pf revision 135306
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/pf 135306 2004-09-16 17:04:20Z keramida $ 4# 5 6# PROVIDE: pf 7# REQUIRE: root mountcritlocal netif pflog 8# BEFORE: DAEMON LOGIN 9# KEYWORD: FreeBSD nojail 10 11. /etc/rc.subr 12 13name="pf" 14rcvar=`set_rcvar` 15load_rc_config $name 16stop_precmd="test -f ${pf_rules}" 17start_precmd="pf_prestart" 18start_cmd="pf_start" 19stop_cmd="pf_stop" 20reload_precmd="$stop_precmd" 21reload_cmd="pf_reload" 22resync_precmd="$stop_precmd" 23resync_cmd="pf_resync" 24status_precmd="$stop_precmd" 25status_cmd="pf_status" 26extra_commands="reload resync status" 27 28pf_prestart() 29{ 30 # load pf kernel module if needed 31 if ! kldstat -v | grep -q pf\$; then 32 if kldload pf; then 33 info 'pf module loaded.' 34 else 35 err 1 'pf module failed to load.' 36 fi 37 fi 38 39 # check for pf rules 40 if [ ! -r "${pf_rules}" ] 41 then 42 warn 'pf: NO PF RULESET FOUND' 43 return 1 44 fi 45} 46 47pf_start() 48{ 49 echo "Enabling pf." 50 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 51 if [ -r "${pf_rules}" ]; then 52 ${pf_program:-/sbin/pfctl} \ 53 -f "${pf_rules}" ${pf_flags} 54 fi 55 if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 56 ${pf_program:-/sbin/pfctl} -e 57 fi 58} 59 60pf_stop() 61{ 62 if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 63 echo "Disabling pf." 64 ${pf_program:-/sbin/pfctl} -d 65 fi 66} 67 68pf_reload() 69{ 70 echo "Reloading pf rules." 71 72 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 73 if [ -r "${pf_rules}" ]; then 74 ${pf_program:-/sbin/pfctl} \ 75 -f "${pf_rules}" ${pf_flags} 76 fi 77} 78 79pf_resync() 80{ 81 # Don't resync if pf is not loaded 82 if ! kldstat -v | grep -q pf\$ ; then 83 return 84 fi 85 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 86} 87 88pf_status() 89{ 90 ${pf_program:-/sbin/pfctl} -si 91} 92 93run_rc_command "$1" 94