diff options
author | mlaier <mlaier@FreeBSD.org> | 2004-03-23 22:30:15 +0000 |
---|---|---|
committer | mlaier <mlaier@FreeBSD.org> | 2004-03-23 22:30:15 +0000 |
commit | a1442efbd3a92a0065dcfbb30e6b3fea289f78ae (patch) | |
tree | 04dc9e09454c4ddfe2ad509775cdc511e157ad67 /etc/rc.d | |
parent | c92c2d6926b1957433d010a9d32ff510b02b8fa2 (diff) | |
download | FreeBSD-src-a1442efbd3a92a0065dcfbb30e6b3fea289f78ae.zip FreeBSD-src-a1442efbd3a92a0065dcfbb30e6b3fea289f78ae.tar.gz |
Add rc.d script for pf(4) (more to come once pflogd(8) works as well).
Update defaults and write some lines for rc.conf(5) also.
Mostly dup'ed from ipf
Reviewed by: -current
Approved by: bms(mentor)
Diffstat (limited to 'etc/rc.d')
-rw-r--r-- | etc/rc.d/pf | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/etc/rc.d/pf b/etc/rc.d/pf new file mode 100644 index 0000000..f8fabd0 --- /dev/null +++ b/etc/rc.d/pf @@ -0,0 +1,93 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pf +# REQUIRE: root beforenetlkm mountcritlocal netif +# BEFORE: DAEMON LOGIN +# KEYWORD: FreeBSD nojail + +. /etc/rc.subr + +name="pf" +rcvar=`set_rcvar` +load_rc_config $name +stop_precmd="test -f ${pf_rules}" +start_precmd="pf_prestart" +start_cmd="pf_start" +stop_cmd="pf_stop" +reload_precmd="$stop_precmd" +reload_cmd="pf_reload" +resync_precmd="$stop_precmd" +resync_cmd="pf_resync" +status_precmd="$stop_precmd" +status_cmd="pf_status" +extra_commands="reload resync status" + +pf_prestart() +{ + # load pf kernel module if needed + if ! kldstat -v | grep -q pf\$; then + if kldload pf; then + info 'pf module loaded.' + else + err 1 'pf module failed to load.' + fi + fi + + # check for pf rules + if [ ! -r "${pf_rules}" ] + then + warn 'pf: NO PF RULESET FOUND' + return 1 + fi +} + +pf_start() +{ + echo "Enabling pf." + if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then + ${pf_program:-/sbin/pfctl} -e + fi + ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 + if [ -r "${pf_rules}" ]; then + ${pf_program:-/sbin/pfctl} \ + -f "${pf_rules}" ${pf_flags} + fi +} + +pf_stop() +{ + if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then + echo "Disabling pf." + ${pf_program:-/sbin/pfctl} -d + fi +} + +pf_reload() +{ + echo "Reloading pf rules." + + ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 + if [ -r "${pf_rules}" ]; then + ${pf_program:-/sbin/pfctl} \ + -f "${pf_rules}" ${pf_flags} + fi +} + +pf_resync() +{ + # Don't resync if pf is not loaded + if ! kldstat -v | grep -q pf\$ ; then + return + fi + ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} +} + +pf_status() +{ + ${pf_program:-/sbin/pfctl} -si +} + +run_rc_command "$1" |