Merge branch 'master' of ssh://crater.dragonflybsd.org/repository/git/dragonfly
[dragonfly.git] / etc / rc.d / pf
CommitLineData
95cc27f0
JS
1#!/bin/sh
2#
3# $FreeBSD: src/etc/rc.d/pf,v 1.3 2004/06/23 01:42:06 mlaier Exp $
779e1014 4# $DragonFly: src/etc/rc.d/pf,v 1.5 2008/02/21 22:42:10 hasso Exp $
95cc27f0
JS
5#
6
7# PROVIDE: pf
a8ed1681 8# REQUIRE: root mountcritlocal netif pflog
95cc27f0 9# BEFORE: DAEMON LOGIN
696a5717 10# KEYWORD: nojail
95cc27f0
JS
11
12. /etc/rc.subr
13
14name="pf"
15rcvar=`set_rcvar`
16load_rc_config $name
17stop_precmd="test -f ${pf_rules}"
18start_precmd="pf_prestart"
19start_cmd="pf_start"
20stop_cmd="pf_stop"
21reload_precmd="$stop_precmd"
22reload_cmd="pf_reload"
23resync_precmd="$stop_precmd"
24resync_cmd="pf_resync"
25status_precmd="$stop_precmd"
26status_cmd="pf_status"
27extra_commands="reload resync status"
28
29pf_prestart()
30{
31 # load pf kernel module if needed
779e1014 32 if ! kldstat -q -m "pf"; then
95cc27f0
JS
33 if kldload pf; then
34 info 'pf module loaded.'
35 else
36 err 1 'pf module failed to load.'
37 fi
38 fi
39
40 # check for pf rules
41 if [ ! -r "${pf_rules}" ]
42 then
43 warn 'pf: NO PF RULESET FOUND'
44 return 1
45 fi
46}
47
48pf_start()
49{
50 echo "Enabling pf."
51 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
52 if [ -r "${pf_rules}" ]; then
53 ${pf_program:-/sbin/pfctl} \
54 -f "${pf_rules}" ${pf_flags}
55 fi
56 if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
57 ${pf_program:-/sbin/pfctl} -e
58 fi
59}
60
61pf_stop()
62{
63 if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
64 echo "Disabling pf."
65 ${pf_program:-/sbin/pfctl} -d
66 fi
67}
68
69pf_reload()
70{
71 echo "Reloading pf rules."
72
73 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
74 if [ -r "${pf_rules}" ]; then
75 ${pf_program:-/sbin/pfctl} \
76 -f "${pf_rules}" ${pf_flags}
77 fi
78}
79
80pf_resync()
81{
82 # Don't resync if pf is not loaded
779e1014 83 if ! kldstat -q -m "pf"; then
95cc27f0
JS
84 return
85 fi
86 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
87}
88
89pf_status()
90{
91 ${pf_program:-/sbin/pfctl} -si
92}
93
94run_rc_command "$1"