[PATCH] "/etc/rc.d/pf reload" fails if there are macros defined in
pf_flags rcvar.
Niki Denev
nike_d at cytexbg.com
Mon Jan 21 01:42:52 PST 2008
Hi,
I'm using the pf_flags rc var to set macros for pf.conf files i use in
redundant router configuration.
This way i can have exactly the same pf.conf on all of the routers,
and still set host specific
options as "hostid" used by pfsync via rc.conf
The problem is that when i use "/etc/rc.d/pf reload" to reload the rules,
the rc.d/pf script first executes pfctl with -n option to check the
pf.conf syntax, but fails to include
the $pf_flags var, and fails because of undefined macros.
The following patch fixed this for me.
--- pf.orig 2008-01-21 11:18:27.000000000 +0200
+++ pf 2008-01-21 11:29:56.000000000 +0200
@@ -50,7 +50,7 @@
pf_reload()
{
echo "Reloading pf rules."
- $pf_program -n -f "$pf_rules" || return 1
+ $pf_program -n -f "$pf_rules" $pf_flags || return 1
# Flush everything but existing state entries that way when
# rules are read in, it doesn't break established connections.
$pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables
-Fosfp > /dev/null 2>&1
--
Niki
More information about the freebsd-net
mailing list