7 # REQUIRE: root mountcritlocal netif pflog pfsync
16 start_precmd="pf_prestart"
20 reload_cmd="pf_reload"
21 resync_cmd="pf_resync"
22 status_cmd="pf_status"
23 extra_commands="check reload resync status"
24 required_files="$pf_rules"
28 # load pf kernel module if needed
29 if ! kldstat -q -m pf ; then
31 info 'pf module loaded.'
33 warn 'pf module failed to load.'
43 $pf_program -F all > /dev/null 2>&1
44 $pf_program -f "$pf_rules" $pf_flags
45 if ! $pf_program -s info | grep -q "Enabled" ; then
52 if $pf_program -s info | grep -q "Enabled" ; then
60 echo "Checking pf rules."
61 $pf_program -n -f "$pf_rules"
66 echo "Reloading pf rules."
67 $pf_program -n -f "$pf_rules" || return 1
68 # Flush everything but existing state entries that way when
69 # rules are read in, it doesn't break established connections.
70 $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1
71 $pf_program -f "$pf_rules" $pf_flags
76 $pf_program -f "$pf_rules" $pf_flags