Add an rc.d script to start pfsync at the right moment of the

system boot, and hook it up in the system.

The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.

Discussed with:	mlaier on -pf
MFC after:	5 days

2 files changed, 54 insertions, 1 deletions

diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile
index 7437455..e0ba8e5 100755
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@@ -25,7 +25,7 @@ FILES=	DAEMON LOGIN NETWORKING SERVERS \
 	network_ipv6 newsyslog nfsclient nfsd \
 	nfslocking nfsserver nisdomain nsswitch ntpd ntpdate \
 	othermta \
-	pccard pcvt pf pflog \
+	pccard pcvt pf pflog pfsync \
 	powerd power_profile ppp-user pppoed pwcheck \
 	quota \
 	ramdisk ramdisk-own random rarpd rcconf.sh resolv root \
diff --git a/etc/rc.d/pfsync b/etc/rc.d/pfsync
new file mode 100644
index 0000000..8d49042
--- /dev/null
+++ b/etc/rc.d/pfsync
@@ -0,0 +1,53 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: pfsync
+# REQUIRE: root mountcritlocal netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="pfsync"
+rcvar=`set_rcvar`
+start_precmd="pfsync_prestart"
+start_cmd="pfsync_start"
+stop_cmd="pfsync_stop"
+
+pfsync_prestart()
+{
+	case "$pfsync_syncdev" in
+	'')
+		warn "pfsync_syncdev is not set."
+		return 1
+		;;
+	esac
+
+	# load pf kernel module if needed
+	if ! kldstat -q -m pf ; then
+		if kldload pf ; then
+			info "pf module loaded."
+		else
+			warn "pf module failed to load."
+			return 1
+		fi
+	fi
+
+	return 0
+}
+
+pfsync_start()
+{
+	echo "Enabling pfsync."
+	ifconfig pfsync0 syncdev $pfsync_syncdev $pfsync_ifconfig up
+}
+
+pfsync_stop()
+{
+	echo "Disabling pfsync."
+	ifconfig pfsync0 -syncdev down
+}
+
+load_rc_config $name
+run_rc_command "$1"