diff options
| author | yar <yar@FreeBSD.org> | 2005-10-02 19:17:49 +0000 |
|---|---|---|
| committer | yar <yar@FreeBSD.org> | 2005-10-02 19:17:49 +0000 |
| commit | 6037bb20e32cb66cccbfb90fb8b5f3e984b56855 (patch) | |
| tree | c43fec40a62d8642955e2c62f5ea8d62dbe1cd76 /etc | |
| parent | c9aa4c7309829b3a171fef8312658e6f688ab0d7 (diff) | |
| download | FreeBSD-src-6037bb20e32cb66cccbfb90fb8b5f3e984b56855.zip FreeBSD-src-6037bb20e32cb66cccbfb90fb8b5f3e984b56855.tar.gz | |
Use available rc.subr features.
Reduce code duplication.
Follow the current style of rc.d scripting.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/rc.d/pf | 43 |
1 files changed, 16 insertions, 27 deletions
diff --git a/etc/rc.d/pf b/etc/rc.d/pf index f2dc8c7..db1bf60 100644 --- a/etc/rc.d/pf +++ b/etc/rc.d/pf @@ -13,19 +13,15 @@ name="pf" rcvar=`set_rcvar` load_rc_config $name -stop_precmd="test -f ${pf_rules}" start_precmd="pf_prestart" start_cmd="pf_start" stop_cmd="pf_stop" -check_precmd="$stop_precmd" check_cmd="pf_check" -reload_precmd="$stop_precmd" reload_cmd="pf_reload" -resync_precmd="$stop_precmd" resync_cmd="pf_resync" -status_precmd="$stop_precmd" status_cmd="pf_status" extra_commands="check reload resync status" +required_files="$pf_rules" pf_prestart() { @@ -34,62 +30,55 @@ pf_prestart() if kldload pf ; then info 'pf module loaded.' else - err 1 'pf module failed to load.' + warn 'pf module failed to load.' + return 1 fi fi - - # check for pf rules - if [ ! -r "${pf_rules}" ]; then - warn 'pf: NO PF RULESET FOUND' - return 1 - fi + return 0 } pf_start() { echo "Enabling pf." - ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 - ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} - if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then - ${pf_program:-/sbin/pfctl} -e + $pf_program -Fall > /dev/null 2>&1 + $pf_program -f "$pf_rules" $pf_flags + if ! $pf_program -s info | grep -q "Enabled" ; then + $pf_program -e fi } pf_stop() { - if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then + if $pf_program -s info | grep -q "Enabled" ; then echo "Disabling pf." - ${pf_program:-/sbin/pfctl} -d + $pf_program -d fi } pf_check() { echo "Checking pf rules." - - ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" + $pf_program -n -f "$pf_rules" } pf_reload() { echo "Reloading pf rules." - - ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1 + $pf_program -n -f "$pf_rules" || return 1 # Flush everything but existing state entries that way when # rules are read in, it doesn't break established connections. - ${pf_program:-/sbin/pfctl} -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 - ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} + $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 + $pf_program -f "$pf_rules" $pf_flags } pf_resync() { - # Don't resync if pf is not loaded - kldstat -q -m pf && ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} + $pf_program -f "$pf_rules" $pf_flags } pf_status() { - ${pf_program:-/sbin/pfctl} -si + $pf_program -s info } run_rc_command "$1" |
