pf revision 152271
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/pf 152271 2005-11-10 10:40:15Z rse $ 4# 5 6# PROVIDE: pf 7# REQUIRE: root mountcritlocal netif pflog pfsync 8# BEFORE: routing 9# KEYWORD: nojail 10 11. /etc/rc.subr 12 13name="pf" 14rcvar=`set_rcvar` 15load_rc_config $name 16start_precmd="pf_prestart" 17start_cmd="pf_start" 18stop_cmd="pf_stop" 19check_cmd="pf_check" 20reload_cmd="pf_reload" 21resync_cmd="pf_resync" 22status_cmd="pf_status" 23extra_commands="check reload resync status" 24required_files="$pf_rules" 25 26pf_prestart() 27{ 28 # load pf kernel module if needed 29 if ! kldstat -q -m pf ; then 30 if kldload pf ; then 31 info 'pf module loaded.' 32 else 33 warn 'pf module failed to load.' 34 return 1 35 fi 36 fi 37 return 0 38} 39 40pf_start() 41{ 42 echo "Enabling pf." 43 $pf_program -Fall > /dev/null 2>&1 44 $pf_program -f "$pf_rules" $pf_flags 45 if ! $pf_program -s info | grep -q "Enabled" ; then 46 $pf_program -e 47 fi 48} 49 50pf_stop() 51{ 52 if $pf_program -s info | grep -q "Enabled" ; then 53 echo "Disabling pf." 54 $pf_program -d 55 fi 56} 57 58pf_check() 59{ 60 echo "Checking pf rules." 61 $pf_program -n -f "$pf_rules" 62} 63 64pf_reload() 65{ 66 echo "Reloading pf rules." 67 $pf_program -n -f "$pf_rules" || return 1 68 # Flush everything but existing state entries that way when 69 # rules are read in, it doesn't break established connections. 70 $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 71 $pf_program -f "$pf_rules" $pf_flags 72} 73 74pf_resync() 75{ 76 $pf_program -f "$pf_rules" $pf_flags 77} 78 79pf_status() 80{ 81 $pf_program -s info 82} 83 84run_rc_command "$1" 85