Bug 119874

Summary: [patch] "/etc/rc.d/pf reload" fails if there are macros defined in pf_flags rc variable
Product: Base System Reporter: Niki Denev <nike_d>
Component: confAssignee: freebsd-rc (Nobody) <rc>
Status: Closed FIXED    
Severity: Affects Only Me CC: avos
Priority: Normal Keywords: patch
Version: 7.0-PRERELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Niki Denev 2008-01-21 21:20:01 UTC 
I'm using the pf_flags rc var to set macros for pf.conf 
files i use in redundant router configuration.
This way i can have exactly the same pf.conf on all 
of the routers, and still set host specific
options as "hostid" used by pfsync via rc.conf
The problem is that when i use "/etc/rc.d/pf reload" to reload the rules,
the rc.d/pf script first executes pfctl with -n option to check the
pf.conf syntax, but fails to include
the $pf_flags var, and fails because of undefined macros.

Fix: Small patch to /etc/rc.d/pf which adds $pf_flags variable when executing
pfctl with "-n" flag to check ruleset syntax.


Patch attached with submission follows:
How-To-Repeat: use macros in pf.conf defined in rc.conf as pf_flags="-D macro=value"
and then do
# /etc/rc.d/pf reload

and it will fail because when the rules are checked on reloading the
$pf_flags variable is not included in the command.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2008-01-22 05:13:37 UTC 
Responsible Changed
From-To: freebsd-bugs->freebsd-rc

Over to maintainer(s).
Comment 2 Chris Rees freebsd_committer freebsd_triage 2012-10-31 19:25:11 UTC 
State Changed
From-To: open->analyzed

I think we could kill two birds with one stone here, and minimise the 
code duplication; use the pf_check function in pf_reload, and add your 
patch to pf_check http://www.bayofrum.net/~crees/patches/119874.diff
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2018-05-28 19:46:47 UTC 
batch change:

For bugs that match the following
-  Status Is In progress 
AND
- Untouched since 2018-01-01.
AND
- Affects Base System OR Documentation

DO:

Reset to open status.


Note:
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
Comment 4 Andriy Voskoboinyk freebsd_committer freebsd_triage 2019-04-10 08:37:09 UTC 
Seems to be committed in base r330108.