summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/defaults/rc.conf3
-rwxr-xr-xetc/rc.d/Makefile2
-rw-r--r--etc/rc.d/pfsync53
3 files changed, 57 insertions, 1 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 34b1add..1385061 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -135,6 +135,9 @@ pflog_enable="NO" # Set to YES to enable packet filter logging
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_program="/sbin/pflogd" # where the pflogd program lives
pflog_flags="" # additional flags for pflogd
+pfsync_enable="NO" # Expose pf state to other hosts for syncing
+pfsync_syncdev="" # Interface for pfsync to work through
+pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync
tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions.
log_in_vain="0" # >=1 to log connects to ports w/o listeners.
tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO).
diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile
index 7437455..e0ba8e5 100755
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@@ -25,7 +25,7 @@ FILES= DAEMON LOGIN NETWORKING SERVERS \
network_ipv6 newsyslog nfsclient nfsd \
nfslocking nfsserver nisdomain nsswitch ntpd ntpdate \
othermta \
- pccard pcvt pf pflog \
+ pccard pcvt pf pflog pfsync \
powerd power_profile ppp-user pppoed pwcheck \
quota \
ramdisk ramdisk-own random rarpd rcconf.sh resolv root \
diff --git a/etc/rc.d/pfsync b/etc/rc.d/pfsync
new file mode 100644
index 0000000..8d49042
--- /dev/null
+++ b/etc/rc.d/pfsync
@@ -0,0 +1,53 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: pfsync
+# REQUIRE: root mountcritlocal netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="pfsync"
+rcvar=`set_rcvar`
+start_precmd="pfsync_prestart"
+start_cmd="pfsync_start"
+stop_cmd="pfsync_stop"
+
+pfsync_prestart()
+{
+ case "$pfsync_syncdev" in
+ '')
+ warn "pfsync_syncdev is not set."
+ return 1
+ ;;
+ esac
+
+ # load pf kernel module if needed
+ if ! kldstat -q -m pf ; then
+ if kldload pf ; then
+ info "pf module loaded."
+ else
+ warn "pf module failed to load."
+ return 1
+ fi
+ fi
+
+ return 0
+}
+
+pfsync_start()
+{
+ echo "Enabling pfsync."
+ ifconfig pfsync0 syncdev $pfsync_syncdev $pfsync_ifconfig up
+}
+
+pfsync_stop()
+{
+ echo "Disabling pfsync."
+ ifconfig pfsync0 -syncdev down
+}
+
+load_rc_config $name
+run_rc_command "$1"
OpenPOWER on IntegriCloud