pf revision 150836
1127342Smlaier#!/bin/sh 2127342Smlaier# 3127342Smlaier# $FreeBSD: head/etc/rc.d/pf 150836 2005-10-02 19:12:42Z yar $ 4127342Smlaier# 5127342Smlaier 6127342Smlaier# PROVIDE: pf 7150836Syar# REQUIRE: root mountcritlocal netif pflog pfsync 8150836Syar# BEFORE: routing 9136224Smtm# KEYWORD: nojail 10127342Smlaier 11127342Smlaier. /etc/rc.subr 12127342Smlaier 13127342Smlaiername="pf" 14127342Smlaierrcvar=`set_rcvar` 15127342Smlaierload_rc_config $name 16127342Smlaierstop_precmd="test -f ${pf_rules}" 17127342Smlaierstart_precmd="pf_prestart" 18127342Smlaierstart_cmd="pf_start" 19127342Smlaierstop_cmd="pf_stop" 20136942Spjdcheck_precmd="$stop_precmd" 21136942Spjdcheck_cmd="pf_check" 22127342Smlaierreload_precmd="$stop_precmd" 23127342Smlaierreload_cmd="pf_reload" 24127342Smlaierresync_precmd="$stop_precmd" 25127342Smlaierresync_cmd="pf_resync" 26127342Smlaierstatus_precmd="$stop_precmd" 27127342Smlaierstatus_cmd="pf_status" 28136942Spjdextra_commands="check reload resync status" 29127342Smlaier 30127342Smlaierpf_prestart() 31127342Smlaier{ 32127342Smlaier # load pf kernel module if needed 33150516Spjd if ! kldstat -q -m pf ; then 34150516Spjd if kldload pf ; then 35127342Smlaier info 'pf module loaded.' 36127342Smlaier else 37127342Smlaier err 1 'pf module failed to load.' 38127342Smlaier fi 39127342Smlaier fi 40127342Smlaier 41127342Smlaier # check for pf rules 42136942Spjd if [ ! -r "${pf_rules}" ]; then 43127342Smlaier warn 'pf: NO PF RULESET FOUND' 44127342Smlaier return 1 45127342Smlaier fi 46127342Smlaier} 47127342Smlaier 48127342Smlaierpf_start() 49127342Smlaier{ 50127342Smlaier echo "Enabling pf." 51127342Smlaier ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 52136942Spjd ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 53130954Smlaier if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 54130954Smlaier ${pf_program:-/sbin/pfctl} -e 55130954Smlaier fi 56127342Smlaier} 57127342Smlaier 58127342Smlaierpf_stop() 59127342Smlaier{ 60127342Smlaier if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 61127342Smlaier echo "Disabling pf." 62127342Smlaier ${pf_program:-/sbin/pfctl} -d 63127342Smlaier fi 64127342Smlaier} 65127342Smlaier 66136942Spjdpf_check() 67136942Spjd{ 68136942Spjd echo "Checking pf rules." 69136942Spjd 70136942Spjd ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" 71136942Spjd} 72136942Spjd 73127342Smlaierpf_reload() 74127342Smlaier{ 75127342Smlaier echo "Reloading pf rules." 76127342Smlaier 77136942Spjd ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1 78144638Sseanc # Flush everything but existing state entries that way when 79144638Sseanc # rules are read in, it doesn't break established connections. 80144638Sseanc ${pf_program:-/sbin/pfctl} -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 81136942Spjd ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 82127342Smlaier} 83127342Smlaier 84127342Smlaierpf_resync() 85127342Smlaier{ 86127342Smlaier # Don't resync if pf is not loaded 87150516Spjd kldstat -q -m pf && ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 88127342Smlaier} 89127342Smlaier 90127342Smlaierpf_status() 91127342Smlaier{ 92127342Smlaier ${pf_program:-/sbin/pfctl} -si 93127342Smlaier} 94127342Smlaier 95127342Smlaierrun_rc_command "$1" 96