xref: /dragonfly/etc/rc.d/pf (revision 36a3d1d6) 
1#!/bin/sh
2#
3# $FreeBSD: src/etc/rc.d/pf,v 1.3 2004/06/23 01:42:06 mlaier Exp $
4# $DragonFly: src/etc/rc.d/pf,v 1.5 2008/02/21 22:42:10 hasso Exp $
5#
6
7# PROVIDE: pf
8# REQUIRE: root mountcritlocal netif pflog
9# BEFORE:  DAEMON LOGIN
10# KEYWORD: nojail
11
12. /etc/rc.subr
13
14name="pf"
15rcvar=`set_rcvar`
16load_rc_config $name
17stop_precmd="test -f ${pf_rules}"
18start_precmd="pf_prestart"
19start_cmd="pf_start"
20stop_cmd="pf_stop"
21reload_precmd="$stop_precmd"
22reload_cmd="pf_reload"
23resync_precmd="$stop_precmd"
24resync_cmd="pf_resync"
25status_precmd="$stop_precmd"
26status_cmd="pf_status"
27extra_commands="reload resync status"
28
29pf_prestart()
30{
31	# load pf kernel module if needed
32	if ! kldstat -q -m "pf"; then
33		if kldload pf; then
34			info 'pf module loaded.'
35		else
36			err 1 'pf module failed to load.'
37		fi
38	fi
39
40	# check for pf rules
41	if [ ! -r "${pf_rules}" ]
42	then
43		warn 'pf: NO PF RULESET FOUND'
44		return 1
45	fi
46}
47
48pf_start()
49{
50	echo "Enabling pf."
51	${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
52	if [ -r "${pf_rules}" ]; then
53		${pf_program:-/sbin/pfctl} \
54		    -f "${pf_rules}" ${pf_flags}
55	fi
56	if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
57		${pf_program:-/sbin/pfctl} -e
58	fi
59}
60
61pf_stop()
62{
63	if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
64		echo "Disabling pf."
65		${pf_program:-/sbin/pfctl} -d
66	fi
67}
68
69pf_reload()
70{
71	echo "Reloading pf rules."
72
73	${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
74	if [ -r "${pf_rules}" ]; then
75		${pf_program:-/sbin/pfctl} \
76		    -f "${pf_rules}" ${pf_flags}
77	fi
78}
79
80pf_resync()
81{
82	# Don't resync if pf is not loaded
83	if ! kldstat -q -m "pf"; then
84		 return
85	fi
86	${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
87}
88
89pf_status()
90{
91	${pf_program:-/sbin/pfctl} -si
92}
93
94run_rc_command "$1"
95