| version 1.473, 2015/12/06 13:51:41 |
version 1.474, 2015/12/29 19:41:24 |
|
|
| |
|
| # Bring carp interfaces down gracefully. |
# Bring carp interfaces down gracefully. |
| ifconfig | while read _if _junk; do |
ifconfig | while read _if _junk; do |
| case $_if in |
[[ $_if == carp+([0-9]): ]] && ifconfig ${_if%:} down |
| carp+([0-9]):) ifconfig ${_if%:} down ;; |
|
| esac |
|
| done |
done |
| |
|
| exit 0 |
exit 0 |
|
|
| fi |
fi |
| RULES="$RULES\npass in proto carp keep state (no-sync)" |
RULES="$RULES\npass in proto carp keep state (no-sync)" |
| RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)" |
RULES="$RULES\npass out proto carp !received-on any keep state (no-sync)" |
| case $(sysctl vfs.mounts.nfs 2>/dev/null) in |
if [[ $(sysctl vfs.mounts.nfs 2>/dev/null) == *[1-9]* ]]; then |
| *[1-9]*) |
|
| # Don't kill NFS. |
# Don't kill NFS. |
| RULES="set reassemble yes no-df\n$RULES" |
RULES="set reassemble yes no-df\n$RULES" |
| RULES="$RULES\npass in proto { tcp, udp } from any port { sunrpc, nfsd } to any" |
RULES="$RULES\npass in proto { tcp, udp } from any port { sunrpc, nfsd } to any" |
| RULES="$RULES\npass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any" |
RULES="$RULES\npass out proto { tcp, udp } from any to any port { sunrpc, nfsd } !received-on any" |
| ;; |
fi |
| esac |
|
| print -- "$RULES" | pfctl -f - |
print -- "$RULES" | pfctl -f - |
| pfctl -e |
pfctl -e |
| fi |
fi |
![[BACK]](/icons/back.gif){kind=icon}
Return to rc CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / etc