pf revision 150836
14992Sgd78059#!/bin/sh 24992Sgd78059# 34992Sgd78059# $FreeBSD: head/etc/rc.d/pf 150836 2005-10-02 19:12:42Z yar $ 44992Sgd78059# 54992Sgd78059 64992Sgd78059# PROVIDE: pf 74992Sgd78059# REQUIRE: root mountcritlocal netif pflog pfsync 84992Sgd78059# BEFORE: routing 94992Sgd78059# KEYWORD: nojail 104992Sgd78059 114992Sgd78059. /etc/rc.subr 124992Sgd78059 134992Sgd78059name="pf" 144992Sgd78059rcvar=`set_rcvar` 154992Sgd78059load_rc_config $name 164992Sgd78059stop_precmd="test -f ${pf_rules}" 174992Sgd78059start_precmd="pf_prestart" 184992Sgd78059start_cmd="pf_start" 194992Sgd78059stop_cmd="pf_stop" 204992Sgd78059check_precmd="$stop_precmd" 214992Sgd78059check_cmd="pf_check" 229860Sgdamore@opensolaris.orgreload_precmd="$stop_precmd" 234992Sgd78059reload_cmd="pf_reload" 244992Sgd78059resync_precmd="$stop_precmd" 254992Sgd78059resync_cmd="pf_resync" 264992Sgd78059status_precmd="$stop_precmd" 274992Sgd78059status_cmd="pf_status" 284992Sgd78059extra_commands="check reload resync status" 294992Sgd78059 304992Sgd78059pf_prestart() 314992Sgd78059{ 324992Sgd78059 # load pf kernel module if needed 334992Sgd78059 if ! kldstat -q -m pf ; then 344992Sgd78059 if kldload pf ; then 354992Sgd78059 info 'pf module loaded.' 364992Sgd78059 else 374992Sgd78059 err 1 'pf module failed to load.' 384992Sgd78059 fi 394992Sgd78059 fi 404992Sgd78059 414992Sgd78059 # check for pf rules 424992Sgd78059 if [ ! -r "${pf_rules}" ]; then 434992Sgd78059 warn 'pf: NO PF RULESET FOUND' 444992Sgd78059 return 1 454992Sgd78059 fi 464992Sgd78059} 474992Sgd78059 484992Sgd78059pf_start() 494992Sgd78059{ 504992Sgd78059 echo "Enabling pf." 514992Sgd78059 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 524992Sgd78059 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 534992Sgd78059 if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 544992Sgd78059 ${pf_program:-/sbin/pfctl} -e 554992Sgd78059 fi 564992Sgd78059} 574992Sgd78059 584992Sgd78059pf_stop() 594992Sgd78059{ 604992Sgd78059 if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 619860Sgdamore@opensolaris.org echo "Disabling pf." 624992Sgd78059 ${pf_program:-/sbin/pfctl} -d 634992Sgd78059 fi 644992Sgd78059} 654992Sgd78059 664992Sgd78059pf_check() 674992Sgd78059{ 684992Sgd78059 echo "Checking pf rules." 694992Sgd78059 704992Sgd78059 ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" 714992Sgd78059} 724992Sgd78059 734992Sgd78059pf_reload() 744992Sgd78059{ 754992Sgd78059 echo "Reloading pf rules." 764992Sgd78059 774992Sgd78059 ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1 784992Sgd78059 # Flush everything but existing state entries that way when 794992Sgd78059 # rules are read in, it doesn't break established connections. 804992Sgd78059 ${pf_program:-/sbin/pfctl} -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 814992Sgd78059 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 824992Sgd78059} 834992Sgd78059 844992Sgd78059pf_resync() 854992Sgd78059{ 864992Sgd78059 # Don't resync if pf is not loaded 874992Sgd78059 kldstat -q -m pf && ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 88} 89 90pf_status() 91{ 92 ${pf_program:-/sbin/pfctl} -si 93} 94 95run_rc_command "$1" 96