Max Laier 1f4408f321 Add rc.d script for pf(4) (more to come once pflogd(8) works as well).
Update defaults and write some lines for rc.conf(5) also.
Mostly dup'ed from ipf

Reviewed by:	-current
Approved by:	bms(mentor)
2004-03-23 22:30:15 +00:00

94 lines
1.6 KiB
Bash

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: pf
# REQUIRE: root beforenetlkm mountcritlocal netif
# BEFORE: DAEMON LOGIN
# KEYWORD: FreeBSD nojail
. /etc/rc.subr
name="pf"
rcvar=`set_rcvar`
load_rc_config $name
stop_precmd="test -f ${pf_rules}"
start_precmd="pf_prestart"
start_cmd="pf_start"
stop_cmd="pf_stop"
reload_precmd="$stop_precmd"
reload_cmd="pf_reload"
resync_precmd="$stop_precmd"
resync_cmd="pf_resync"
status_precmd="$stop_precmd"
status_cmd="pf_status"
extra_commands="reload resync status"
pf_prestart()
{
# load pf kernel module if needed
if ! kldstat -v | grep -q pf\$; then
if kldload pf; then
info 'pf module loaded.'
else
err 1 'pf module failed to load.'
fi
fi
# check for pf rules
if [ ! -r "${pf_rules}" ]
then
warn 'pf: NO PF RULESET FOUND'
return 1
fi
}
pf_start()
{
echo "Enabling pf."
if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
${pf_program:-/sbin/pfctl} -e
fi
${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
if [ -r "${pf_rules}" ]; then
${pf_program:-/sbin/pfctl} \
-f "${pf_rules}" ${pf_flags}
fi
}
pf_stop()
{
if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
echo "Disabling pf."
${pf_program:-/sbin/pfctl} -d
fi
}
pf_reload()
{
echo "Reloading pf rules."
${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
if [ -r "${pf_rules}" ]; then
${pf_program:-/sbin/pfctl} \
-f "${pf_rules}" ${pf_flags}
fi
}
pf_resync()
{
# Don't resync if pf is not loaded
if ! kldstat -v | grep -q pf\$ ; then
return
fi
${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
}
pf_status()
{
${pf_program:-/sbin/pfctl} -si
}
run_rc_command "$1"