diff options
author | pjd <pjd@FreeBSD.org> | 2004-10-25 08:12:28 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2004-10-25 08:12:28 +0000 |
commit | 100e94e682f93c8aeae0f6683f1adab50f67b1f7 (patch) | |
tree | c77793c9ecc053997764c9b3d88d25981ae7eed0 /etc | |
parent | 3a8a530155f4b380ed48fd29c1dd0b435ff9f272 (diff) | |
download | FreeBSD-src-100e94e682f93c8aeae0f6683f1adab50f67b1f7.zip FreeBSD-src-100e94e682f93c8aeae0f6683f1adab50f67b1f7.tar.gz |
- Add 'check' command for checking rules syntax.
- Before flushing rules in 'reload' command, check first if rules are
correct.
- Do not duplicate checking if $pf_rules file exists.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/rc.d/pf | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/etc/rc.d/pf b/etc/rc.d/pf index b8a0c75..d7360c0 100644 --- a/etc/rc.d/pf +++ b/etc/rc.d/pf @@ -17,13 +17,15 @@ stop_precmd="test -f ${pf_rules}" start_precmd="pf_prestart" start_cmd="pf_start" stop_cmd="pf_stop" +check_precmd="$stop_precmd" +check_cmd="pf_check" reload_precmd="$stop_precmd" reload_cmd="pf_reload" resync_precmd="$stop_precmd" resync_cmd="pf_resync" status_precmd="$stop_precmd" status_cmd="pf_status" -extra_commands="reload resync status" +extra_commands="check reload resync status" pf_prestart() { @@ -37,8 +39,7 @@ pf_prestart() fi # check for pf rules - if [ ! -r "${pf_rules}" ] - then + if [ ! -r "${pf_rules}" ]; then warn 'pf: NO PF RULESET FOUND' return 1 fi @@ -48,10 +49,7 @@ pf_start() { echo "Enabling pf." ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 - if [ -r "${pf_rules}" ]; then - ${pf_program:-/sbin/pfctl} \ - -f "${pf_rules}" ${pf_flags} - fi + ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then ${pf_program:-/sbin/pfctl} -e fi @@ -65,15 +63,20 @@ pf_stop() fi } +pf_check() +{ + echo "Checking pf rules." + + ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" +} + pf_reload() { echo "Reloading pf rules." + ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 - if [ -r "${pf_rules}" ]; then - ${pf_program:-/sbin/pfctl} \ - -f "${pf_rules}" ${pf_flags} - fi + ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} } pf_resync() |