Overview: In the pf rc.d script the output of `/etc/rc.d/pf status` or `/etc/rc.d/pf onestatus` always provides an exit status of 0. This makes it fiddly to programmatically determine if pf is running or not. To Reproduce: Run `/etc/rc.d/pf onestatus` at any point before pf has been started for the first time or after the service has been stopped. Actual Results: Case 1) (When module not loaded) # service pf onestatus pf.ko is not loaded # echo $? 0 Case 2) (When module is loaded but the status is disabled) # service pf onestatus Status: Disabled for 0 days 00:01:48 Debug: Urgent State Table Total Rate current entries 0 ...snip... # echo $? 0 Expected results: `service pf onestatus; echo $?` should return a non-zero exit status when the service is not running. Additional information: While returning a non-zero exit status in the instance where the pf module has not been loaded is a trivial modification to the init script. From what I can tell from pfctl(8) there is no functionality to provide an exit status reflecting the running state of pf.
Created attachment 193889 [details] pf exit status patch Attached is an indication of what might need to change in order to resolve this bug.
Thanks for the patch. From a quick look it seems like a reasonable approach. I'll try to take a closer look (and commit it) in the next week or so. Feel free to chase me if I haven't done anything by the 12th or so.
A commit references this bug: Author: kp Date: Wed Jun 6 19:36:38 UTC 2018 New revision: 334726 URL: https://svnweb.freebsd.org/changeset/base/334726 Log: pf: Return non-zero from 'status' if pf is not enabled In the pf rc.d script the output of `/etc/rc.d/pf status` or `/etc/rc.d/pf onestatus` always provided an exit status of zero. This made it fiddly to programmatically determine if pf was running or not. Return a non-zero status if the pf module is not loaded, extend pfctl to have an option to return an error status if pf is not enabled. PR: 228632 Submitted by: James Park-Watt <jimmypw AT gmail.com> MFC after: 1 week Changes: head/etc/rc.d/pf head/sbin/pfctl/pfctl.8 head/sbin/pfctl/pfctl.c head/sbin/pfctl/pfctl_parser.c head/sbin/pfctl/pfctl_parser.h
A commit references this bug: Author: kp Date: Wed Jun 13 13:15:05 UTC 2018 New revision: 335058 URL: https://svnweb.freebsd.org/changeset/base/335058 Log: MFC r334726: pf: Return non-zero from 'status' if pf is not enabled In the pf rc.d script the output of `/etc/rc.d/pf status` or `/etc/rc.d/pf onestatus` always provided an exit status of zero. This made it fiddly to programmatically determine if pf was running or not. Return a non-zero status if the pf module is not loaded, extend pfctl to have an option to return an error status if pf is not enabled. PR: 228632 Submitted by: James Park-Watt <jimmypw AT gmail.com> Changes: _U stable/11/ stable/11/etc/rc.d/pf stable/11/sbin/pfctl/pfctl.8 stable/11/sbin/pfctl/pfctl.c stable/11/sbin/pfctl/pfctl_parser.c stable/11/sbin/pfctl/pfctl_parser.h