diff options
| author | seanc <seanc@FreeBSD.org> | 2005-04-04 23:06:10 +0000 |
|---|---|---|
| committer | seanc <seanc@FreeBSD.org> | 2005-04-04 23:06:10 +0000 |
| commit | c8a26af59bb53434d004daf56414d72bc10691d7 (patch) | |
| tree | 6c315ca0914ed6eccd783ed5bcb49264bb210069 /etc | |
| parent | 41cadaa11ed081720fe75d25094f73a53d9bf55c (diff) | |
| download | FreeBSD-src-c8a26af59bb53434d004daf56414d72bc10691d7.zip FreeBSD-src-c8a26af59bb53434d004daf56414d72bc10691d7.tar.gz | |
When reloading rules via rc.d/pf, flush everything but existing state
entries that way when rules are read in, it doesn't break established
connections.
Approved by: mlaier
Reviewed by: rc
MFC after: 3 weeks
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/rc.d/pf | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/rc.d/pf b/etc/rc.d/pf index d7360c0..3b9ae93 100644 --- a/etc/rc.d/pf +++ b/etc/rc.d/pf @@ -75,7 +75,9 @@ pf_reload() echo "Reloading pf rules." ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1 - ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 + # Flush everything but existing state entries that way when + # rules are read in, it doesn't break established connections. + ${pf_program:-/sbin/pfctl} -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} } |
