From 63f8a651ab5c9fb28352a825a33c0b1cd5462aed Mon Sep 17 00:00:00 2001
From: ae <ae@FreeBSD.org>
Date: Sat, 13 Apr 2019 09:06:36 +0000
Subject: [PATCH] MFC r345450:   Add ability to automatically load ipfw_nat64,
 ipfw_nptv6 and ipfw_pmod

  modules by declaring corresponding variables in rc.conf. Also document
  them in rc.conf(5).

  Submitted by:	Dries Michiels
  Differential Revision:	https://reviews.freebsd.org/D19673

MFC r345985:
  Add firewall_[nat64|nptv6|pmod]_enable variables to /etc/defaults/rc.conf
---
 etc/defaults/rc.conf     |  3 +++
 etc/rc.d/ipfw            |  9 +++++++++
 share/man/man5/rc.conf.5 | 38 +++++++++++++++++++++++++++++++++++---
 3 files changed, 47 insertions(+), 3 deletions(-)

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index b0bdd1ebb6a..8e34e81eda4 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -168,6 +168,9 @@ firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports
 firewall_nat_enable="NO"	# Enable kernel NAT (if firewall_enable == YES)
 firewall_nat_interface=""	# Public interface or IPaddress to use
 firewall_nat_flags=""		# Additional configuration parameters
+firewall_nat64_enable="NO"	# Enable kernel NAT64 module.
+firewall_nptv6_enable="NO"	# Enable kernel NPTv6 module.
+firewall_pmod_enable="NO"	# Enable kernel protocols modification module.
 dummynet_enable="NO"		# Load the dummynet(4) module
 ipfw_netflow_enable="NO"	# Enable netflow logging via ng_netflow
 ip_portrange_first="NO"		# Set first dynamically allocated port
diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw
index 1f1e5d20bf4..143f4bdc4cc 100755
--- a/etc/rc.d/ipfw
+++ b/etc/rc.d/ipfw
@@ -34,6 +34,15 @@ ipfw_prestart()
 	if checkyesno firewall_nat_enable; then
 		required_modules="$required_modules ipfw_nat"
 	fi
+	if checkyesno firewall_nat64_enable; then
+		required_modules="$required_modules ipfw_nat64"
+	fi
+	if checkyesno firewall_nptv6_enable; then
+		required_modules="$required_modules ipfw_nptv6"
+	fi
+	if checkyesno firewall_pmod_enable; then
+		required_modules="$required_modules ipfw_pmod"
+	fi
 }
 
 ipfw_start()
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 13ec2b7baf2..242be006899 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 17, 2017
+.Dd March 21, 2019
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@@ -568,9 +568,11 @@ equivalent of
 .Va natd_enable .
 Setting this to
 .Dq Li YES
-enables kernel NAT.
+will automatically load the
+.Xr ipfw 8
+NAT kernel module if
 .Va firewall_enable
-must also be set to
+is also set to
 .Dq Li YES .
 .It Va firewall_nat_interface
 .Pq Vt str
@@ -583,6 +585,36 @@ kernel NAT should run.
 .It Va firewall_nat_flags
 .Pq Vt str
 Additional configuration parameters for kernel NAT should be placed here.
+.It Va firewall_nat64_enable
+.Pq Vt bool
+Setting this to
+.Dq Li YES
+will automatically load the
+.Xr ipfw 8
+NAT64 kernel module if
+.Va firewall_enable
+is also set to
+.Dq Li YES .
+.It Va firewall_nptv6_enable
+.Pq Vt bool
+Setting this to
+.Dq Li YES
+will automatically load the
+.Xr ipfw 8
+NPTv6 kernel module if
+.Va firewall_enable
+is also set to
+.Dq Li YES .
+.It Va firewall_pmod_enable
+.Pq Vt bool
+Setting this to
+.Dq Li YES
+will automatically load the
+.Xr ipfw 8
+pmod kernel module if
+.Va firewall_enable
+is also set to
+.Dq Li YES .
 .It Va dummynet_enable
 .Pq Vt bool
 Setting this to
-- 
2.45.0