pf revision 285830
1266692Sgshapiro#!/bin/sh 290792Sgshapiro# 390792Sgshapiro# $FreeBSD: releng/10.2/etc/rc.d/pf 230099 2012-01-14 02:18:41Z dougb $ 490792Sgshapiro# 5168515Sgshapiro 690792Sgshapiro# PROVIDE: pf 790792Sgshapiro# REQUIRE: FILESYSTEMS netif pflog pfsync 890792Sgshapiro# BEFORE: routing 990792Sgshapiro# KEYWORD: nojail 1090792Sgshapiro 1190792Sgshapiro. /etc/rc.subr 1290792Sgshapiro 1390792Sgshapironame="pf" 1490792Sgshapirorcvar="pf_enable" 1590792Sgshapiroload_rc_config $name 1690792Sgshapirostart_cmd="pf_start" 1790792Sgshapirostop_cmd="pf_stop" 1890792Sgshapirocheck_cmd="pf_check" 1990792Sgshapiroreload_cmd="pf_reload" 2090792Sgshapiroresync_cmd="pf_resync" 2190792Sgshapirostatus_cmd="pf_status" 2290792Sgshapiroextra_commands="check reload resync" 2390792Sgshapirorequired_files="$pf_rules" 2490792Sgshapirorequired_modules="pf" 25 26pf_start() 27{ 28 check_startmsgs && echo -n 'Enabling pf' 29 $pf_program -F all > /dev/null 2>&1 30 $pf_program -f "$pf_rules" $pf_flags 31 if ! $pf_program -s info | grep -q "Enabled" ; then 32 $pf_program -eq 33 fi 34 check_startmsgs && echo '.' 35} 36 37pf_stop() 38{ 39 if $pf_program -s info | grep -q "Enabled" ; then 40 echo -n 'Disabling pf' 41 $pf_program -dq 42 echo '.' 43 fi 44} 45 46pf_check() 47{ 48 echo "Checking pf rules." 49 $pf_program -n -f "$pf_rules" 50} 51 52pf_reload() 53{ 54 echo "Reloading pf rules." 55 $pf_program -n -f "$pf_rules" || return 1 56 # Flush everything but existing state entries that way when 57 # rules are read in, it doesn't break established connections. 58 $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 59 $pf_program -f "$pf_rules" $pf_flags 60} 61 62pf_resync() 63{ 64 $pf_program -f "$pf_rules" $pf_flags 65} 66 67pf_status() 68{ 69 $pf_program -s info 70} 71 72run_rc_command "$1" 73