pf revision 298514 
1#!/bin/sh
2#
3# $FreeBSD: head/etc/rc.d/pf 298514 2016-04-23 16:10:54Z lme $
4#
5
6# PROVIDE: pf
7# REQUIRE: FILESYSTEMS netif pflog pfsync
8# BEFORE:  routing
9# KEYWORD: nojail
10
11. /etc/rc.subr
12
13name="pf"
14desc="Packet filter"
15rcvar="pf_enable"
16load_rc_config $name
17start_cmd="pf_start"
18stop_cmd="pf_stop"
19check_cmd="pf_check"
20reload_cmd="pf_reload"
21resync_cmd="pf_resync"
22status_cmd="pf_status"
23extra_commands="check reload resync"
24required_files="$pf_rules"
25required_modules="pf"
26
27pf_start()
28{
29	check_startmsgs && echo -n 'Enabling pf'
30	$pf_program -F all > /dev/null 2>&1
31	$pf_program -f "$pf_rules" $pf_flags
32	if ! $pf_program -s info | grep -q "Enabled" ; then
33		$pf_program -eq
34	fi
35	check_startmsgs && echo '.'
36}
37
38pf_stop()
39{
40	if $pf_program -s info | grep -q "Enabled" ; then
41		echo -n 'Disabling pf'
42		$pf_program -dq
43		echo '.'
44	fi
45}
46
47pf_check()
48{
49	echo "Checking pf rules."
50	$pf_program -n -f "$pf_rules"
51}
52
53pf_reload()
54{
55	echo "Reloading pf rules."
56	$pf_program -n -f "$pf_rules" || return 1
57	# Flush everything but existing state entries that way when
58	# rules are read in, it doesn't break established connections.
59	$pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1
60	$pf_program -f "$pf_rules" $pf_flags
61}
62
63pf_resync()
64{
65	$pf_program -f "$pf_rules" $pf_flags
66}
67
68pf_status()
69{
70	if ! [ -c /dev/pf ] ; then
71		echo "pf.ko is not loaded"
72	else
73		$pf_program -s info
74	fi
75}
76
77run_rc_command "$1"
78