Fix pf and ipfilter module loading checks.
[dragonfly.git] / etc / rc.d / pf
1 #!/bin/sh
2 #
3 # $FreeBSD: src/etc/rc.d/pf,v 1.3 2004/06/23 01:42:06 mlaier Exp $
4 # $DragonFly: src/etc/rc.d/pf,v 1.5 2008/02/21 22:42:10 hasso Exp $
5 #
6
7 # PROVIDE: pf
8 # REQUIRE: root mountcritlocal netif pflog
9 # BEFORE:  DAEMON LOGIN
10 # KEYWORD: nojail
11
12 . /etc/rc.subr
13
14 name="pf"
15 rcvar=`set_rcvar`
16 load_rc_config $name
17 stop_precmd="test -f ${pf_rules}"
18 start_precmd="pf_prestart"
19 start_cmd="pf_start"
20 stop_cmd="pf_stop"
21 reload_precmd="$stop_precmd"
22 reload_cmd="pf_reload"
23 resync_precmd="$stop_precmd"
24 resync_cmd="pf_resync"
25 status_precmd="$stop_precmd"
26 status_cmd="pf_status"
27 extra_commands="reload resync status"
28
29 pf_prestart()
30 {
31         # load pf kernel module if needed
32         if ! kldstat -q -m "pf"; then
33                 if kldload pf; then
34                         info 'pf module loaded.'
35                 else
36                         err 1 'pf module failed to load.'
37                 fi
38         fi
39
40         # check for pf rules
41         if [ ! -r "${pf_rules}" ]
42         then
43                 warn 'pf: NO PF RULESET FOUND'
44                 return 1
45         fi
46 }
47
48 pf_start()
49 {
50         echo "Enabling pf."
51         ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
52         if [ -r "${pf_rules}" ]; then
53                 ${pf_program:-/sbin/pfctl} \
54                     -f "${pf_rules}" ${pf_flags}
55         fi
56         if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
57                 ${pf_program:-/sbin/pfctl} -e
58         fi
59 }
60
61 pf_stop()
62 {
63         if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
64                 echo "Disabling pf."
65                 ${pf_program:-/sbin/pfctl} -d
66         fi
67 }
68
69 pf_reload()
70 {
71         echo "Reloading pf rules."
72
73         ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
74         if [ -r "${pf_rules}" ]; then
75                 ${pf_program:-/sbin/pfctl} \
76                     -f "${pf_rules}" ${pf_flags}
77         fi
78 }
79
80 pf_resync()
81 {
82         # Don't resync if pf is not loaded
83         if ! kldstat -q -m "pf"; then
84                  return
85         fi
86         ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
87 }
88
89 pf_status()
90 {
91         ${pf_program:-/sbin/pfctl} -si
92 }
93
94 run_rc_command "$1"