From owner-freebsd-net@FreeBSD.ORG  Mon Jan 21 21:26:19 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 16D7E16A41A
	for <freebsd-net@freebsd.org>; Mon, 21 Jan 2008 21:26:19 +0000 (UTC)
	(envelope-from ndenev@gmail.com)
Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.190])
	by mx1.freebsd.org (Postfix) with ESMTP id 5C57313C45B
	for <freebsd-net@freebsd.org>; Mon, 21 Jan 2008 21:26:18 +0000 (UTC)
	(envelope-from ndenev@gmail.com)
Received: by rv-out-0910.google.com with SMTP id l15so2112042rvb.43
	for <freebsd-net@freebsd.org>; Mon, 21 Jan 2008 13:26:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	bh=DeRwatgjonbefUkh2mwu86gdcqqWzwoNY7jKVbzy84E=;
	b=k2PR8aKf5AfkbIUXAh/Ee6f0Bu4JzojUFwQUVHCupkfgOJWyblsefYHGf+pCaK7Fj554P7UbUIckLXlv2LiG2lfS6xy7TS/hSLqOaCX76hYrrsFKAtdIOKUS/8QRAMt/HFZaykA1S/dnjjIDgEh3jzokK/VNkzs9VpkCWeC5x0w=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	b=ueYY2oNqGYdZ40/RN6YO79PWxRPw1kQtUbgNWfd2uqlfLv1OUIPVXGYIPMeb9DMl7S6HHJPiFE5JuWAppSJKd2BZWkF2qIW/jPQ+wnsMGgE8YQ3M9sCFB9bAxn8g60le6Etv/2TDUNEwLYWWBojtf+xWZnHUeOenFe4jKyELCqY=
Received: by 10.141.141.3 with SMTP id t3mr4776077rvn.226.1200950777761;
	Mon, 21 Jan 2008 13:26:17 -0800 (PST)
Received: by 10.141.170.18 with HTTP; Mon, 21 Jan 2008 13:26:17 -0800 (PST)
Message-ID: <2e77fc10801211326t21239b58o5b5c7604a2980543@mail.gmail.com>
Date: Mon, 21 Jan 2008 23:26:17 +0200
From: "Niki Denev" <nike_d@cytexbg.com>
Sender: ndenev@gmail.com
To: freebsd-net@freebsd.org
In-Reply-To: <2e77fc10801210142g560f6f65p9908957d0c7a799e@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <2e77fc10801210142g560f6f65p9908957d0c7a799e@mail.gmail.com>
X-Google-Sender-Auth: c4c3d8d1ea8789a8
Subject: Re: [PATCH] "/etc/rc.d/pf reload" fails if there are macros defined
	in pf_flags rcvar.
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2008 21:26:19 -0000

On Jan 21, 2008 11:42 AM, Niki Denev <nike_d@cytexbg.com> wrote:
> Hi,
>
> I'm using the pf_flags rc var to set macros for pf.conf files i use in
> redundant router configuration.
> This way i can have exactly the same pf.conf on all of the routers,
> and still set host specific
> options as "hostid" used by pfsync via rc.conf
> The problem is that when i use "/etc/rc.d/pf reload" to reload the rules,
> the rc.d/pf script first executes pfctl with -n option to check the
> pf.conf syntax, but fails to include
> the $pf_flags var, and fails because of undefined macros.
> The following patch fixed this for me.
>
> --- pf.orig     2008-01-21 11:18:27.000000000 +0200
> +++ pf  2008-01-21 11:29:56.000000000 +0200
> @@ -50,7 +50,7 @@
>  pf_reload()
>  {
>        echo "Reloading pf rules."
> -       $pf_program -n -f "$pf_rules" || return 1
> +       $pf_program -n -f "$pf_rules" $pf_flags || return 1
>        # Flush everything but existing state entries that way when
>        # rules are read in, it doesn't break established connections.
>        $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables
> -Fosfp > /dev/null 2>&1
>
>
>
> --
> Niki
>

Just filed under misc/119874