etc/rc.d/pf

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4 #
   5
   6 # PROVIDE: pf
   7 # REQUIRE: FILESYSTEMS netif pflog pfsync
   8 # BEFORE:  routing
   9 # KEYWORD: nojailvnet
  10
  11 . /etc/rc.subr
  12
  13 name="pf"
  14 desc="Packet filter"
  15 rcvar="pf_enable"
  16 load_rc_config $name
  17 start_cmd="pf_start"
  18 stop_cmd="pf_stop"
  19 check_cmd="pf_check"
  20 reload_cmd="pf_reload"
  21 resync_cmd="pf_resync"
  22 status_cmd="pf_status"
  23 extra_commands="check reload resync"
  24 required_files="$pf_rules"
  25 required_modules="pf"
  26
  27 pf_start()
  28 {
  29         check_startmsgs && echo -n 'Enabling pf'
  30         $pf_program -F all > /dev/null 2>&1
  31         $pf_program -f "$pf_rules" $pf_flags
  32         if ! $pf_program -s info | grep -q "Enabled" ; then
  33                 $pf_program -eq
  34         fi
  35         check_startmsgs && echo '.'
  36 }
  37
  38 pf_stop()
  39 {
  40         if $pf_program -s info | grep -q "Enabled" ; then
  41                 echo -n 'Disabling pf'
  42                 $pf_program -dq
  43                 echo '.'
  44         fi
  45 }
  46
  47 pf_check()
  48 {
  49         echo "Checking pf rules."
  50         $pf_program -n -f "$pf_rules"
  51 }
  52
  53 pf_reload()
  54 {
  55         echo "Reloading pf rules."
  56         $pf_program -n -f "$pf_rules" || return 1
  57         # Flush everything but existing state entries that way when
  58         # rules are read in, it doesn't break established connections.
  59         $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1
  60         $pf_program -f "$pf_rules" $pf_flags
  61 }
  62
  63 pf_resync()
  64 {
  65         $pf_program -f "$pf_rules" $pf_flags
  66 }
  67
  68 pf_status()
  69 {
  70         if ! [ -c /dev/pf ] ; then
  71                 echo "pf.ko is not loaded"
  72         else
  73                 $pf_program -s info
  74         fi
  75 }
  76
  77 run_rc_command "$1"