d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

When reloading rules via rc.d/pf, flush everything but existing state

Browse Source 
entries that way when rules are read in, it doesn't break established
connections.

Approved by:	mlaier
Reviewed by:	rc
MFC after:	3 weeks
This commit is contained in:
Sean Chittenden 2005-04-04 23:06:10 +00:00
parent c6a37e8413
commit 47accd603c
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=144638
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
etc/rc.d/pf
View File

@ -75,7 +75,9 @@ pf_reload()
echo "Reloading pf rules."
${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1
${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
# Flush everything but existing state entries that way when
# rules are read in, it doesn't break established connections.
${pf_program:-/sbin/pfctl} -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1
${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
}