summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorpjd <pjd@FreeBSD.org>2004-10-25 08:12:28 +0000
committerpjd <pjd@FreeBSD.org>2004-10-25 08:12:28 +0000
commit100e94e682f93c8aeae0f6683f1adab50f67b1f7 (patch)
treec77793c9ecc053997764c9b3d88d25981ae7eed0 /etc
parent3a8a530155f4b380ed48fd29c1dd0b435ff9f272 (diff)
downloadFreeBSD-src-100e94e682f93c8aeae0f6683f1adab50f67b1f7.zip
FreeBSD-src-100e94e682f93c8aeae0f6683f1adab50f67b1f7.tar.gz
- Add 'check' command for checking rules syntax.
- Before flushing rules in 'reload' command, check first if rules are correct. - Do not duplicate checking if $pf_rules file exists.
Diffstat (limited to 'etc')
-rw-r--r--etc/rc.d/pf25
1 files changed, 14 insertions, 11 deletions
diff --git a/etc/rc.d/pf b/etc/rc.d/pf
index b8a0c75..d7360c0 100644
--- a/etc/rc.d/pf
+++ b/etc/rc.d/pf
@@ -17,13 +17,15 @@ stop_precmd="test -f ${pf_rules}"
start_precmd="pf_prestart"
start_cmd="pf_start"
stop_cmd="pf_stop"
+check_precmd="$stop_precmd"
+check_cmd="pf_check"
reload_precmd="$stop_precmd"
reload_cmd="pf_reload"
resync_precmd="$stop_precmd"
resync_cmd="pf_resync"
status_precmd="$stop_precmd"
status_cmd="pf_status"
-extra_commands="reload resync status"
+extra_commands="check reload resync status"
pf_prestart()
{
@@ -37,8 +39,7 @@ pf_prestart()
fi
# check for pf rules
- if [ ! -r "${pf_rules}" ]
- then
+ if [ ! -r "${pf_rules}" ]; then
warn 'pf: NO PF RULESET FOUND'
return 1
fi
@@ -48,10 +49,7 @@ pf_start()
{
echo "Enabling pf."
${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
- if [ -r "${pf_rules}" ]; then
- ${pf_program:-/sbin/pfctl} \
- -f "${pf_rules}" ${pf_flags}
- fi
+ ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
${pf_program:-/sbin/pfctl} -e
fi
@@ -65,15 +63,20 @@ pf_stop()
fi
}
+pf_check()
+{
+ echo "Checking pf rules."
+
+ ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}"
+}
+
pf_reload()
{
echo "Reloading pf rules."
+ ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1
${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
- if [ -r "${pf_rules}" ]; then
- ${pf_program:-/sbin/pfctl} \
- -f "${pf_rules}" ${pf_flags}
- fi
+ ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
}
pf_resync()
OpenPOWER on IntegriCloud