Ansible is already managing pkg and service of openBSD , cool
If one want to manage pf with it, and push or modify a few files,
on must run - command: /sbin/pfctl -f {{ dank.config }}
Yet - service could be use, if this glue was in the rc.d directory :
# cat /etc/rc.d/pf
#!/bin/sh
#
daemon="/sbin/pfctl"
. /etc/rc.d/rc.subr
rc_usercheck=NO
if [ "$pf" = "YES" ]; then
mpf=/etc/pf.conf
else
mpf=$pf
fi
rc_start() {
${daemon} -e
}
rc_check() {
${daemon} -nf $mpf
}
rc_reload() {
${daemon} -f $mpf
}
rc_stop() {
${daemon} -d
}
rc_cmd $1
####################################
I m sure i made some mistake in this but it <works>
i was thinking in the man page of rc.conf this is
pf rc calls: pfctl(8) -ef /etc/pf.conf
maybe if pf != YES
pf rc calls: pfctl(8) -ef $pf
because i think i change it once.
This easy to add patch would help automation i think,
also this is cool and strange :
# rcctl check pf
rcctl: "pf" is a special variable, no rc.d(8) script
but i guess /etc/rc.d/pf could be /etc/rc.d/firewall or something
Cheers
--
---------------------------------------------------------------------------------------------------------------------
() ascii ribbon campaign - against html e-mail
/\
