libexec/rc/rc.d/pf

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4 #
   5
   6 # PROVIDE: pf
   7 # REQUIRE: FILESYSTEMS netif pflog pfsync routing
   8 # KEYWORD: nojailvnet
   9
  10 . /etc/rc.subr
  11
  12 name="pf"
  13 desc="Packet filter"
  14 rcvar="pf_enable"
  15 load_rc_config $name
  16 start_cmd="pf_start"
  17 stop_cmd="pf_stop"
  18 check_cmd="pf_check"
  19 reload_cmd="pf_reload"
  20 resync_cmd="pf_resync"
  21 status_cmd="pf_status"
  22 extra_commands="check reload resync"
  23 required_files="$pf_rules"
  24 required_modules="pf"
  25
  26 pf_start()
  27 {
  28         check_startmsgs && echo -n 'Enabling pf'
  29         $pf_program -F all > /dev/null 2>&1
  30         $pf_program -f "$pf_rules" $pf_flags
  31         if ! $pf_program -s info | grep -q "Enabled" ; then
  32                 $pf_program -eq
  33         fi
  34         check_startmsgs && echo '.'
  35 }
  36
  37 pf_stop()
  38 {
  39         if $pf_program -s info | grep -q "Enabled" ; then
  40                 echo -n 'Disabling pf'
  41                 $pf_program -dq
  42                 echo '.'
  43         fi
  44 }
  45
  46 pf_check()
  47 {
  48         echo "Checking pf rules."
  49         $pf_program -n -f "$pf_rules" $pf_flags
  50 }
  51
  52 pf_reload()
  53 {
  54         echo "Reloading pf rules."
  55         pf_resync
  56 }
  57
  58 pf_resync()
  59 {
  60         $pf_program -n -f "$pf_rules" $pf_flags || return 1
  61         $pf_program -f "$pf_rules" $pf_flags
  62 }
  63
  64 pf_status()
  65 {
  66         if ! [ -c /dev/pf ] ; then
  67                 echo "pf.ko is not loaded"
  68                 return 1
  69         else
  70                 $pf_program -s info
  71                 $pf_program -s Running >/dev/null
  72         fi
  73 }
  74
  75 run_rc_command "$1"