vnet-start: load pf.conf if not loaded

pizzamig · pizzamig · commit 23f6f97bed13 · 2019-06-25T14:29:44.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [Unreleased]
 ### Fixed
 - init: make pf.conf more robust
+- vnet-start: make pf start more robust, in case pf as service is not up
 
 ## [0.6.0] 2019-06-23
 ### Added
diff --git a/share/pot/vnet-start.sh b/share/pot/vnet-start.sh
@@ -73,6 +73,12 @@ pot-vnet-start()
 
 	# load pf module
 	kldload -n pf
+	# check anchors
+	if [ -z "$( pfctl -s Anchors | grep -F '^[ \t]*pot-nat$' )" ] ||
+		[ -z "$( pfctl -s Anchors | grep -F '^[ \t]*pot-rdr$' )" ]; then
+		_debug "Pot anchors are missing - load pf.conf"
+		pfctl -f pf.conf
+	fi
 	_nat_rules="/tmp/pot_pf_nat_rules"
 	if [ -w "$_nat_rules" ]; then
 		rm -f "$_nat_rules"
