pf revision 150839
1127342Smlaier#!/bin/sh 2127342Smlaier# 3127342Smlaier# $FreeBSD: head/etc/rc.d/pf 150839 2005-10-02 19:17:49Z yar $ 4127342Smlaier# 5127342Smlaier 6127342Smlaier# PROVIDE: pf 7150836Syar# REQUIRE: root mountcritlocal netif pflog pfsync 8150836Syar# BEFORE: routing 9136224Smtm# KEYWORD: nojail 10127342Smlaier 11127342Smlaier. /etc/rc.subr 12127342Smlaier 13127342Smlaiername="pf" 14127342Smlaierrcvar=`set_rcvar` 15127342Smlaierload_rc_config $name 16127342Smlaierstart_precmd="pf_prestart" 17127342Smlaierstart_cmd="pf_start" 18127342Smlaierstop_cmd="pf_stop" 19136942Spjdcheck_cmd="pf_check" 20127342Smlaierreload_cmd="pf_reload" 21127342Smlaierresync_cmd="pf_resync" 22127342Smlaierstatus_cmd="pf_status" 23136942Spjdextra_commands="check reload resync status" 24150839Syarrequired_files="$pf_rules" 25127342Smlaier 26127342Smlaierpf_prestart() 27127342Smlaier{ 28127342Smlaier # load pf kernel module if needed 29150516Spjd if ! kldstat -q -m pf ; then 30150516Spjd if kldload pf ; then 31127342Smlaier info 'pf module loaded.' 32127342Smlaier else 33150839Syar warn 'pf module failed to load.' 34150839Syar return 1 35127342Smlaier fi 36127342Smlaier fi 37150839Syar return 0 38127342Smlaier} 39127342Smlaier 40127342Smlaierpf_start() 41127342Smlaier{ 42127342Smlaier echo "Enabling pf." 43150839Syar $pf_program -Fall > /dev/null 2>&1 44150839Syar $pf_program -f "$pf_rules" $pf_flags 45150839Syar if ! $pf_program -s info | grep -q "Enabled" ; then 46150839Syar $pf_program -e 47130954Smlaier fi 48127342Smlaier} 49127342Smlaier 50127342Smlaierpf_stop() 51127342Smlaier{ 52150839Syar if $pf_program -s info | grep -q "Enabled" ; then 53127342Smlaier echo "Disabling pf." 54150839Syar $pf_program -d 55127342Smlaier fi 56127342Smlaier} 57127342Smlaier 58136942Spjdpf_check() 59136942Spjd{ 60136942Spjd echo "Checking pf rules." 61150839Syar $pf_program -n -f "$pf_rules" 62136942Spjd} 63136942Spjd 64127342Smlaierpf_reload() 65127342Smlaier{ 66127342Smlaier echo "Reloading pf rules." 67150839Syar $pf_program -n -f "$pf_rules" || return 1 68144638Sseanc # Flush everything but existing state entries that way when 69144638Sseanc # rules are read in, it doesn't break established connections. 70150839Syar $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 71150839Syar $pf_program -f "$pf_rules" $pf_flags 72127342Smlaier} 73127342Smlaier 74127342Smlaierpf_resync() 75127342Smlaier{ 76150839Syar $pf_program -f "$pf_rules" $pf_flags 77127342Smlaier} 78127342Smlaier 79127342Smlaierpf_status() 80127342Smlaier{ 81150839Syar $pf_program -s info 82127342Smlaier} 83127342Smlaier 84127342Smlaierrun_rc_command "$1" 85