etc/rc.d/pf

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4 #
   5
   6 # PROVIDE: pf
   7 # REQUIRE: root mountcritlocal netif pflog
   8 # BEFORE:  DAEMON LOGIN
   9 # KEYWORD: nojail
  10
  11 . /etc/rc.subr
  12
  13 name="pf"
  14 rcvar=`set_rcvar`
  15 load_rc_config $name
  16 stop_precmd="test -f ${pf_rules}"
  17 start_precmd="pf_prestart"
  18 start_cmd="pf_start"
  19 stop_cmd="pf_stop"
  20 check_precmd="$stop_precmd"
  21 check_cmd="pf_check"
  22 reload_precmd="$stop_precmd"
  23 reload_cmd="pf_reload"
  24 resync_precmd="$stop_precmd"
  25 resync_cmd="pf_resync"
  26 status_precmd="$stop_precmd"
  27 status_cmd="pf_status"
  28 extra_commands="check reload resync status"
  29
  30 pf_prestart()
  31 {
  32         # load pf kernel module if needed
  33         if ! kldstat -v | grep -q pf\$; then
  34                 if kldload pf; then
  35                         info 'pf module loaded.'
  36                 else
  37                         err 1 'pf module failed to load.'
  38                 fi
  39         fi
  40
  41         # check for pf rules
  42         if [ ! -r "${pf_rules}" ]; then
  43                 warn 'pf: NO PF RULESET FOUND'
  44                 return 1
  45         fi
  46 }
  47
  48 pf_start()
  49 {
  50         echo "Enabling pf."
  51         ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
  52         ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
  53         if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
  54                 ${pf_program:-/sbin/pfctl} -e
  55         fi
  56 }
  57
  58 pf_stop()
  59 {
  60         if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
  61                 echo "Disabling pf."
  62                 ${pf_program:-/sbin/pfctl} -d
  63         fi
  64 }
  65
  66 pf_check()
  67 {
  68         echo "Checking pf rules."
  69
  70         ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}"
  71 }
  72
  73 pf_reload()
  74 {
  75         echo "Reloading pf rules."
  76
  77         ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1
  78         ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1
  79         ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
  80 }
  81
  82 pf_resync()
  83 {
  84         # Don't resync if pf is not loaded
  85         if ! kldstat -v | grep -q pf\$ ; then
  86                  return
  87         fi
  88         ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
  89 }
  90
  91 pf_status()
  92 {
  93         ${pf_program:-/sbin/pfctl} -si
  94 }
  95
  96 run_rc_command "$1"