xref: /freebsd/libexec/rc/rc.d/pf (revision 357378bbdedf24ce2b90e9bd831af4a9db3ec70a)
1#!/bin/sh
2#
3#
4
5# PROVIDE: pf
6# REQUIRE: FILESYSTEMS netif pflog pfsync routing
7# KEYWORD: nojailvnet
8
9. /etc/rc.subr
10
11name="pf"
12desc="Packet filter"
13rcvar="pf_enable"
14load_rc_config $name
15start_cmd="pf_start"
16stop_cmd="pf_stop"
17check_cmd="pf_check"
18reload_cmd="pf_reload"
19resync_cmd="pf_resync"
20status_cmd="pf_status"
21extra_commands="check reload resync"
22required_files="$pf_rules"
23required_modules="pf"
24
25# doesn't make sense to run in a svcj: config setting
26pf_svcj="NO"
27
28pf_fallback()
29{
30	warn "Unable to load $pf_rules."
31
32	if ! checkyesno pf_fallback_rules_enable; then
33		return
34	fi
35
36	if [ -f $pf_fallback_rules_file ]; then
37		warn "Loading fallback rules file: $pf_fallback_rules_file"
38		$pf_program -f "$pf_fallback_rules_file" $pf_flags
39	else
40		warn "Loading fallback rules: $pf_fallback_rules"
41		echo $pf_fallback_rules | $pf_program -f - $pf_flags
42	fi
43}
44
45pf_start()
46{
47	startmsg -n 'Enabling pf'
48	$pf_program -F all > /dev/null 2>&1
49	$pf_program -f "$pf_rules" $pf_flags || pf_fallback
50	if ! $pf_program -s info | grep -q "Enabled" ; then
51		$pf_program -eq
52	fi
53	startmsg '.'
54}
55
56pf_stop()
57{
58	if $pf_program -s info | grep -q "Enabled" ; then
59		echo -n 'Disabling pf'
60		$pf_program -dq
61		echo '.'
62	fi
63}
64
65pf_check()
66{
67	echo "Checking pf rules."
68	$pf_program -n -f "$pf_rules" $pf_flags
69}
70
71pf_reload()
72{
73	echo "Reloading pf rules."
74	pf_resync
75}
76
77pf_resync()
78{
79	$pf_program -n -f "$pf_rules" $pf_flags || return 1
80	$pf_program -f "$pf_rules" $pf_flags
81}
82
83pf_status()
84{
85	if ! [ -c /dev/pf ] ; then
86		echo "pf.ko is not loaded"
87		return 1
88	else
89		$pf_program -s info
90		$pf_program -s Running >/dev/null
91	fi
92}
93
94run_rc_command "$1"
95