pf revision 136942
1127342Smlaier#!/bin/sh 2127342Smlaier# 3127342Smlaier# $FreeBSD: head/etc/rc.d/pf 136942 2004-10-25 08:12:28Z pjd $ 4127342Smlaier# 5127342Smlaier 6127342Smlaier# PROVIDE: pf 7135306Skeramida# REQUIRE: root mountcritlocal netif pflog 8127342Smlaier# BEFORE: DAEMON LOGIN 9136224Smtm# KEYWORD: nojail 10127342Smlaier 11127342Smlaier. /etc/rc.subr 12127342Smlaier 13127342Smlaiername="pf" 14127342Smlaierrcvar=`set_rcvar` 15127342Smlaierload_rc_config $name 16127342Smlaierstop_precmd="test -f ${pf_rules}" 17127342Smlaierstart_precmd="pf_prestart" 18127342Smlaierstart_cmd="pf_start" 19127342Smlaierstop_cmd="pf_stop" 20136942Spjdcheck_precmd="$stop_precmd" 21136942Spjdcheck_cmd="pf_check" 22127342Smlaierreload_precmd="$stop_precmd" 23127342Smlaierreload_cmd="pf_reload" 24127342Smlaierresync_precmd="$stop_precmd" 25127342Smlaierresync_cmd="pf_resync" 26127342Smlaierstatus_precmd="$stop_precmd" 27127342Smlaierstatus_cmd="pf_status" 28136942Spjdextra_commands="check reload resync status" 29127342Smlaier 30127342Smlaierpf_prestart() 31127342Smlaier{ 32127342Smlaier # load pf kernel module if needed 33127342Smlaier if ! kldstat -v | grep -q pf\$; then 34127342Smlaier if kldload pf; then 35127342Smlaier info 'pf module loaded.' 36127342Smlaier else 37127342Smlaier err 1 'pf module failed to load.' 38127342Smlaier fi 39127342Smlaier fi 40127342Smlaier 41127342Smlaier # check for pf rules 42136942Spjd if [ ! -r "${pf_rules}" ]; then 43127342Smlaier warn 'pf: NO PF RULESET FOUND' 44127342Smlaier return 1 45127342Smlaier fi 46127342Smlaier} 47127342Smlaier 48127342Smlaierpf_start() 49127342Smlaier{ 50127342Smlaier echo "Enabling pf." 51127342Smlaier ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 52136942Spjd ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 53130954Smlaier if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 54130954Smlaier ${pf_program:-/sbin/pfctl} -e 55130954Smlaier fi 56127342Smlaier} 57127342Smlaier 58127342Smlaierpf_stop() 59127342Smlaier{ 60127342Smlaier if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 61127342Smlaier echo "Disabling pf." 62127342Smlaier ${pf_program:-/sbin/pfctl} -d 63127342Smlaier fi 64127342Smlaier} 65127342Smlaier 66136942Spjdpf_check() 67136942Spjd{ 68136942Spjd echo "Checking pf rules." 69136942Spjd 70136942Spjd ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" 71136942Spjd} 72136942Spjd 73127342Smlaierpf_reload() 74127342Smlaier{ 75127342Smlaier echo "Reloading pf rules." 76127342Smlaier 77136942Spjd ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1 78127342Smlaier ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 79136942Spjd ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 80127342Smlaier} 81127342Smlaier 82127342Smlaierpf_resync() 83127342Smlaier{ 84127342Smlaier # Don't resync if pf is not loaded 85127342Smlaier if ! kldstat -v | grep -q pf\$ ; then 86127342Smlaier return 87127342Smlaier fi 88127342Smlaier ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 89127342Smlaier} 90127342Smlaier 91127342Smlaierpf_status() 92127342Smlaier{ 93127342Smlaier ${pf_program:-/sbin/pfctl} -si 94127342Smlaier} 95127342Smlaier 96127342Smlaierrun_rc_command "$1" 97