pf revision 127342
1127342Smlaier#!/bin/sh 2127342Smlaier# 3127342Smlaier# $FreeBSD: head/etc/rc.d/pf 127342 2004-03-23 22:30:15Z mlaier $ 4127342Smlaier# 5127342Smlaier 6127342Smlaier# PROVIDE: pf 7127342Smlaier# REQUIRE: root beforenetlkm mountcritlocal netif 8127342Smlaier# BEFORE: DAEMON LOGIN 9127342Smlaier# KEYWORD: FreeBSD nojail 10127342Smlaier 11127342Smlaier. /etc/rc.subr 12127342Smlaier 13127342Smlaiername="pf" 14127342Smlaierrcvar=`set_rcvar` 15127342Smlaierload_rc_config $name 16127342Smlaierstop_precmd="test -f ${pf_rules}" 17127342Smlaierstart_precmd="pf_prestart" 18127342Smlaierstart_cmd="pf_start" 19127342Smlaierstop_cmd="pf_stop" 20127342Smlaierreload_precmd="$stop_precmd" 21127342Smlaierreload_cmd="pf_reload" 22127342Smlaierresync_precmd="$stop_precmd" 23127342Smlaierresync_cmd="pf_resync" 24127342Smlaierstatus_precmd="$stop_precmd" 25127342Smlaierstatus_cmd="pf_status" 26127342Smlaierextra_commands="reload resync status" 27127342Smlaier 28127342Smlaierpf_prestart() 29127342Smlaier{ 30127342Smlaier # load pf kernel module if needed 31127342Smlaier if ! kldstat -v | grep -q pf\$; then 32127342Smlaier if kldload pf; then 33127342Smlaier info 'pf module loaded.' 34127342Smlaier else 35127342Smlaier err 1 'pf module failed to load.' 36127342Smlaier fi 37127342Smlaier fi 38127342Smlaier 39127342Smlaier # check for pf rules 40127342Smlaier if [ ! -r "${pf_rules}" ] 41127342Smlaier then 42127342Smlaier warn 'pf: NO PF RULESET FOUND' 43127342Smlaier return 1 44127342Smlaier fi 45127342Smlaier} 46127342Smlaier 47127342Smlaierpf_start() 48127342Smlaier{ 49127342Smlaier echo "Enabling pf." 50127342Smlaier if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 51127342Smlaier ${pf_program:-/sbin/pfctl} -e 52127342Smlaier fi 53127342Smlaier ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 54127342Smlaier if [ -r "${pf_rules}" ]; then 55127342Smlaier ${pf_program:-/sbin/pfctl} \ 56127342Smlaier -f "${pf_rules}" ${pf_flags} 57127342Smlaier fi 58127342Smlaier} 59127342Smlaier 60127342Smlaierpf_stop() 61127342Smlaier{ 62127342Smlaier if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 63127342Smlaier echo "Disabling pf." 64127342Smlaier ${pf_program:-/sbin/pfctl} -d 65127342Smlaier fi 66127342Smlaier} 67127342Smlaier 68127342Smlaierpf_reload() 69127342Smlaier{ 70127342Smlaier echo "Reloading pf rules." 71127342Smlaier 72127342Smlaier ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 73127342Smlaier if [ -r "${pf_rules}" ]; then 74127342Smlaier ${pf_program:-/sbin/pfctl} \ 75127342Smlaier -f "${pf_rules}" ${pf_flags} 76127342Smlaier fi 77127342Smlaier} 78127342Smlaier 79127342Smlaierpf_resync() 80127342Smlaier{ 81127342Smlaier # Don't resync if pf is not loaded 82127342Smlaier if ! kldstat -v | grep -q pf\$ ; then 83127342Smlaier return 84127342Smlaier fi 85127342Smlaier ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 86127342Smlaier} 87127342Smlaier 88127342Smlaierpf_status() 89127342Smlaier{ 90127342Smlaier ${pf_program:-/sbin/pfctl} -si 91127342Smlaier} 92127342Smlaier 93127342Smlaierrun_rc_command "$1" 94