FreeBSD Bugzilla – Attachment 225724 Details for
Bug 256410
pf: Add pf_fallback_rules option
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Updated patch with support for pf_default_rules_file and no "looading" typo
pf-default-rules-v3.patch (text/plain), 1.82 KB, created by
Thomas Steen Rasmussen / Tykling
on 2021-06-11 09:28:09 UTC
(
hide
)
Description:
Updated patch with support for pf_default_rules_file and no "looading" typo
Filename:
MIME Type:
Creator:
Thomas Steen Rasmussen / Tykling
Created:
2021-06-11 09:28:09 UTC
Size:
1.82 KB
patch
obsolete
>--- /etc/rc.d/pf.orig 2021-06-04 09:34:27.251413000 +0000 >+++ /etc/rc.d/pf 2021-06-10 19:55:28.346618000 +0000 >@@ -29,7 +29,21 @@ > { > check_startmsgs && echo -n 'Enabling pf' > $pf_program -F all > /dev/null 2>&1 >- $pf_program -f "$pf_rules" $pf_flags >+ if ! $pf_program -f "$pf_rules" $pf_flags ; then >+ if checkyesno pf_default_rules_enable; then >+ warn "Unable to load $pf_rules and pf_default_rules_enable is set to YES." >+ if [ -f $pf_default_rules_file ]; then >+ warn "Loading pf_default_rules_file: $pf_default_rules_file" >+ $pf_program -f $pf_default_rules_file $pf_flags >+ else >+ warn "pf_default_rules_file $pf_default_rules_file not found, loading pf_default_rules: $pf_default_rules" >+ echo -e $pf_default_rules | $pf_program -f - $pf_flags >+ fi >+ else >+ warn "Unable to load $pf_rules and pf_default_rules_enable is NO." >+ warn "No pf rules are loaded, this means all traffic is permitted." >+ fi >+ fi > if ! $pf_program -s info | grep -q "Enabled" ; then > $pf_program -eq > fi >--- /etc/defaults/rc.conf.orig 2021-06-04 09:34:41.986350000 +0000 >+++ /etc/defaults/rc.conf 2021-06-10 16:56:50.592526000 +0000 >@@ -219,6 +219,10 @@ > # by default) > pf_program="/sbin/pfctl" # where the pfctl program lives > pf_flags="" # additional flags for pfctl >+pf_default_rules_enable="NO" # fallback to $pf_default_rules if loading ruleset fails >+pf_default_rules="block drop log all" # block and drop everything if loading pf ruleset fails >+#pf_default_rules="block drop log all\npass quick on em4" # sample with multiple rules >+pf_default_rules_file="/etc/pf-default.conf" # use this file if it exists and loading the primary fails > pflog_enable="NO" # Set to YES to enable packet filter logging > pflog_logfile="/var/log/pflog" # where pflogd should store the logfile > pflog_program="/sbin/pflogd" # where the pflogd program lives
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=225724">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 256410
:
225540
|
225716
|
225724
|
225728
|
225730
|
225774