From owner-svn-src-stable@freebsd.org Wed Mar 21 09:55:20 2018 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 81808F58C27; Wed, 21 Mar 2018 09:55:20 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 33878867D6; Wed, 21 Mar 2018 09:55:20 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2E956292E2; Wed, 21 Mar 2018 09:55:20 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2L9tKMl046566; Wed, 21 Mar 2018 09:55:20 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2L9tKel046565; Wed, 21 Mar 2018 09:55:20 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201803210955.w2L9tKel046565@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Wed, 21 Mar 2018 09:55:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r331286 - stable/11/etc/rc.d X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/11/etc/rc.d X-SVN-Commit-Revision: 331286 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2018 09:55:20 -0000 Author: kp Date: Wed Mar 21 09:55:19 2018 New Revision: 331286 URL: https://svnweb.freebsd.org/changeset/base/331286 Log: MFC r330108: pf: Apply $pf_flags when verifying the pf.conf file When checking the validity of the pf.conf file also include the user supplied pf_flags. These flags might overrule macros or specify anchors, which we will apply when actually applying the pf.conf file, so we must also take them into account when verifying the validity. Submitted by: Andreas Longwitz Modified: stable/11/etc/rc.d/pf Directory Properties: stable/11/ (props changed) Modified: stable/11/etc/rc.d/pf ============================================================================== --- stable/11/etc/rc.d/pf Wed Mar 21 09:07:01 2018 (r331285) +++ stable/11/etc/rc.d/pf Wed Mar 21 09:55:19 2018 (r331286) @@ -47,13 +47,13 @@ pf_stop() pf_check() { echo "Checking pf rules." - $pf_program -n -f "$pf_rules" + $pf_program -n -f "$pf_rules" $pf_flags } pf_reload() { echo "Reloading pf rules." - $pf_program -n -f "$pf_rules" || return 1 + $pf_program -n -f "$pf_rules" $pf_flags || return 1 # Flush everything but existing state entries that way when # rules are read in, it doesn't break established connections. $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1