diff options
| author | Scott Ullrich <sullrich@sullrich-MacBookPro.geekgod.com> | 2009-06-11 23:17:42 -0400 |
|---|---|---|
| committer | Scott Ullrich <sullrich@sullrich-MacBookPro.geekgod.com> | 2009-06-11 23:17:42 -0400 |
| commit | 2c374c024ea92ff1a18896ec80962bd832f534a0 (patch) | |
| tree | 784a31634010f5b6202e3fa786a2a565dbf7ef23 | |
| parent | 688d49fff4a0f6abf1c68c68de36f785dc8cf942 (diff) | |
| download | pfsense-2c374c024ea92ff1a18896ec80962bd832f534a0.zip pfsense-2c374c024ea92ff1a18896ec80962bd832f534a0.tar.gz | |
When PF is busy, do a pfctl -d and pfctl -e. I just ran into a situation where
PF was busy and would only respond to a pfctl -d pfctl -e to reload the rules.
| -rw-r--r-- | etc/inc/filter.inc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 133680a..b5f588d 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -250,6 +250,13 @@ function filter_configure_sync() { unlock($filterlck); return; } + /* Brutal ugly hack but required -- PF is stuck, unwedge */ + if(strstr("$rules_error", "busy")) { + exec("/sbin/pfctl -d"); + exec("/sbin/pfctl -e"); + file_notice("pf_busy", "PF was marked busy and has been reset.", "pf_busy", ""); + log_error("PF was marked busy and has been reset."); + } } update_filter_reload_status("Starting up layer7 daemon"); @@ -2283,4 +2290,4 @@ EOD; return($ipfrules); } -?> +?>
\ No newline at end of file |
