#!/bin/ksh
# install to /usr/local/bin on firewall
# OpenBSD pdksh

if [ "$(id -u)" -ne 0 ]; then
  printf 'Needs to be run only from the ssl-update service.\n' >&2
  exit 1
fi
  
if [ -z "$ssl_service" ]; then
  printf 'Needs to be run only from the ssl-update service.\n' >&2
  exit 1
fi

/sbin/pfctl -n -f /etc/pf.conf
if [ $? != 0 ]; then
  printf 'Will not restart with a config error.\n' >&2
  exit 1
fi
/sbin/pfctl -d
/sbin/pfctl -e -f /etc/pf.conf