From 6c258afbdf7b62bca36c2133e5a9c25ab185583e Mon Sep 17 00:00:00 2001
From: kp <kp@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Wed, 21 Mar 2018 09:55:49 +0000
Subject: [PATCH] MFC r330108:

pf: Apply $pf_flags when verifying the pf.conf file

When checking the validity of the pf.conf file also include the user supplied
pf_flags. These flags might overrule macros or specify anchors, which we will
apply when actually applying the pf.conf file, so we must also take them into
account when verifying the validity.

Submitted by:	Andreas Longwitz <longwitz at incore.de>


git-svn-id: svn://svn.freebsd.org/base/stable/10@331287 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 etc/rc.d/pf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/rc.d/pf b/etc/rc.d/pf
index 8dcc40d46..135796aea 100755
--- a/etc/rc.d/pf
+++ b/etc/rc.d/pf
@@ -46,13 +46,13 @@ pf_stop()
 pf_check()
 {
 	echo "Checking pf rules."
-	$pf_program -n -f "$pf_rules"
+	$pf_program -n -f "$pf_rules" $pf_flags
 }
 
 pf_reload()
 {
 	echo "Reloading pf rules."
-	$pf_program -n -f "$pf_rules" || return 1
+	$pf_program -n -f "$pf_rules" $pf_flags || return 1
 	# Flush everything but existing state entries that way when
 	# rules are read in, it doesn't break established connections.
 	$pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1
-- 
2.42.0