o <role>] [-t type] -i <ipaddr>[/netmask]\n");
-	fprintf(stderr, "\t-R [-dnv] [-m <name>] [-o <role>] [-t <type>]\n");
+	fprintf(stderr, "\t-R [-dnv] [-m <name>] [-o <role>] -t <type>\n");
 	fprintf(stderr, "\t-s [-dtv] [-M <core>] [-N <namelist>]\n");
 	exit(1);
 }
@@ -99,7 +99,7 @@
 
 	assigndefined(getenv("IPPOOL_PREDEFINED"));
 
-	switch (getopt(argc, argv, "aAf:FlnrRsv"))
+	switch (getopt(argc, argv, "aAf:FlrRs"))
 	{
 	case 'a' :
 		err = poolnodecommand(0, argc, argv);
@@ -116,9 +116,6 @@
 	case 'l' :
 		err = poollist(argc, argv);
 		break;
-	case 'n' :
-		opts |= OPT_DONOTHING|OPT_DONTOPEN;
-		break;
 	case 'r' :
 		err = poolnodecommand(1, argc, argv);
 		break;
@@ -128,9 +125,6 @@
 	case 's' :
 		err = poolstats(argc, argv);
 		break;
-	case 'v' :
-		opts |= OPT_VERBOSE;
-		break;
 	default :
 		exit(1);
 	}
@@ -157,7 +151,7 @@
 	bzero((char *)&pnode, sizeof(pnode));
 	bzero((char *)&hnode, sizeof(hnode));
 
-	while ((c = getopt(argc, argv, "di:m:no:Rt:T:v")) != -1)
+	while ((c = getopt(argc, argv, "di:m:no:Rt:T:v")) != -1) {
 		switch (c)
 		{
 		case 'd' :
@@ -207,17 +201,28 @@
 			}
 			break;
 		case 'T' :
-			ttl = atoi(optarg);
-			if (ttl < 0) {
-				fprintf(stderr, "cannot set negative ttl\n");
-				return -1;
+			if (remove == 0) {
+				ttl = atoi(optarg);
+				if (ttl < 0) {
+					fprintf(stderr, "cannot set negative ttl\n");
+					return -1;
+				}
+			} else {
+				usage(argv[0]);
 			}
 			break;
 		case 'v' :
 			opts |= OPT_VERBOSE;
 			break;
+		default :
+			usage(argv[0]);
+			break;		/* keep compiler happy */
 		}
+	}
 
+	if (argc - 1 - optind > 0)
+		usage(argv[0]);
+
 	if (argv[optind] != NULL && ipset == 0) {
 		if (setnodeaddr(type, role, ptr, argv[optind]) == 0)
 			ipset = 1;
@@ -262,7 +267,7 @@
 	char *argv[];
 {
 	int type, role, c, err;
-	char *poolname;
+	char *poolname, *typearg = NULL;
 	iphtable_t iph;
 	ip_pool_t pool;
 
@@ -274,7 +279,7 @@
 	bzero((char *)&iph, sizeof(iph));
 	bzero((char *)&pool, sizeof(pool));
 
-	while ((c = getopt(argc, argv, "dm:no:RSv")) != -1)
+	while ((c = getopt(argc, argv, "dm:no:RSvt:")) != -1)
 		switch (c)
 		{
 		case 'd' :
@@ -298,13 +303,26 @@
 			opts |= OPT_NORESOLVE;
 			break;
 		case 'S' :
-			iph.iph_seed = atoi(optarg);
+			if (remove == 0)
+				iph.iph_seed = atoi(optarg);
+			else
+				usage(argv[0]);
 			break;
 		case 'v' :
 			opts |= OPT_VERBOSE;
 			break;
+		case 't' :
+			type = gettype(optarg, &iph.iph_type);
+			typearg = optarg;
+			break;
+		default :
+			usage(argv[0]);
+			break;		/* keep compiler happy */
 		}
 
+	if (argc - 1 - optind > 0)
+		usage(argv[0]);
+
 	if (opts & OPT_DEBUG)
 		fprintf(stderr, "poolcommand: opts = %#x\n", opts);
 
@@ -313,9 +331,13 @@
 		return -1;
 	}
 
-	type = gettype(argv[optind], &iph.iph_type);
 	if (type == IPLT_NONE) {
-		fprintf(stderr, "unknown type '%s'\n", argv[optind]);
+		if (typearg == NULL) {
+			fprintf(stderr, "type must be specified\n");
+			usage(argv[0]);
+		} else {
+			fprintf(stderr, "unknown type '%s'\n", typearg);
+		}
 		return -1;
 	}
 
@@ -361,8 +383,6 @@
 {
 	int c;
 
-	infile = optarg;
-
 	while ((c = getopt(argc, argv, "dnRuv")) != -1)
 		switch (c)
 		{
@@ -382,8 +402,14 @@
 		case 'v' :
 			opts |= OPT_VERBOSE;
 			break;
+		default :
+			usage(argv[0]);
+			break;		/* keep compiler happy */
 		}
 
+	if (argc - 1 - optind > 0)
+		usage(argv[0]);
+
 	if (opts & OPT_DEBUG)
 		fprintf(stderr, "loadpoolfile: opts = %#x\n", opts);
 
@@ -453,8 +479,14 @@
 		case 'v' :
 			opts |= OPT_VERBOSE;
 			break;
+		default :
+			usage(argv[0]);
+			break;		/* keep compiler happy */
 		}
 
+	if (argc - 1 - optind > 0)
+		usage(argv[0]);
+
 	if (opts & OPT_DEBUG)
 		fprintf(stderr, "poolstats: opts = %#x\n", opts);
 
@@ -559,8 +591,14 @@
 		case 'v' :
 			opts |= OPT_VERBOSE;
 			break;
+		default :
+			usage(argv[0]);
+			break;		/* keep compiler happy */
 		}
 
+	if (argc - 1 - optind > 0)
+		usage(argv[0]);
+
 	if (opts & OPT_DEBUG)
 		fprintf(stderr, "poolflush: opts = %#x\n", opts);
 
@@ -663,7 +701,7 @@
 	poolname = NULL;
 	role = IPL_LOGALL;
 
-	while ((c = getopt(argc, argv, "dm:M:N:o:Rt:v")) != -1)
+	while ((c = getopt(argc, argv, "dm:M:N:O:o:Rt:v")) != -1)
 		switch (c)
 		{
 		case 'd' :
@@ -703,8 +741,14 @@
 		case 'v' :
 			opts |= OPT_VERBOSE;
 			break;
+		default :
+			usage(argv[0]);
+			break;		/* keep compiler happy */
 		}
 
+	if (argc - 1 - optind > 0)
+		usage(argv[0]);
+
 	if (opts & OPT_DEBUG)
 		fprintf(stderr, "poollist: opts = %#x\n", opts);