summaryrefslogtreecommitdiffstats
path: root/etc/rc.d/pf
Commit message (Collapse)AuthorAgeFilesLines
* Backout r1.11...rse2005-11-101-1/+1
| | | | | | | | | | | | | | | | | | > > There is no need to explicitly add "status" to $extra_commands in > > the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's > > run_rc_command() because of the existing $pf_program. > > > > Submitted by: Christoph Schug <chris@schug.net> ...because as yar@ points out: "[...] you were relying on evil side-effects of the variable being named *_program. hose side-effect have been eliminated since rc.subr rev. 1.42. [...] The point is that the default "status" method is for rc.d scripts that handle startup and shutdown of conventional daemons, and not for custom tasks like the pf case." The change is still valid in RELENG_6 (and still doesn't have to be backed out) as long as rc.subr:r1.42 is not MFC'ed to RELENG_6, too.
* There is no need to explicitly add "status" to $extra_commands inrse2005-11-031-1/+1
| | | | | | | | the /etc/rc.d/pf script as it is implicitly added by /etc/rc.subr's run_rc_command() because of the existing $pf_program. Submitted by: Christoph Schug <chris@schug.net> MFC after: 1 week
* Use available rc.subr features.yar2005-10-021-27/+16
| | | | | Reduce code duplication. Follow the current style of rc.d scripting.
* Record dependency on the newly introduced pfsync.yar2005-10-021-2/+2
| | | | | | | | | | | | | | Start before routing for better system protection. (pf used to start late during system boot, after many a network daemon have started already, which sucked from security POV.) Remark: For maximum security, pf should start before netif, but it would create a dependency loop because pfsync has to start after netif, yet before pf. Discussed with: mlaier on -pf MFC after: 5 days
* Simplify the code by making use of 'kldstat -q -m <mod>'.pjd2005-09-241-6/+3
| | | | No objections from: mlaier
* When reloading rules via rc.d/pf, flush everything but existing stateseanc2005-04-041-1/+3
| | | | | | | | | entries that way when rules are read in, it doesn't break established connections. Approved by: mlaier Reviewed by: rc MFC after: 3 weeks
* - Add 'check' command for checking rules syntax.pjd2004-10-251-11/+14
| | | | | | - Before flushing rules in 'reload' command, check first if rules are correct. - Do not duplicate checking if $pf_rules file exists.
* Remove the requirement for the FreeBSD keyword as it no longermtm2004-10-071-1/+1
| | | | | | | makes any sense. Discussed with: dougb, brooks MFC after: 3 days
* We don't have any providers of `beforenetlkm' in FreeBSD. Remove thekeramida2004-09-161-1/+1
| | | | | | dependency to it from our rc.d scripts. Approved by: mtm
* Swap order of ruleset load and enabling pf to work around a problem on altqmlaier2004-06-231-3/+3
| | | | startup. Moreover, this is the "more logic" order.
* Add rc.d script to start pflogd and add rcvars etc. Also document vars inmlaier2004-04-021-1/+1
| | | | | | | rc.conf(5) and put a sample entry to newsyslog.conf Reviewed by: -current Approved by: bms(mentor)
* Add rc.d script for pf(4) (more to come once pflogd(8) works as well).mlaier2004-03-231-0/+93
Update defaults and write some lines for rc.conf(5) also. Mostly dup'ed from ipf Reviewed by: -current Approved by: bms(mentor)
OpenPOWER on IntegriCloud