pf revision 130954
1193323Sed#!/bin/sh 2193323Sed# 3193323Sed# $FreeBSD: head/etc/rc.d/pf 130954 2004-06-23 01:42:06Z mlaier $ 4193323Sed# 5193323Sed 6193323Sed# PROVIDE: pf 7193323Sed# REQUIRE: root beforenetlkm mountcritlocal netif pflog 8193323Sed# BEFORE: DAEMON LOGIN 9193323Sed# KEYWORD: FreeBSD nojail 10193323Sed 11193323Sed. /etc/rc.subr 12193323Sed 13193323Sedname="pf" 14193323Sedrcvar=`set_rcvar` 15193323Sedload_rc_config $name 16193323Sedstop_precmd="test -f ${pf_rules}" 17193323Sedstart_precmd="pf_prestart" 18193323Sedstart_cmd="pf_start" 19193323Sedstop_cmd="pf_stop" 20193323Sedreload_precmd="$stop_precmd" 21193323Sedreload_cmd="pf_reload" 22193323Sedresync_precmd="$stop_precmd" 23193323Sedresync_cmd="pf_resync" 24193323Sedstatus_precmd="$stop_precmd" 25193323Sedstatus_cmd="pf_status" 26193323Sedextra_commands="reload resync status" 27193323Sed 28193323Sedpf_prestart() 29193323Sed{ 30193323Sed # load pf kernel module if needed 31193323Sed if ! kldstat -v | grep -q pf\$; then 32193323Sed if kldload pf; then 33193323Sed info 'pf module loaded.' 34193323Sed else 35193323Sed err 1 'pf module failed to load.' 36193323Sed fi 37193323Sed fi 38193323Sed 39193323Sed # check for pf rules 40193323Sed if [ ! -r "${pf_rules}" ] 41193323Sed then 42193323Sed warn 'pf: NO PF RULESET FOUND' 43193323Sed return 1 44193323Sed fi 45193323Sed} 46193323Sed 47193323Sedpf_start() 48193323Sed{ 49193323Sed echo "Enabling pf." 50193323Sed ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 51193323Sed if [ -r "${pf_rules}" ]; then 52193323Sed ${pf_program:-/sbin/pfctl} \ 53193323Sed -f "${pf_rules}" ${pf_flags} 54193323Sed fi 55193323Sed if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 56193323Sed ${pf_program:-/sbin/pfctl} -e 57193323Sed fi 58193323Sed} 59193323Sed 60193323Sedpf_stop() 61193323Sed{ 62193323Sed if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 63193323Sed echo "Disabling pf." 64193323Sed ${pf_program:-/sbin/pfctl} -d 65193323Sed fi 66193323Sed} 67193323Sed 68193323Sedpf_reload() 69193323Sed{ 70193323Sed echo "Reloading pf rules." 71193323Sed 72193323Sed ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 73193323Sed if [ -r "${pf_rules}" ]; then 74193323Sed ${pf_program:-/sbin/pfctl} \ 75193323Sed -f "${pf_rules}" ${pf_flags} 76193323Sed fi 77193323Sed} 78193323Sed 79193323Sedpf_resync() 80193323Sed{ 81193323Sed # Don't resync if pf is not loaded 82193323Sed if ! kldstat -v | grep -q pf\$ ; then 83193323Sed return 84193323Sed fi 85193323Sed ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 86193323Sed} 87193323Sed 88193323Sedpf_status() 89193323Sed{ 90193323Sed ${pf_program:-/sbin/pfctl} -si 91193323Sed} 92193323Sed 93193323Sedrun_rc_command "$1" 94193323Sed