#!/bin/sh # # $FreeBSD$ # # PROVIDE: pf # REQUIRE: root beforenetlkm mountcritlocal netif pflog # BEFORE: DAEMON LOGIN # KEYWORD: FreeBSD nojail . /etc/rc.subr name="pf" rcvar=`set_rcvar` load_rc_config $name stop_precmd="test -f ${pf_rules}" start_precmd="pf_prestart" start_cmd="pf_start" stop_cmd="pf_stop" reload_precmd="$stop_precmd" reload_cmd="pf_reload" resync_precmd="$stop_precmd" resync_cmd="pf_resync" status_precmd="$stop_precmd" status_cmd="pf_status" extra_commands="reload resync status" pf_prestart() { # load pf kernel module if needed if ! kldstat -v | grep -q pf\$; then if kldload pf; then info 'pf module loaded.' else err 1 'pf module failed to load.' fi fi # check for pf rules if [ ! -r "${pf_rules}" ] then warn 'pf: NO PF RULESET FOUND' return 1 fi } pf_start() { echo "Enabling pf." ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 if [ -r "${pf_rules}" ]; then ${pf_program:-/sbin/pfctl} \ -f "${pf_rules}" ${pf_flags} fi if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then ${pf_program:-/sbin/pfctl} -e fi } pf_stop() { if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then echo "Disabling pf." ${pf_program:-/sbin/pfctl} -d fi } pf_reload() { echo "Reloading pf rules." ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 if [ -r "${pf_rules}" ]; then ${pf_program:-/sbin/pfctl} \ -f "${pf_rules}" ${pf_flags} fi } pf_resync() { # Don't resync if pf is not loaded if ! kldstat -v | grep -q pf\$ ; then return fi ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} } pf_status() { ${pf_program:-/sbin/pfctl} -si } run_rc_command "$1"