1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# PROVIDE: pf 7# REQUIRE: FILESYSTEMS netif pflog pfsync routing 8# KEYWORD: nojailvnet 9 10. /etc/rc.subr 11 12name="pf" 13desc="Packet filter" 14rcvar="pf_enable" 15load_rc_config $name 16start_cmd="pf_start" 17stop_cmd="pf_stop" 18check_cmd="pf_check" 19reload_cmd="pf_reload" 20resync_cmd="pf_resync" 21status_cmd="pf_status" 22extra_commands="check reload resync" 23required_files="$pf_rules" 24required_modules="pf" 25 26pf_fallback() 27{ 28 warn "Unable to load $pf_rules." 29 30 if ! checkyesno pf_fallback_rules_enable; then 31 return 32 fi 33 34 if [ -f $pf_fallback_rules_file ]; then 35 warn "Loading fallback rules file: $pf_fallback_rules_file" 36 $pf_program -f "$pf_fallback_rules_file" $pf_flags 37 else 38 warn "Loading fallback rules: $pf_fallback_rules" 39 echo $pf_fallback_rules | $pf_program -f - $pf_flags 40 fi 41} 42 43pf_start() 44{ 45 startmsg -n 'Enabling pf' 46 $pf_program -F all > /dev/null 2>&1 47 $pf_program -f "$pf_rules" $pf_flags || pf_fallback 48 if ! $pf_program -s info | grep -q "Enabled" ; then 49 $pf_program -eq 50 fi 51 startmsg '.' 52} 53 54pf_stop() 55{ 56 if $pf_program -s info | grep -q "Enabled" ; then 57 echo -n 'Disabling pf' 58 $pf_program -dq 59 echo '.' 60 fi 61} 62 63pf_check() 64{ 65 echo "Checking pf rules." 66 $pf_program -n -f "$pf_rules" $pf_flags 67} 68 69pf_reload() 70{ 71 echo "Reloading pf rules." 72 pf_resync 73} 74 75pf_resync() 76{ 77 $pf_program -n -f "$pf_rules" $pf_flags || return 1 78 $pf_program -f "$pf_rules" $pf_flags 79} 80 81pf_status() 82{ 83 if ! [ -c /dev/pf ] ; then 84 echo "pf.ko is not loaded" 85 return 1 86 else 87 $pf_program -s info 88 $pf_program -s Running >/dev/null 89 fi 90} 91 92run_rc_command "$1" 93