ipfilter: Set ipf -T optionlist at boot

There is no easy way to set ipfilter optionlist variables during boot.
Add plumbing to the rc script to support this.

PR:			130555
Reviewed by:		jlduran
Differential Revision:	https://reviews.freebsd.org/D47346

(cherry picked from commit 8d6feaaaa26f444abb209360e52b993e39cb81bb)

libexec/rc/rc.conf

@@ -220,6 +220,7 @@ ipfilter_program="/sbin/ipf"	# where the ipfilter program lives
 ipfilter_rules="/etc/ipf.rules"	# rules definition file for ipfilter, see
 				# /usr/src/share/examples/ipfilter for examples
 ipfilter_flags=""		# additional flags for ipfilter
+ipfilter_optionlist=""		# optionlist for ipf(8) -T
 ippool_enable="NO"		# Set to YES to enable ip filter pools
 ippool_program="/sbin/ippool"	# where the ippool program lives
 ippool_rules="/etc/ippool.tables"	# rules definition file for ippool

libexec/rc/rc.d/ipfilter

@@ -30,7 +30,13 @@ required_modules="ipl:ipfilter"
 ipfilter_start()
 {
 	echo "Enabling ipfilter."
-	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
+	if [ -n "${ifilter_optionlist}" ]; then
+		if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
+			${ipfilter_program:-/sbin/ipf} -D
+		fi
+		${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}"
+		${ipfilter_program:-/sbin/ipf} -E
+	elif ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
 		${ipfilter_program:-/sbin/ipf} -E
 	fi
 	${ipfilter_program:-/sbin/ipf} -Fa