pf revision 222007
1127342Smlaier#!/bin/sh 2127342Smlaier# 3127342Smlaier# $FreeBSD: head/etc/rc.d/pf 222007 2011-05-17 07:40:13Z hrs $ 4127342Smlaier# 5127342Smlaier 6127342Smlaier# PROVIDE: pf 7195026Sdougb# REQUIRE: FILESYSTEMS netif pflog pfsync 8150836Syar# BEFORE: routing 9136224Smtm# KEYWORD: nojail 10127342Smlaier 11127342Smlaier. /etc/rc.subr 12127342Smlaier 13127342Smlaiername="pf" 14127342Smlaierrcvar=`set_rcvar` 15127342Smlaierload_rc_config $name 16127342Smlaierstart_cmd="pf_start" 17127342Smlaierstop_cmd="pf_stop" 18136942Spjdcheck_cmd="pf_check" 19127342Smlaierreload_cmd="pf_reload" 20127342Smlaierresync_cmd="pf_resync" 21127342Smlaierstatus_cmd="pf_status" 22222007Shrsextra_commands="check reload resync" 23150839Syarrequired_files="$pf_rules" 24165683Syarrequired_modules="pf" 25127342Smlaier 26127342Smlaierpf_start() 27127342Smlaier{ 28197947Sdougb check_startmsgs && echo -n 'Enabling pf' 29159243Sobrien $pf_program -F all > /dev/null 2>&1 30150839Syar $pf_program -f "$pf_rules" $pf_flags 31150839Syar if ! $pf_program -s info | grep -q "Enabled" ; then 32216499Skevlo $pf_program -eq 33130954Smlaier fi 34197947Sdougb check_startmsgs && echo '.' 35127342Smlaier} 36127342Smlaier 37127342Smlaierpf_stop() 38127342Smlaier{ 39150839Syar if $pf_program -s info | grep -q "Enabled" ; then 40197947Sdougb echo -n 'Disabling pf' 41216499Skevlo $pf_program -dq 42197947Sdougb echo '.' 43127342Smlaier fi 44127342Smlaier} 45127342Smlaier 46136942Spjdpf_check() 47136942Spjd{ 48136942Spjd echo "Checking pf rules." 49150839Syar $pf_program -n -f "$pf_rules" 50136942Spjd} 51136942Spjd 52127342Smlaierpf_reload() 53127342Smlaier{ 54127342Smlaier echo "Reloading pf rules." 55150839Syar $pf_program -n -f "$pf_rules" || return 1 56144638Sseanc # Flush everything but existing state entries that way when 57144638Sseanc # rules are read in, it doesn't break established connections. 58150839Syar $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 59150839Syar $pf_program -f "$pf_rules" $pf_flags 60127342Smlaier} 61127342Smlaier 62127342Smlaierpf_resync() 63127342Smlaier{ 64150839Syar $pf_program -f "$pf_rules" $pf_flags 65127342Smlaier} 66127342Smlaier 67127342Smlaierpf_status() 68127342Smlaier{ 69150839Syar $pf_program -s info 70127342Smlaier} 71127342Smlaier 72127342Smlaierrun_rc_command "$1" 73