Cross Reference: /freebsd-10-stable/etc/rc.d/pf

Deleted Added

sdiff udiff text old ( 150836 ) new ( 150839 )

full compact

pf (150836)	pf (150839)
1#!/bin/sh 2#	1#!/bin/sh 2#
3# $FreeBSD: head/etc/rc.d/pf 150836 2005-10-02 19:12:42Z yar $	3# $FreeBSD: head/etc/rc.d/pf 150839 2005-10-02 19:17:49Z yar $
4# 5 6# PROVIDE: pf 7# REQUIRE: root mountcritlocal netif pflog pfsync 8# BEFORE: routing 9# KEYWORD: nojail 10 11. /etc/rc.subr 12 13name="pf" 14rcvar=`set_rcvar` 15load_rc_config $name	4# 5 6# PROVIDE: pf 7# REQUIRE: root mountcritlocal netif pflog pfsync 8# BEFORE: routing 9# KEYWORD: nojail 10 11. /etc/rc.subr 12 13name="pf" 14rcvar=`set_rcvar` 15load_rc_config $name
16stop_precmd="test -f ${pf_rules}"
17start_precmd="pf_prestart" 18start_cmd="pf_start" 19stop_cmd="pf_stop"	16start_precmd="pf_prestart" 17start_cmd="pf_start" 18stop_cmd="pf_stop"
20check_precmd="$stop_precmd"
21check_cmd="pf_check"	19check_cmd="pf_check"
22reload_precmd="$stop_precmd"
23reload_cmd="pf_reload"	20reload_cmd="pf_reload"
24resync_precmd="$stop_precmd"
25resync_cmd="pf_resync"	21resync_cmd="pf_resync"
26status_precmd="$stop_precmd"
27status_cmd="pf_status" 28extra_commands="check reload resync status"	22status_cmd="pf_status" 23extra_commands="check reload resync status"
	24required_files="$pf_rules"
29 30pf_prestart() 31{ 32 # load pf kernel module if needed 33 if ! kldstat -q -m pf ; then 34 if kldload pf ; then 35 info 'pf module loaded.' 36 else	25 26pf_prestart() 27{ 28 # load pf kernel module if needed 29 if ! kldstat -q -m pf ; then 30 if kldload pf ; then 31 info 'pf module loaded.' 32 else
37 err 1 'pf module failed to load.'	33 warn 'pf module failed to load.' 34 return 1
38 fi 39 fi	35 fi 36 fi
40 41 # check for pf rules 42 if [ ! -r "${pf_rules}" ]; then 43 warn 'pf: NO PF RULESET FOUND' 44 return 1 45 fi	37 return 0
46} 47 48pf_start() 49{ 50 echo "Enabling pf."	38} 39 40pf_start() 41{ 42 echo "Enabling pf."
51 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 52 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 53 if ! ${pf_program:-/sbin/pfctl} -si \| grep -q "Enabled" ; then 54 ${pf_program:-/sbin/pfctl} -e	43 $pf_program -Fall > /dev/null 2>&1 44 $pf_program -f "$pf_rules" $pf_flags 45 if ! $pf_program -s info \| grep -q "Enabled" ; then 46 $pf_program -e
55 fi 56} 57 58pf_stop() 59{	47 fi 48} 49 50pf_stop() 51{
60 if ${pf_program:-/sbin/pfctl} -si \| grep -q "Enabled" ; then	52 if $pf_program -s info \| grep -q "Enabled" ; then
61 echo "Disabling pf."	53 echo "Disabling pf."
62 ${pf_program:-/sbin/pfctl} -d	54 $pf_program -d
63 fi 64} 65 66pf_check() 67{ 68 echo "Checking pf rules."	55 fi 56} 57 58pf_check() 59{ 60 echo "Checking pf rules."
69 70 ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}"	61 $pf_program -n -f "$pf_rules"
71} 72 73pf_reload() 74{ 75 echo "Reloading pf rules."	62} 63 64pf_reload() 65{ 66 echo "Reloading pf rules."
76 77 ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" \|\| return 1	67 $pf_program -n -f "$pf_rules" \|\| return 1
78 # Flush everything but existing state entries that way when 79 # rules are read in, it doesn't break established connections.	68 # Flush everything but existing state entries that way when 69 # rules are read in, it doesn't break established connections.
80 ${pf_program:-/sbin/pfctl} -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 81 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}	70 $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 71 $pf_program -f "$pf_rules" $pf_flags
82} 83 84pf_resync() 85{	72} 73 74pf_resync() 75{
86 # Don't resync if pf is not loaded 87 kldstat -q -m pf && ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}	76 $pf_program -f "$pf_rules" $pf_flags
88} 89 90pf_status() 91{	77} 78 79pf_status() 80{
92 ${pf_program:-/sbin/pfctl} -si	81 $pf_program -s info
93} 94 95run_rc_command "$1"	82} 83 84run_rc_command "$1"