pf revision 168283
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/pf 168283 2007-04-02 22:53:07Z des $ 4# 5 6# PROVIDE: pf 7# REQUIRE: root FILESYSTEMS netif pflog pfsync 8# BEFORE: routing 9# KEYWORD: nojail 10 11. /etc/rc.subr 12 13name="pf" 14rcvar=`set_rcvar` 15load_rc_config $name 16start_cmd="pf_start" 17stop_cmd="pf_stop" 18check_cmd="pf_check" 19reload_cmd="pf_reload" 20resync_cmd="pf_resync" 21status_cmd="pf_status" 22extra_commands="check reload resync status" 23required_files="$pf_rules" 24required_modules="pf" 25 26pf_start() 27{ 28 echo "Enabling pf." 29 $pf_program -F all > /dev/null 2>&1 30 $pf_program -f "$pf_rules" $pf_flags 31 if ! $pf_program -s info | grep -q "Enabled" ; then 32 $pf_program -e 33 fi 34} 35 36pf_stop() 37{ 38 if $pf_program -s info | grep -q "Enabled" ; then 39 echo "Disabling pf." 40 $pf_program -d 41 fi 42} 43 44pf_check() 45{ 46 echo "Checking pf rules." 47 $pf_program -n -f "$pf_rules" 48} 49 50pf_reload() 51{ 52 echo "Reloading pf rules." 53 $pf_program -n -f "$pf_rules" || return 1 54 # Flush everything but existing state entries that way when 55 # rules are read in, it doesn't break established connections. 56 $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 57 $pf_program -f "$pf_rules" $pf_flags 58} 59 60pf_resync() 61{ 62 $pf_program -f "$pf_rules" $pf_flags 63} 64 65pf_status() 66{ 67 $pf_program -s info 68} 69 70run_rc_command "$1" 71