etc/rc.d/pf

   1 #!/bin/sh
   2 #
   3 # $FreeBSD: src/etc/rc.d/pf,v 1.3 2004/06/23 01:42:06 mlaier Exp $
   4 #
   5
   6 # PROVIDE: pf
   7 # REQUIRE: root mountcritlocal netif pflog
   8 # BEFORE:  DAEMON LOGIN
   9 # KEYWORD: nojail
  10
  11 . /etc/rc.subr
  12
  13 name="pf"
  14 rcvar=`set_rcvar`
  15 load_rc_config $name
  16 stop_precmd="test -f ${pf_rules}"
  17 start_precmd="pf_prestart"
  18 start_cmd="pf_start"
  19 stop_cmd="pf_stop"
  20 reload_precmd="$stop_precmd"
  21 reload_cmd="pf_reload"
  22 resync_precmd="$stop_precmd"
  23 resync_cmd="pf_resync"
  24 status_precmd="$stop_precmd"
  25 status_cmd="pf_status"
  26 extra_commands="reload resync status"
  27
  28 pf_prestart()
  29 {
  30         # load pf kernel module if needed
  31         kldload -n pf || exit 1
  32
  33         # check for pf rules
  34         if [ ! -r "${pf_rules}" ]
  35         then
  36                 warn 'pf: NO PF RULESET FOUND'
  37                 return 1
  38         fi
  39 }
  40
  41 pf_start()
  42 {
  43         echo "Enabling pf."
  44         ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
  45         if [ -r "${pf_rules}" ]; then
  46                 ${pf_program:-/sbin/pfctl} \
  47                     -f "${pf_rules}" ${pf_flags}
  48         fi
  49         if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
  50                 ${pf_program:-/sbin/pfctl} -e
  51         fi
  52 }
  53
  54 pf_stop()
  55 {
  56         if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
  57                 echo "Disabling pf."
  58                 ${pf_program:-/sbin/pfctl} -d
  59         fi
  60 }
  61
  62 pf_reload()
  63 {
  64         echo "Reloading pf rules."
  65
  66         ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
  67         if [ -r "${pf_rules}" ]; then
  68                 ${pf_program:-/sbin/pfctl} \
  69                     -f "${pf_rules}" ${pf_flags}
  70         fi
  71 }
  72
  73 pf_resync()
  74 {
  75         # Don't resync if pf is not loaded
  76         if ! kldstat -q -m "pf"; then
  77                  return
  78         fi
  79         ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
  80 }
  81
  82 pf_status()
  83 {
  84         ${pf_program:-/sbin/pfctl} -si
  85 }
  86
  87 run_rc_command "$1"