From 3ec2fca107faeff33e7d2a8ffc8be553f638cf4f Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 20 Mar 2014 15:56:04 +0000 Subject: Try to restore last working ruleset rather than staying without configuration at all --- etc/inc/filter.inc | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index f193675..19fad2f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -332,17 +332,22 @@ function filter_configure_sync($delete_states_if_needed = true) { if(is_array($line_split)) $line_error = sprintf(gettext('The line in question reads [%1$d]: %2$s'), $line_number, $line_split[$line_number-1]); unset($line_split); - if ($line_error and $line_number) { - file_notice("filter_load", sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $rules_error[0], $line_error), "Filter Reload", ""); - update_filter_reload_status(sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $rules_error[0], $line_error)); - unlock($filterlck); - return; - } + /* Brutal ugly hack but required -- PF is stuck, unwedge */ if (strstr("$rules_error[0]", "busy")) { exec("/sbin/pfctl -d; /sbin/pfctl -e; /sbin/pfctl -f {$g['tmp_path']}/rules.debug"); $error_msg = gettext("PF was wedged/busy and has been reset."); file_notice("pf_busy", $error_msg, "pf_busy", ""); + } else { + $_grbg = exec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.debug.old 2>&1", $rules_error, $rules_loading); + } + unset($rules_loading, $rules_error); + + if ($line_error and $line_number) { + file_notice("filter_load", sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $rules_error[0], $line_error), "Filter Reload", ""); + update_filter_reload_status(sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $rules_error[0], $line_error)); + unlock($filterlck); + return; } } -- cgit v1.1