From owner-svn-src-all@freebsd.org  Wed Mar 21 09:55:50 2018
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6D473F58CD5;
 Wed, 21 Mar 2018 09:55:50 +0000 (UTC) (envelope-from kp@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 21C76868F6;
 Wed, 21 Mar 2018 09:55:50 +0000 (UTC) (envelope-from kp@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1A73A292E3;
 Wed, 21 Mar 2018 09:55:50 +0000 (UTC) (envelope-from kp@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2L9tnZf046631;
 Wed, 21 Mar 2018 09:55:49 GMT (envelope-from kp@FreeBSD.org)
Received: (from kp@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2L9tnLO046630;
 Wed, 21 Mar 2018 09:55:49 GMT (envelope-from kp@FreeBSD.org)
Message-Id: <201803210955.w2L9tnLO046630@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org
 using -f
From: Kristof Provost <kp@FreeBSD.org>
Date: Wed, 21 Mar 2018 09:55:49 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject: svn commit: r331287 - stable/10/etc/rc.d
X-SVN-Group: stable-10
X-SVN-Commit-Author: kp
X-SVN-Commit-Paths: stable/10/etc/rc.d
X-SVN-Commit-Revision: 331287
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2018 09:55:50 -0000

Author: kp
Date: Wed Mar 21 09:55:49 2018
New Revision: 331287
URL: https://svnweb.freebsd.org/changeset/base/331287

Log:
  MFC r330108:
  
  pf: Apply $pf_flags when verifying the pf.conf file
  
  When checking the validity of the pf.conf file also include the user supplied
  pf_flags. These flags might overrule macros or specify anchors, which we will
  apply when actually applying the pf.conf file, so we must also take them into
  account when verifying the validity.
  
  Submitted by:	Andreas Longwitz <longwitz at incore.de>

Modified:
  stable/10/etc/rc.d/pf
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/etc/rc.d/pf
==============================================================================
--- stable/10/etc/rc.d/pf	Wed Mar 21 09:55:19 2018	(r331286)
+++ stable/10/etc/rc.d/pf	Wed Mar 21 09:55:49 2018	(r331287)
@@ -46,13 +46,13 @@ pf_stop()
 pf_check()
 {
 	echo "Checking pf rules."
-	$pf_program -n -f "$pf_rules"
+	$pf_program -n -f "$pf_rules" $pf_flags
 }
 
 pf_reload()
 {
 	echo "Reloading pf rules."
-	$pf_program -n -f "$pf_rules" || return 1
+	$pf_program -n -f "$pf_rules" $pf_flags || return 1
 	# Flush everything but existing state entries that way when
 	# rules are read in, it doesn't break established connections.
 	$pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1