From owner-freebsd-net@FreeBSD.ORG  Mon Jan 21 09:42:52 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7D19516A418
	for <freebsd-net@freebsd.org>; Mon, 21 Jan 2008 09:42:52 +0000 (UTC)
	(envelope-from ndenev@gmail.com)
Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.189])
	by mx1.freebsd.org (Postfix) with ESMTP id 494D013C442
	for <freebsd-net@freebsd.org>; Mon, 21 Jan 2008 09:42:52 +0000 (UTC)
	(envelope-from ndenev@gmail.com)
Received: by rv-out-0910.google.com with SMTP id l15so1927451rvb.43
	for <freebsd-net@freebsd.org>; Mon, 21 Jan 2008 01:42:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth;
	bh=Cvy7aId8il4N6Bj6DnAKteft214tSMOp4SzpnYsl7Hs=;
	b=UE/Ftre1FnTz5JGgaZe1rxQJ31qKfOsb6+IdppMq7uspKvpbnBCyNZWLvMJp3YCNN3kA7YijAiKVv+C66r7hgeGMWJaDMKcbYZ1lQ5ZGmrTSmvXJ1efCfoY/gvRdu6oXGqBldr8DQ59IZnRoimb5j8+WDebJRXLOR1tpc0ZcuRw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth;
	b=PhTb/Yeob/CKgbPlXe7kzmhulMGPiikRBMB/9aYihEvq/IUNS54yVei1PcB8ji8iIOAaBvZewslBcm78an1aFECpSatmwqHpO4Nge9a7ndH9Gs3D/KLndlF3RvR/obvxGP8v9yNKnfhDJMmKWks27P3VpNmhzzIx70JiJWDOv50=
Received: by 10.140.250.14 with SMTP id x14mr4302604rvh.119.1200908571367;
	Mon, 21 Jan 2008 01:42:51 -0800 (PST)
Received: by 10.141.170.18 with HTTP; Mon, 21 Jan 2008 01:42:51 -0800 (PST)
Message-ID: <2e77fc10801210142g560f6f65p9908957d0c7a799e@mail.gmail.com>
Date: Mon, 21 Jan 2008 11:42:51 +0200
From: "Niki Denev" <nike_d@cytexbg.com>
Sender: ndenev@gmail.com
To: freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Google-Sender-Auth: 3a540560e2cac566
Subject: [PATCH] "/etc/rc.d/pf reload" fails if there are macros defined in
	pf_flags rcvar.
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2008 09:42:52 -0000

Hi,

I'm using the pf_flags rc var to set macros for pf.conf files i use in
redundant router configuration.
This way i can have exactly the same pf.conf on all of the routers,
and still set host specific
options as "hostid" used by pfsync via rc.conf
The problem is that when i use "/etc/rc.d/pf reload" to reload the rules,
the rc.d/pf script first executes pfctl with -n option to check the
pf.conf syntax, but fails to include
the $pf_flags var, and fails because of undefined macros.
The following patch fixed this for me.

--- pf.orig     2008-01-21 11:18:27.000000000 +0200
+++ pf  2008-01-21 11:29:56.000000000 +0200
@@ -50,7 +50,7 @@
 pf_reload()
 {
        echo "Reloading pf rules."
-       $pf_program -n -f "$pf_rules" || return 1
+       $pf_program -n -f "$pf_rules" $pf_flags || return 1
        # Flush everything but existing state entries that way when
        # rules are read in, it doesn't break established connections.
        $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables
-Fosfp > /dev/null 2>&1



-- 
Niki