#!/bin/sh
# trypf - try new rules. restore old rules in 5 minutes.
# uses file in /tmp as flag. if file still exists after timeout
# (5 minutes), restore old rules.
#
# dave@grox.net - Thu Feb 10 04:02:51 2005
#
# use: trypf newrules; <test new rules> ; rm /tmp/flagfile
################################################################
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/root/bin
PROG=`basename $0`
FLAGFILE=/tmp/pf.test
# seconds: 600 = 10 minutes
INTERVAL=600

usage() {
	echo "usage: $PROG file" >&2
	exit 1
}

# this should not happen, ever
if [ -e $FLAGFILE ] ; then
	echo "something is weird. $FLAGFILE exists. i quit." >&2
	exit 1
fi

# must specify name of rule file
[ -n "$1" -a -r "$1" ] && RULEFILE=$1 || usage

# test for errors first
pfctl -nf $RULEFILE || { echo "problem with rules. i quit." >&2 ; exit 2 ; }

# flush ALL: rules, nat, everything...
pfctl -F all ; pfctl -f $RULEFILE

sleep $INTERVAL

# if flag exists, must not have been able to create
# a connection to delete it. restore "normal" rules.
#
if [ -e $FLAGFILE ] ; then
	pfctl -F all 
	pfctl -f /etc/pf.conf
fi