libexec/rc/rc.d/pf

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4 #
   5
   6 # PROVIDE: pf
   7 # REQUIRE: FILESYSTEMS netif pflog pfsync routing
   8 # KEYWORD: nojailvnet
   9
  10 . /etc/rc.subr
  11
  12 name="pf"
  13 desc="Packet filter"
  14 rcvar="pf_enable"
  15 load_rc_config $name
  16 start_cmd="pf_start"
  17 stop_cmd="pf_stop"
  18 check_cmd="pf_check"
  19 reload_cmd="pf_reload"
  20 resync_cmd="pf_resync"
  21 status_cmd="pf_status"
  22 extra_commands="check reload resync"
  23 required_files="$pf_rules"
  24 required_modules="pf"
  25
  26 pf_fallback()
  27 {
  28         warn "Unable to load $pf_rules."
  29
  30         if ! checkyesno pf_fallback_rules_enable; then
  31                 return
  32         fi
  33
  34         if [ -f $pf_fallback_rules_file ]; then
  35                 warn "Loading fallback rules file: $pf_fallback_rules_file"
  36                 $pf_program -f "$pf_fallback_rules_file" $pf_flags
  37         else
  38                 warn "Loading fallback rules: $pf_fallback_rules"
  39                 echo $pf_fallback_rules | $pf_program -f - $pf_flags
  40         fi
  41 }
  42
  43 pf_start()
  44 {
  45         check_startmsgs && echo -n 'Enabling pf'
  46         $pf_program -F all > /dev/null 2>&1
  47         $pf_program -f "$pf_rules" $pf_flags || pf_fallback
  48         if ! $pf_program -s info | grep -q "Enabled" ; then
  49                 $pf_program -eq
  50         fi
  51         check_startmsgs && echo '.'
  52 }
  53
  54 pf_stop()
  55 {
  56         if $pf_program -s info | grep -q "Enabled" ; then
  57                 echo -n 'Disabling pf'
  58                 $pf_program -dq
  59                 echo '.'
  60         fi
  61 }
  62
  63 pf_check()
  64 {
  65         echo "Checking pf rules."
  66         $pf_program -n -f "$pf_rules" $pf_flags
  67 }
  68
  69 pf_reload()
  70 {
  71         echo "Reloading pf rules."
  72         pf_resync
  73 }
  74
  75 pf_resync()
  76 {
  77         $pf_program -n -f "$pf_rules" $pf_flags || return 1
  78         $pf_program -f "$pf_rules" $pf_flags
  79 }
  80
  81 pf_status()
  82 {
  83         if ! [ -c /dev/pf ] ; then
  84                 echo "pf.ko is not loaded"
  85                 return 1
  86         else
  87                 $pf_program -s info
  88                 $pf_program -s Running >/dev/null
  89         fi
  90 }
  91
  92 run_rc_command "$1"