firewall: run filterlog directly after rules apply for #9449

fichtner · fichtner · commit c6eaefc1e265 · 2025-11-24T11:39:15.000+01:00
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
@@ -438,8 +438,17 @@ function filter_configure_sync($verbose = false, $load_aliases = true)
         return;
     }
 
+    service_log('.', $verbose);
+
+    /* enable permanent promiscuous mode to avoid dmesg noise */
+    mwexecf('/sbin/ifconfig pflog0 promisc');
+
+    /* bring up new instance of filterlog to load new rules */
+    killbypid('/var/run/filterlog.pid');
+    mwexecf('/usr/local/sbin/filterlog -i pflog0 -p %s', '/var/run/filterlog.pid');
+
     /*
-     * XXX: Flush table when not user, ideally this should be update_tables.py responsibility.
+     * XXX: Flush table when not used, ideally this should be update_tables.py responsibility.
      */
     if (!is_bogonsv6_used()) {
         mwexecf('/sbin/pfctl -t bogonsv6 -T flush');
@@ -452,15 +461,6 @@ function filter_configure_sync($verbose = false, $load_aliases = true)
         configd_run('filter refresh_aliases', true);
     }
 
-    service_log('.', $verbose);
-
-    /* enable permanent promiscuous mode to avoid dmesg noise */
-    mwexecf('/sbin/ifconfig pflog0 promisc');
-
-    /* bring up new instance of filterlog to load new rules */
-    killbypid('/var/run/filterlog.pid');
-    mwexecf('/usr/local/sbin/filterlog -i pflog0 -p %s', '/var/run/filterlog.pid');
-
     unset($fobj);
 
     reopenlog();
