pf revision 230099
1112354Scjc#!/bin/sh 2112354Scjc# 3112354Scjc# $FreeBSD: head/etc/rc.d/pf 230099 2012-01-14 02:18:41Z dougb $ 4112354Scjc# 5112354Scjc 6112354Scjc# PROVIDE: pf 7112354Scjc# REQUIRE: FILESYSTEMS netif pflog pfsync 8113676Smtm# BEFORE: routing 9136224Smtm# KEYWORD: nojail 10112354Scjc 11112354Scjc. /etc/rc.subr 12112354Scjc 13112354Scjcname="pf" 14112354Scjcrcvar="pf_enable" 15112354Scjcload_rc_config $name 16112354Scjcstart_cmd="pf_start" 17112354Scjcstop_cmd="pf_stop" 18112354Scjccheck_cmd="pf_check" 19112354Scjcreload_cmd="pf_reload" 20112354Scjcresync_cmd="pf_resync" 21112354Scjcstatus_cmd="pf_status" 22112354Scjcextra_commands="check reload resync" 23112354Scjcrequired_files="$pf_rules" 24112354Scjcrequired_modules="pf" 25112354Scjc 26112354Scjcpf_start() 27112354Scjc{ 28112354Scjc check_startmsgs && echo -n 'Enabling pf' 29112354Scjc $pf_program -F all > /dev/null 2>&1 30112354Scjc $pf_program -f "$pf_rules" $pf_flags 31112354Scjc if ! $pf_program -s info | grep -q "Enabled" ; then 32112354Scjc $pf_program -eq 33112354Scjc fi 34112354Scjc check_startmsgs && echo '.' 35112354Scjc} 36 37pf_stop() 38{ 39 if $pf_program -s info | grep -q "Enabled" ; then 40 echo -n 'Disabling pf' 41 $pf_program -dq 42 echo '.' 43 fi 44} 45 46pf_check() 47{ 48 echo "Checking pf rules." 49 $pf_program -n -f "$pf_rules" 50} 51 52pf_reload() 53{ 54 echo "Reloading pf rules." 55 $pf_program -n -f "$pf_rules" || return 1 56 # Flush everything but existing state entries that way when 57 # rules are read in, it doesn't break established connections. 58 $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 59 $pf_program -f "$pf_rules" $pf_flags 60} 61 62pf_resync() 63{ 64 $pf_program -f "$pf_rules" $pf_flags 65} 66 67pf_status() 68{ 69 $pf_program -s info 70} 71 72run_rc_command "$1" 73