pf revision 216499
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/pf 216499 2010-12-17 09:38:55Z kevlo $ 4# 5 6# PROVIDE: pf 7# REQUIRE: FILESYSTEMS netif pflog pfsync 8# BEFORE: routing 9# KEYWORD: nojail 10 11. /etc/rc.subr 12 13name="pf" 14rcvar=`set_rcvar` 15load_rc_config $name 16start_cmd="pf_start" 17stop_cmd="pf_stop" 18check_cmd="pf_check" 19reload_cmd="pf_reload" 20resync_cmd="pf_resync" 21status_cmd="pf_status" 22extra_commands="check reload resync status" 23required_files="$pf_rules" 24required_modules="pf" 25 26pf_start() 27{ 28 check_startmsgs && echo -n 'Enabling pf' 29 $pf_program -F all > /dev/null 2>&1 30 $pf_program -f "$pf_rules" $pf_flags 31 if ! $pf_program -s info | grep -q "Enabled" ; then 32 $pf_program -eq 33 fi 34 check_startmsgs && echo '.' 35} 36 37pf_stop() 38{ 39 if $pf_program -s info | grep -q "Enabled" ; then 40 echo -n 'Disabling pf' 41 $pf_program -dq 42 echo '.' 43 fi 44} 45 46pf_check() 47{ 48 echo "Checking pf rules." 49 $pf_program -n -f "$pf_rules" 50} 51 52pf_reload() 53{ 54 echo "Reloading pf rules." 55 $pf_program -n -f "$pf_rules" || return 1 56 # Flush everything but existing state entries that way when 57 # rules are read in, it doesn't break established connections. 58 $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 59 $pf_program -f "$pf_rules" $pf_flags 60} 61 62pf_resync() 63{ 64 $pf_program -f "$pf_rules" $pf_flags 65} 66 67pf_status() 68{ 69 $pf_program -s info 70} 71 72run_rc_command "$1" 73