#
# old_revision [39c9f012ce8b82b4f02cb9b3e8a1cc5775b00f4f]
#
# patch "pf/lib/pf/pfcmd/checkup.pm"
#  from [17846a6364dab125fd4dd0f36fff8acfd361fe6c]
#    to [1625480d91c067c390b5bc959dc919f14b266128]
#
============================================================
--- pf/lib/pf/pfcmd/checkup.pm	17846a6364dab125fd4dd0f36fff8acfd361fe6c
+++ pf/lib/pf/pfcmd/checkup.pm	1625480d91c067c390b5bc959dc919f14b266128
@@ -96,6 +96,7 @@ sub sanity_check {
     is_config_documented();
     extensions();
     permissions();
+    violations();
 
     return @problems;
 }
@@ -549,6 +550,45 @@ sub permissions {
 
 }
 
+=item violations
+
+Checking for violations configurations
+
+=cut
+sub violations {
+    require pf::services;
+    my %violations_conf;
+    tie %violations_conf, 'Config::IniFiles',
+        ( -file => "$conf_dir/violations.conf" );
+    my @errors = @Config::IniFiles::errors;
+    if ( scalar(@errors) ) {
+        add_problem( $FATAL, "Error reading violations.conf");
+    }
+    my %violations = pf::services::class_set_defaults(%violations_conf);    
+
+    foreach my $violation ( keys %violations ) {
+
+        # parse triggers if they exist
+        my @triggers;
+        if ( defined $violations{$violation}{'trigger'} ) {
+            foreach my $trigger (
+                split( /\s*,\s*/, $violations{$violation}{'trigger'} ) )
+            {
+                my ( $type, $tid ) = split( /::/, $trigger );
+                $type = lc($type);
+                if ( !grep( { lc($_) eq lc($type) } @valid_trigger_types ) ) {
+                    add_problem( $WARN, "invalid trigger '$type' found at $violation");
+                }
+                if ( $tid =~ /(\d+)-(\d+)/ ) {
+                    if ( $1 > $2 ) {
+                         add_problem ( $FATAL, "Invalid usage of trigger range, start ID $1 is greater than end ID $2 for violation $violation");
+                    }
+                }
+            }
+	}
+     }
+}
+
 =back
 
 =head1 AUTHOR