pf revision 144638
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/pf 144638 2005-04-04 23:06:10Z seanc $ 4# 5 6# PROVIDE: pf 7# REQUIRE: root mountcritlocal netif pflog 8# BEFORE: DAEMON LOGIN 9# KEYWORD: nojail 10 11. /etc/rc.subr 12 13name="pf" 14rcvar=`set_rcvar` 15load_rc_config $name 16stop_precmd="test -f ${pf_rules}" 17start_precmd="pf_prestart" 18start_cmd="pf_start" 19stop_cmd="pf_stop" 20check_precmd="$stop_precmd" 21check_cmd="pf_check" 22reload_precmd="$stop_precmd" 23reload_cmd="pf_reload" 24resync_precmd="$stop_precmd" 25resync_cmd="pf_resync" 26status_precmd="$stop_precmd" 27status_cmd="pf_status" 28extra_commands="check reload resync status" 29 30pf_prestart() 31{ 32 # load pf kernel module if needed 33 if ! kldstat -v | grep -q pf\$; then 34 if kldload pf; then 35 info 'pf module loaded.' 36 else 37 err 1 'pf module failed to load.' 38 fi 39 fi 40 41 # check for pf rules 42 if [ ! -r "${pf_rules}" ]; then 43 warn 'pf: NO PF RULESET FOUND' 44 return 1 45 fi 46} 47 48pf_start() 49{ 50 echo "Enabling pf." 51 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 52 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 53 if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 54 ${pf_program:-/sbin/pfctl} -e 55 fi 56} 57 58pf_stop() 59{ 60 if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 61 echo "Disabling pf." 62 ${pf_program:-/sbin/pfctl} -d 63 fi 64} 65 66pf_check() 67{ 68 echo "Checking pf rules." 69 70 ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" 71} 72 73pf_reload() 74{ 75 echo "Reloading pf rules." 76 77 ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1 78 # Flush everything but existing state entries that way when 79 # rules are read in, it doesn't break established connections. 80 ${pf_program:-/sbin/pfctl} -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 81 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 82} 83 84pf_resync() 85{ 86 # Don't resync if pf is not loaded 87 if ! kldstat -v | grep -q pf\$ ; then 88 return 89 fi 90 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 91} 92 93pf_status() 94{ 95 ${pf_program:-/sbin/pfctl} -si 96} 97 98run_rc_command "$1" 99