From 2c374c024ea92ff1a18896ec80962bd832f534a0 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@sullrich-MacBookPro.geekgod.com>
Date: Thu, 11 Jun 2009 23:17:42 -0400
Subject: When PF is busy, do a pfctl -d and pfctl -e.  I just ran into a
 situation where PF was busy and would only respond to a pfctl -d pfctl -e to
 reload the rules.

---
 etc/inc/filter.inc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 133680a..b5f588d 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -250,6 +250,13 @@ function filter_configure_sync() {
 			unlock($filterlck);
 			return;
 		}
+		/* Brutal ugly hack but required -- PF is stuck, unwedge */
+		if(strstr("$rules_error", "busy")) {
+			exec("/sbin/pfctl -d");
+			exec("/sbin/pfctl -e");
+			file_notice("pf_busy", "PF was marked busy and has been reset.", "pf_busy", "");
+			log_error("PF was marked busy and has been reset.");
+		}
 	}
 
 	update_filter_reload_status("Starting up layer7 daemon");
@@ -2283,4 +2290,4 @@ EOD;
 	return($ipfrules);
 }
 
-?>
+?>
\ No newline at end of file
-- 
cgit v1.1