1#!/bin/sh
2#
| 1#!/bin/sh
2#
|
3# $FreeBSD: head/etc/rc.d/pf 136224 2004-10-07 13:55:26Z mtm $
| 3# $FreeBSD: head/etc/rc.d/pf 136942 2004-10-25 08:12:28Z pjd $
|
4#
5
6# PROVIDE: pf
7# REQUIRE: root mountcritlocal netif pflog
8# BEFORE: DAEMON LOGIN
9# KEYWORD: nojail
10
11. /etc/rc.subr
12
13name="pf"
14rcvar=`set_rcvar`
15load_rc_config $name
16stop_precmd="test -f ${pf_rules}"
17start_precmd="pf_prestart"
18start_cmd="pf_start"
19stop_cmd="pf_stop"
| 4#
5
6# PROVIDE: pf
7# REQUIRE: root mountcritlocal netif pflog
8# BEFORE: DAEMON LOGIN
9# KEYWORD: nojail
10
11. /etc/rc.subr
12
13name="pf"
14rcvar=`set_rcvar`
15load_rc_config $name
16stop_precmd="test -f ${pf_rules}"
17start_precmd="pf_prestart"
18start_cmd="pf_start"
19stop_cmd="pf_stop"
|
| 20check_precmd="$stop_precmd"
21check_cmd="pf_check"
|
20reload_precmd="$stop_precmd"
21reload_cmd="pf_reload"
22resync_precmd="$stop_precmd"
23resync_cmd="pf_resync"
24status_precmd="$stop_precmd"
25status_cmd="pf_status"
| 22reload_precmd="$stop_precmd"
23reload_cmd="pf_reload"
24resync_precmd="$stop_precmd"
25resync_cmd="pf_resync"
26status_precmd="$stop_precmd"
27status_cmd="pf_status"
|
26extra_commands="reload resync status"
| 28extra_commands="check reload resync status"
|
27
28pf_prestart()
29{
30 # load pf kernel module if needed
31 if ! kldstat -v | grep -q pf\$; then
32 if kldload pf; then
33 info 'pf module loaded.'
34 else
35 err 1 'pf module failed to load.'
36 fi
37 fi
38
39 # check for pf rules
| 29
30pf_prestart()
31{
32 # load pf kernel module if needed
33 if ! kldstat -v | grep -q pf\$; then
34 if kldload pf; then
35 info 'pf module loaded.'
36 else
37 err 1 'pf module failed to load.'
38 fi
39 fi
40
41 # check for pf rules
|
40 if [ ! -r "${pf_rules}" ]
41 then
| 42 if [ ! -r "${pf_rules}" ]; then
|
42 warn 'pf: NO PF RULESET FOUND'
43 return 1
44 fi
45}
46
47pf_start()
48{
49 echo "Enabling pf."
50 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
| 43 warn 'pf: NO PF RULESET FOUND'
44 return 1
45 fi
46}
47
48pf_start()
49{
50 echo "Enabling pf."
51 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
|
51 if [ -r "${pf_rules}" ]; then
52 ${pf_program:-/sbin/pfctl} \
53 -f "${pf_rules}" ${pf_flags}
54 fi
| 52 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
|
55 if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
56 ${pf_program:-/sbin/pfctl} -e
57 fi
58}
59
60pf_stop()
61{
62 if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
63 echo "Disabling pf."
64 ${pf_program:-/sbin/pfctl} -d
65 fi
66}
67
| 53 if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
54 ${pf_program:-/sbin/pfctl} -e
55 fi
56}
57
58pf_stop()
59{
60 if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
61 echo "Disabling pf."
62 ${pf_program:-/sbin/pfctl} -d
63 fi
64}
65
|
| 66pf_check()
67{
68 echo "Checking pf rules."
69
70 ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}"
71}
72
|
68pf_reload()
69{
70 echo "Reloading pf rules."
71
| 73pf_reload()
74{
75 echo "Reloading pf rules."
76
|
| 77 ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1
|
72 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
| 78 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
|
73 if [ -r "${pf_rules}" ]; then
74 ${pf_program:-/sbin/pfctl} \
75 -f "${pf_rules}" ${pf_flags}
76 fi
| 79 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
|
77}
78
79pf_resync()
80{
81 # Don't resync if pf is not loaded
82 if ! kldstat -v | grep -q pf\$ ; then
83 return
84 fi
85 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
86}
87
88pf_status()
89{
90 ${pf_program:-/sbin/pfctl} -si
91}
92
93run_rc_command "$1"
| 80}
81
82pf_resync()
83{
84 # Don't resync if pf is not loaded
85 if ! kldstat -v | grep -q pf\$ ; then
86 return
87 fi
88 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
89}
90
91pf_status()
92{
93 ${pf_program:-/sbin/pfctl} -si
94}
95
96run_rc_command "$1"
|