pf revision 150839 
1#!/bin/sh
2#
3# $FreeBSD: head/etc/rc.d/pf 150839 2005-10-02 19:17:49Z yar $
4#
5
6# PROVIDE: pf
7# REQUIRE: root mountcritlocal netif pflog pfsync
8# BEFORE:  routing
9# KEYWORD: nojail
10
11. /etc/rc.subr
12
13name="pf"
14rcvar=`set_rcvar`
15load_rc_config $name
16start_precmd="pf_prestart"
17start_cmd="pf_start"
18stop_cmd="pf_stop"
19check_cmd="pf_check"
20reload_cmd="pf_reload"
21resync_cmd="pf_resync"
22status_cmd="pf_status"
23extra_commands="check reload resync status"
24required_files="$pf_rules"
25
26pf_prestart()
27{
28	# load pf kernel module if needed
29	if ! kldstat -q -m pf ; then
30		if kldload pf ; then
31			info 'pf module loaded.'
32		else
33			warn 'pf module failed to load.'
34			return 1
35		fi
36	fi
37	return 0
38}
39
40pf_start()
41{
42	echo "Enabling pf."
43	$pf_program -Fall > /dev/null 2>&1
44	$pf_program -f "$pf_rules" $pf_flags
45	if ! $pf_program -s info | grep -q "Enabled" ; then
46		$pf_program -e
47	fi
48}
49
50pf_stop()
51{
52	if $pf_program -s info | grep -q "Enabled" ; then
53		echo "Disabling pf."
54		$pf_program -d
55	fi
56}
57
58pf_check()
59{
60	echo "Checking pf rules."
61	$pf_program -n -f "$pf_rules"
62}
63
64pf_reload()
65{
66	echo "Reloading pf rules."
67	$pf_program -n -f "$pf_rules" || return 1
68	# Flush everything but existing state entries that way when
69	# rules are read in, it doesn't break established connections.
70	$pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1
71	$pf_program -f "$pf_rules" $pf_flags
72}
73
74pf_resync()
75{
76	$pf_program -f "$pf_rules" $pf_flags
77}
78
79pf_status()
80{
81	$pf_program -s info
82}
83
84run_rc_command "$1"
85