1#!/bin/sh 2# 3# 4 5# PROVIDE: pf 6# REQUIRE: FILESYSTEMS netif pflog pfsync routing 7# KEYWORD: nojailvnet 8 9. /etc/rc.subr 10 11name="pf" 12desc="Packet filter" 13rcvar="pf_enable" 14load_rc_config $name 15start_cmd="pf_start" 16stop_cmd="pf_stop" 17check_cmd="pf_check" 18reload_cmd="pf_reload" 19resync_cmd="pf_resync" 20status_cmd="pf_status" 21extra_commands="check reload resync" 22required_files="$pf_rules" 23required_modules="pf" 24 25pf_fallback() 26{ 27 warn "Unable to load $pf_rules." 28 29 if ! checkyesno pf_fallback_rules_enable; then 30 return 31 fi 32 33 if [ -f $pf_fallback_rules_file ]; then 34 warn "Loading fallback rules file: $pf_fallback_rules_file" 35 $pf_program -f "$pf_fallback_rules_file" $pf_flags 36 else 37 warn "Loading fallback rules: $pf_fallback_rules" 38 echo $pf_fallback_rules | $pf_program -f - $pf_flags 39 fi 40} 41 42pf_start() 43{ 44 startmsg -n 'Enabling pf' 45 $pf_program -F all > /dev/null 2>&1 46 $pf_program -f "$pf_rules" $pf_flags || pf_fallback 47 if ! $pf_program -s info | grep -q "Enabled" ; then 48 $pf_program -eq 49 fi 50 startmsg '.' 51} 52 53pf_stop() 54{ 55 if $pf_program -s info | grep -q "Enabled" ; then 56 echo -n 'Disabling pf' 57 $pf_program -dq 58 echo '.' 59 fi 60} 61 62pf_check() 63{ 64 echo "Checking pf rules." 65 $pf_program -n -f "$pf_rules" $pf_flags 66} 67 68pf_reload() 69{ 70 echo "Reloading pf rules." 71 pf_resync 72} 73 74pf_resync() 75{ 76 $pf_program -n -f "$pf_rules" $pf_flags || return 1 77 $pf_program -f "$pf_rules" $pf_flags 78} 79 80pf_status() 81{ 82 if ! [ -c /dev/pf ] ; then 83 echo "pf.ko is not loaded" 84 return 1 85 else 86 $pf_program -s info 87 $pf_program -s Running >/dev/null 88 fi 89} 90 91run_rc_command "$1" 92