Date: Mon, 21 Jan 2008 11:42:51 +0200 From: "Niki Denev" <nike_d@cytexbg.com> To: freebsd-net@freebsd.org Subject: [PATCH] "/etc/rc.d/pf reload" fails if there are macros defined in pf_flags rcvar. Message-ID: <2e77fc10801210142g560f6f65p9908957d0c7a799e@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi,
I'm using the pf_flags rc var to set macros for pf.conf files i use in
redundant router configuration.
This way i can have exactly the same pf.conf on all of the routers,
and still set host specific
options as "hostid" used by pfsync via rc.conf
The problem is that when i use "/etc/rc.d/pf reload" to reload the rules,
the rc.d/pf script first executes pfctl with -n option to check the
pf.conf syntax, but fails to include
the $pf_flags var, and fails because of undefined macros.
The following patch fixed this for me.
--- pf.orig 2008-01-21 11:18:27.000000000 +0200
+++ pf 2008-01-21 11:29:56.000000000 +0200
@@ -50,7 +50,7 @@
pf_reload()
{
echo "Reloading pf rules."
- $pf_program -n -f "$pf_rules" || return 1
+ $pf_program -n -f "$pf_rules" $pf_flags || return 1
# Flush everything but existing state entries that way when
# rules are read in, it doesn't break established connections.
$pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables
-Fosfp > /dev/null 2>&1
--
Niki
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2e77fc10801210142g560f6f65p9908957d0c7a799e>