Date: Mon, 21 Jan 2008 23:26:17 +0200 From: "Niki Denev" <nike_d@cytexbg.com> To: freebsd-net@freebsd.org Subject: Re: [PATCH] "/etc/rc.d/pf reload" fails if there are macros defined in pf_flags rcvar. Message-ID: <2e77fc10801211326t21239b58o5b5c7604a2980543@mail.gmail.com> In-Reply-To: <2e77fc10801210142g560f6f65p9908957d0c7a799e@mail.gmail.com> References: <2e77fc10801210142g560f6f65p9908957d0c7a799e@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 21, 2008 11:42 AM, Niki Denev <nike_d@cytexbg.com> wrote:
> Hi,
>
> I'm using the pf_flags rc var to set macros for pf.conf files i use in
> redundant router configuration.
> This way i can have exactly the same pf.conf on all of the routers,
> and still set host specific
> options as "hostid" used by pfsync via rc.conf
> The problem is that when i use "/etc/rc.d/pf reload" to reload the rules,
> the rc.d/pf script first executes pfctl with -n option to check the
> pf.conf syntax, but fails to include
> the $pf_flags var, and fails because of undefined macros.
> The following patch fixed this for me.
>
> --- pf.orig 2008-01-21 11:18:27.000000000 +0200
> +++ pf 2008-01-21 11:29:56.000000000 +0200
> @@ -50,7 +50,7 @@
> pf_reload()
> {
> echo "Reloading pf rules."
> - $pf_program -n -f "$pf_rules" || return 1
> + $pf_program -n -f "$pf_rules" $pf_flags || return 1
> # Flush everything but existing state entries that way when
> # rules are read in, it doesn't break established connections.
> $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables
> -Fosfp > /dev/null 2>&1
>
>
>
> --
> Niki
>
Just filed under misc/119874
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2e77fc10801211326t21239b58o5b5c7604a2980543>