xref: /freebsd/libexec/rc/rc.d/pf (revision c1d255d3ffdbe447de3ab875bf4e7d7accc5bfc5)
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: pf
7# REQUIRE: FILESYSTEMS netif pflog pfsync routing
8# KEYWORD: nojailvnet
9
10. /etc/rc.subr
11
12name="pf"
13desc="Packet filter"
14rcvar="pf_enable"
15load_rc_config $name
16start_cmd="pf_start"
17stop_cmd="pf_stop"
18check_cmd="pf_check"
19reload_cmd="pf_reload"
20resync_cmd="pf_resync"
21status_cmd="pf_status"
22extra_commands="check reload resync"
23required_files="$pf_rules"
24required_modules="pf"
25
26pf_fallback()
27{
28	warn "Unable to load $pf_rules."
29
30	if ! checkyesno pf_fallback_rules_enable; then
31		return
32	fi
33
34	if [ -f $pf_fallback_rules_file ]; then
35		warn "Loading fallback rules file: $pf_fallback_rules_file"
36		$pf_program -f "$pf_fallback_rules_file" $pf_flags
37	else
38		warn "Loading fallback rules: $pf_fallback_rules"
39		echo $pf_fallback_rules | $pf_program -f - $pf_flags
40	fi
41}
42
43pf_start()
44{
45	check_startmsgs && echo -n 'Enabling pf'
46	$pf_program -F all > /dev/null 2>&1
47	$pf_program -f "$pf_rules" $pf_flags || pf_fallback
48	if ! $pf_program -s info | grep -q "Enabled" ; then
49		$pf_program -eq
50	fi
51	check_startmsgs && echo '.'
52}
53
54pf_stop()
55{
56	if $pf_program -s info | grep -q "Enabled" ; then
57		echo -n 'Disabling pf'
58		$pf_program -dq
59		echo '.'
60	fi
61}
62
63pf_check()
64{
65	echo "Checking pf rules."
66	$pf_program -n -f "$pf_rules" $pf_flags
67}
68
69pf_reload()
70{
71	echo "Reloading pf rules."
72	pf_resync
73}
74
75pf_resync()
76{
77	$pf_program -n -f "$pf_rules" $pf_flags || return 1
78	$pf_program -f "$pf_rules" $pf_flags
79}
80
81pf_status()
82{
83	if ! [ -c /dev/pf ] ; then
84		echo "pf.ko is not loaded"
85		return 1
86	else
87		$pf_program -s info
88		$pf_program -s Running >/dev/null
89	fi
90}
91
92run_rc_command "$1"
93