1#!/bin/sh 2#
| 1#!/bin/sh 2#
|
3# $FreeBSD: head/etc/rc.d/pf 195026 2009-06-26 01:04:50Z dougb $
| 3# $FreeBSD: head/etc/rc.d/pf 197947 2009-10-10 22:17:03Z dougb $
|
4# 5 6# PROVIDE: pf 7# REQUIRE: FILESYSTEMS netif pflog pfsync 8# BEFORE: routing 9# KEYWORD: nojail 10 11. /etc/rc.subr 12 13name="pf" 14rcvar=`set_rcvar` 15load_rc_config $name 16start_cmd="pf_start" 17stop_cmd="pf_stop" 18check_cmd="pf_check" 19reload_cmd="pf_reload" 20resync_cmd="pf_resync" 21status_cmd="pf_status" 22extra_commands="check reload resync status" 23required_files="$pf_rules" 24required_modules="pf" 25 26pf_start() 27{
| 4# 5 6# PROVIDE: pf 7# REQUIRE: FILESYSTEMS netif pflog pfsync 8# BEFORE: routing 9# KEYWORD: nojail 10 11. /etc/rc.subr 12 13name="pf" 14rcvar=`set_rcvar` 15load_rc_config $name 16start_cmd="pf_start" 17stop_cmd="pf_stop" 18check_cmd="pf_check" 19reload_cmd="pf_reload" 20resync_cmd="pf_resync" 21status_cmd="pf_status" 22extra_commands="check reload resync status" 23required_files="$pf_rules" 24required_modules="pf" 25 26pf_start() 27{
|
28 [ -z "${rc_quiet}" ] && echo "Enabling pf."
| 28 check_startmsgs && echo -n 'Enabling pf'
|
29 $pf_program -F all > /dev/null 2>&1 30 $pf_program -f "$pf_rules" $pf_flags 31 if ! $pf_program -s info | grep -q "Enabled" ; then 32 $pf_program -e 33 fi
| 29 $pf_program -F all > /dev/null 2>&1 30 $pf_program -f "$pf_rules" $pf_flags 31 if ! $pf_program -s info | grep -q "Enabled" ; then 32 $pf_program -e 33 fi
|
| 34 check_startmsgs && echo '.'
|
34} 35 36pf_stop() 37{ 38 if $pf_program -s info | grep -q "Enabled" ; then
| 35} 36 37pf_stop() 38{ 39 if $pf_program -s info | grep -q "Enabled" ; then
|
39 [ -z "${rc_quiet}" ] && echo "Disabling pf."
| 40 echo -n 'Disabling pf'
|
40 $pf_program -d
| 41 $pf_program -d
|
| 42 echo '.'
|
41 fi 42} 43 44pf_check() 45{ 46 echo "Checking pf rules." 47 $pf_program -n -f "$pf_rules" 48} 49 50pf_reload() 51{ 52 echo "Reloading pf rules." 53 $pf_program -n -f "$pf_rules" || return 1 54 # Flush everything but existing state entries that way when 55 # rules are read in, it doesn't break established connections. 56 $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 57 $pf_program -f "$pf_rules" $pf_flags 58} 59 60pf_resync() 61{ 62 $pf_program -f "$pf_rules" $pf_flags 63} 64 65pf_status() 66{ 67 $pf_program -s info 68} 69 70run_rc_command "$1"
| 43 fi 44} 45 46pf_check() 47{ 48 echo "Checking pf rules." 49 $pf_program -n -f "$pf_rules" 50} 51 52pf_reload() 53{ 54 echo "Reloading pf rules." 55 $pf_program -n -f "$pf_rules" || return 1 56 # Flush everything but existing state entries that way when 57 # rules are read in, it doesn't break established connections. 58 $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 59 $pf_program -f "$pf_rules" $pf_flags 60} 61 62pf_resync() 63{ 64 $pf_program -f "$pf_rules" $pf_flags 65} 66 67pf_status() 68{ 69 $pf_program -s info 70} 71 72run_rc_command "$1"
|