1#!/bin/sh 2# 3# $FreeBSD: src/etc/rc.d/pf,v 1.3 2004/06/23 01:42:06 mlaier Exp $ 4# $DragonFly: src/etc/rc.d/pf,v 1.5 2008/02/21 22:42:10 hasso Exp $ 5# 6 7# PROVIDE: pf 8# REQUIRE: root mountcritlocal netif pflog 9# BEFORE: DAEMON LOGIN 10# KEYWORD: nojail 11 12. /etc/rc.subr 13 14name="pf" 15rcvar=`set_rcvar` 16load_rc_config $name 17stop_precmd="test -f ${pf_rules}" 18start_precmd="pf_prestart" 19start_cmd="pf_start" 20stop_cmd="pf_stop" 21reload_precmd="$stop_precmd" 22reload_cmd="pf_reload" 23resync_precmd="$stop_precmd" 24resync_cmd="pf_resync" 25status_precmd="$stop_precmd" 26status_cmd="pf_status" 27extra_commands="reload resync status" 28 29pf_prestart() 30{ 31 # load pf kernel module if needed 32 if ! kldstat -q -m "pf"; then 33 if kldload pf; then 34 info 'pf module loaded.' 35 else 36 err 1 'pf module failed to load.' 37 fi 38 fi 39 40 # check for pf rules 41 if [ ! -r "${pf_rules}" ] 42 then 43 warn 'pf: NO PF RULESET FOUND' 44 return 1 45 fi 46} 47 48pf_start() 49{ 50 echo "Enabling pf." 51 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 52 if [ -r "${pf_rules}" ]; then 53 ${pf_program:-/sbin/pfctl} \ 54 -f "${pf_rules}" ${pf_flags} 55 fi 56 if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 57 ${pf_program:-/sbin/pfctl} -e 58 fi 59} 60 61pf_stop() 62{ 63 if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then 64 echo "Disabling pf." 65 ${pf_program:-/sbin/pfctl} -d 66 fi 67} 68 69pf_reload() 70{ 71 echo "Reloading pf rules." 72 73 ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 74 if [ -r "${pf_rules}" ]; then 75 ${pf_program:-/sbin/pfctl} \ 76 -f "${pf_rules}" ${pf_flags} 77 fi 78} 79 80pf_resync() 81{ 82 # Don't resync if pf is not loaded 83 if ! kldstat -q -m "pf"; then 84 return 85 fi 86 ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} 87} 88 89pf_status() 90{ 91 ${pf_program:-/sbin/pfctl} -si 92} 93 94run_rc_command "$1" 95