FreeBSD Bugzilla – Attachment 225774 Details for
Bug 256410
pf: Add pf_fallback_rules option
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed tidy-up
256410.patch (text/plain), 1.75 KB, created by
Kristof Provost
on 2021-06-13 20:29:46 UTC
(
hide
)
Description:
Proposed tidy-up
Filename:
MIME Type:
Creator:
Kristof Provost
Created:
2021-06-13 20:29:46 UTC
Size:
1.75 KB
patch
obsolete
>diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf >index 041d4b6b5321..b3d5cbd1443d 100644 >--- a/libexec/rc/rc.conf >+++ b/libexec/rc/rc.conf >@@ -224,6 +224,10 @@ pf_rules="/etc/pf.conf" # rules definition file for pf (nonexistent > # by default) > pf_program="/sbin/pfctl" # where the pfctl program lives > pf_flags="" # additional flags for pfctl >+pf_fallback_rules_enable="NO" # fallback if loading ruleset fails >+pf_fallback_rules="block drop log all" # rules to load on pf ruleset failure >+#pf_fallback_rules="block drop log all\npass quick on em4" # multi-rule >+pf_fallback_rules_file="/etc/pf-fallback.conf" # rules file on ruleset failure > pflog_enable="NO" # Set to YES to enable packet filter logging > pflog_logfile="/var/log/pflog" # where pflogd should store the logfile > pflog_program="/sbin/pflogd" # where the pflogd program lives >diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf >index 1f7394007667..38eb9ee9a497 100755 >--- a/libexec/rc/rc.d/pf >+++ b/libexec/rc/rc.d/pf >@@ -23,11 +23,29 @@ extra_commands="check reload resync" > required_files="$pf_rules" > required_modules="pf" > >+pf_fallback() >+{ >+ if ! checkyesno pf_fallback_rules_enable; then >+ return >+ fi >+ >+ warn "Unable to load $pf_rules." >+ if [ -f $pf_fallback_rules_file ]; then >+ warn "Loading fallback rules file: $pf_fallback_rules_file" >+ $pf_program -f $pf_fallback_rules_file $pf_flags >+ else >+ warn "Loading fallback rules: $pf_fallback_rules" >+ echo -e $pf_fallback_rules | $pf_program -f - $pf_flags >+ fi >+} >+ > pf_start() > { > check_startmsgs && echo -n 'Enabling pf' > $pf_program -F all > /dev/null 2>&1 >- $pf_program -f "$pf_rules" $pf_flags >+ if ! $pf_program -f "$pf_rules" $pf_flags ; then >+ pf_fallback >+ fi > if ! $pf_program -s info | grep -q "Enabled" ; then > $pf_program -eq > fi
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=225774">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 256410
:
225540
|
225716
|
225724
|
225728
|
225730
| 225774