PF support on OpenBSD in progress, fwknop --fw-list now works

This is the first commit that has fwknopd interact with the PF firewall on OpenBSD (via fwknopd --fw-list to show any active fwknopd rules).
2011-08-27 10:57:17 -04:00
parent dcf2d94bf6
commit 0649ef924a
13 changed files with 313 additions and 34 deletions
--- a/server/config_init.c
+++ b/server/config_init.c
@@ -419,12 +419,20 @@ validate_options(fko_srv_options_t *opts)
        set_config_entry(opts, CONF_IPFW_ADD_CHECK_STATE,
            DEF_IPFW_ADD_CHECK_STATE);

-#elif FIREWALL_IPF
-
-    /* --DSS Place-holder */
-
 #elif FIREWALL_PF
+    /* Set PF anchor name
+    */
+    if(opts->config[CONF_PF_ANCHOR_NAME] == NULL)
+        set_config_entry(opts, CONF_PF_ANCHOR_NAME,
+            DEF_PF_ANCHOR_NAME);

+    /* Set PF rule expiry interval.
+    */
+    if(opts->config[CONF_PF_EXPIRE_INTERVAL] == NULL)
+        set_config_entry(opts, CONF_PF_EXPIRE_INTERVAL,
+            DEF_PF_EXPIRE_INTERVAL);
+
+#elif FIREWALL_IPF
    /* --DSS Place-holder */

 #endif /* FIREWALL type */