Attachment #225774 for bug #256410

Lines 224-229 pf_rules="/etc/pf.conf" # rules definition file for pf (nonexistent Link Here

(-)b/libexec/rc/rc.conf (+4 lines)
224	# by default)	224	# by default)
225	pf_program="/sbin/pfctl" # where the pfctl program lives	225	pf_program="/sbin/pfctl" # where the pfctl program lives
226	pf_flags="" # additional flags for pfctl	226	pf_flags="" # additional flags for pfctl
		227	pf_fallback_rules_enable="NO" # fallback if loading ruleset fails
		228	pf_fallback_rules="block drop log all" # rules to load on pf ruleset failure
		229	#pf_fallback_rules="block drop log all\npass quick on em4" # multi-rule
		230	pf_fallback_rules_file="/etc/pf-fallback.conf" # rules file on ruleset failure
227	pflog_enable="NO" # Set to YES to enable packet filter logging	231	pflog_enable="NO" # Set to YES to enable packet filter logging
228	pflog_logfile="/var/log/pflog" # where pflogd should store the logfile	232	pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
229	pflog_program="/sbin/pflogd" # where the pflogd program lives	233	pflog_program="/sbin/pflogd" # where the pflogd program lives




required_files="$pf_rules"
required_modules="pf"

pf_fallback()
{
	if ! checkyesno pf_fallback_rules_enable; then
		return
	fi

	warn "Unable to load $pf_rules."
	if [ -f $pf_fallback_rules_file ]; then
		warn "Loading fallback rules file: $pf_fallback_rules_file"
		$pf_program -f $pf_fallback_rules_file $pf_flags
	else
		warn "Loading fallback rules: $pf_fallback_rules"
		echo -e $pf_fallback_rules | $pf_program -f - $pf_flags
	fi
}

pf_start()
{
	check_startmsgs && echo -n 'Enabling pf'
	$pf_program -F all > /dev/null 2>&1
	if ! $pf_program -f "$pf_rules" $pf_flags ; then
		pf_fallback
	fi
	if ! $pf_program -s info | grep -q "Enabled" ; then
		$pf_program -eq
	fi

Return to bug 256410

Lines 23-33 extra_commands="check reload resync" Link Here

(-)b/libexec/rc/rc.d/pf (-1 / +19 lines)
23	required_files="$pf_rules"	23	required_files="$pf_rules"
24	required_modules="pf"	24	required_modules="pf"
25		25
		26	pf_fallback()
		27	{
		28	if ! checkyesno pf_fallback_rules_enable; then
		29	return
		30	fi
		31
		32	warn "Unable to load $pf_rules."
		33	if [ -f $pf_fallback_rules_file ]; then
		34	warn "Loading fallback rules file: $pf_fallback_rules_file"
		35	$pf_program -f $pf_fallback_rules_file $pf_flags
		36	else
		37	warn "Loading fallback rules: $pf_fallback_rules"
		38	echo -e $pf_fallback_rules \| $pf_program -f - $pf_flags
		39	fi
		40	}
		41
26	pf_start()	42	pf_start()
27	{	43	{
28	check_startmsgs && echo -n 'Enabling pf'	44	check_startmsgs && echo -n 'Enabling pf'
29	$pf_program -F all > /dev/null 2>&1	45	$pf_program -F all > /dev/null 2>&1
30	$pf_program -f "$pf_rules" $pf_flags	46	if ! $pf_program -f "$pf_rules" $pf_flags ; then
		47	pf_fallback
		48	fi
31	if ! $pf_program -s info \| grep -q "Enabled" ; then	49	if ! $pf_program -s info \| grep -q "Enabled" ; then
32	$pf_program -eq	50	$pf_program -eq
33	fi	51	fi