View | Details | Raw Unified | Return to bug 256410 | Differences between
and this patch

Collapse All | Expand All

(-)/etc/rc.d/pf (-1 / +15 lines)
Lines 29-35 Link Here
29
{
29
{
30
	check_startmsgs && echo -n 'Enabling pf'
30
	check_startmsgs && echo -n 'Enabling pf'
31
	$pf_program -F all > /dev/null 2>&1
31
	$pf_program -F all > /dev/null 2>&1
32
	$pf_program -f "$pf_rules" $pf_flags
32
	if ! $pf_program -f "$pf_rules" $pf_flags ; then
33
		if checkyesno pf_default_rules_enable; then
34
			warn "Unable to load $pf_rules and pf_default_rules_enable is set to YES."
35
			if [ -f $pf_default_rules_file ]; then
36
				warn "Loading pf_default_rules_file: $pf_default_rules_file"
37
				$pf_program -f $pf_default_rules_file $pf_flags
38
			else
39
				warn "pf_default_rules_file $pf_default_rules_file not found, looading pf_default_rules: $pf_default_rules"
40
				echo -e $pf_default_rules | $pf_program -f - $pf_flags
41
			fi
42
		else
43
			warn "Unable to load $pf_rules and pf_default_rules_enable is NO."
44
			warn "No pf rules are loaded, this means all traffic is permitted."
45
		fi
46
	fi
33
	if ! $pf_program -s info | grep -q "Enabled" ; then
47
	if ! $pf_program -s info | grep -q "Enabled" ; then
34
		$pf_program -eq
48
		$pf_program -eq
35
	fi
49
	fi
(-)/etc/defaults/rc.conf (+4 lines)
Lines 219-224 Link Here
219
				# by default)
219
				# by default)
220
pf_program="/sbin/pfctl"	# where the pfctl program lives
220
pf_program="/sbin/pfctl"	# where the pfctl program lives
221
pf_flags=""			# additional flags for pfctl
221
pf_flags=""			# additional flags for pfctl
222
pf_default_rules_enable="NO"	# fallback to $pf_default_rules if loading ruleset fails
223
pf_default_rules="block drop log all"	# block and drop everything if loading pf ruleset fails
224
#pf_default_rules="block drop log all\npass quick on em4"	# sample with multiple rules
225
pf_default_rules_file="/etc/pf-default.conf"	# use this file if it exists and loading the primary fails
222
pflog_enable="NO"		# Set to YES to enable packet filter logging
226
pflog_enable="NO"		# Set to YES to enable packet filter logging
223
pflog_logfile="/var/log/pflog"	# where pflogd should store the logfile
227
pflog_logfile="/var/log/pflog"	# where pflogd should store the logfile
224
pflog_program="/sbin/pflogd"	# where the pflogd program lives
228
pflog_program="/sbin/pflogd"	# where the pflogd program lives

Return to bug 256410