1127342Smlaier#!/bin/sh 2127342Smlaier# 3127342Smlaier# $FreeBSD: releng/11.0/etc/rc.d/pf 298514 2016-04-23 16:10:54Z lme $ 4127342Smlaier# 5127342Smlaier 6127342Smlaier# PROVIDE: pf 7195026Sdougb# REQUIRE: FILESYSTEMS netif pflog pfsync 8150836Syar# BEFORE: routing 9136224Smtm# KEYWORD: nojail 10127342Smlaier 11127342Smlaier. /etc/rc.subr 12127342Smlaier 13127342Smlaiername="pf" 14298514Slmedesc="Packet filter" 15230099Sdougbrcvar="pf_enable" 16127342Smlaierload_rc_config $name 17127342Smlaierstart_cmd="pf_start" 18127342Smlaierstop_cmd="pf_stop" 19136942Spjdcheck_cmd="pf_check" 20127342Smlaierreload_cmd="pf_reload" 21127342Smlaierresync_cmd="pf_resync" 22127342Smlaierstatus_cmd="pf_status" 23222007Shrsextra_commands="check reload resync" 24150839Syarrequired_files="$pf_rules" 25165683Syarrequired_modules="pf" 26127342Smlaier 27127342Smlaierpf_start() 28127342Smlaier{ 29197947Sdougb check_startmsgs && echo -n 'Enabling pf' 30159243Sobrien $pf_program -F all > /dev/null 2>&1 31150839Syar $pf_program -f "$pf_rules" $pf_flags 32150839Syar if ! $pf_program -s info | grep -q "Enabled" ; then 33216499Skevlo $pf_program -eq 34130954Smlaier fi 35197947Sdougb check_startmsgs && echo '.' 36127342Smlaier} 37127342Smlaier 38127342Smlaierpf_stop() 39127342Smlaier{ 40150839Syar if $pf_program -s info | grep -q "Enabled" ; then 41197947Sdougb echo -n 'Disabling pf' 42216499Skevlo $pf_program -dq 43197947Sdougb echo '.' 44127342Smlaier fi 45127342Smlaier} 46127342Smlaier 47136942Spjdpf_check() 48136942Spjd{ 49136942Spjd echo "Checking pf rules." 50150839Syar $pf_program -n -f "$pf_rules" 51136942Spjd} 52136942Spjd 53127342Smlaierpf_reload() 54127342Smlaier{ 55127342Smlaier echo "Reloading pf rules." 56150839Syar $pf_program -n -f "$pf_rules" || return 1 57144638Sseanc # Flush everything but existing state entries that way when 58144638Sseanc # rules are read in, it doesn't break established connections. 59150839Syar $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 60150839Syar $pf_program -f "$pf_rules" $pf_flags 61127342Smlaier} 62127342Smlaier 63127342Smlaierpf_resync() 64127342Smlaier{ 65150839Syar $pf_program -f "$pf_rules" $pf_flags 66127342Smlaier} 67127342Smlaier 68127342Smlaierpf_status() 69127342Smlaier{ 70297315Skp if ! [ -c /dev/pf ] ; then 71297315Skp echo "pf.ko is not loaded" 72297315Skp else 73297315Skp $pf_program -s info 74297315Skp fi 75127342Smlaier} 76127342Smlaier 77127342Smlaierrun_rc_command "$1" 78