xref: /freebsd/libexec/rc/rc.d/pf (revision c203bd70b5957f85616424b6fa374479372d06e3)
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: pf
7# REQUIRE: FILESYSTEMS netif pflog pfsync routing
8# KEYWORD: nojailvnet
9
10. /etc/rc.subr
11
12name="pf"
13desc="Packet filter"
14rcvar="pf_enable"
15load_rc_config $name
16start_cmd="pf_start"
17stop_cmd="pf_stop"
18check_cmd="pf_check"
19reload_cmd="pf_reload"
20resync_cmd="pf_resync"
21status_cmd="pf_status"
22extra_commands="check reload resync"
23required_files="$pf_rules"
24required_modules="pf"
25
26pf_start()
27{
28	check_startmsgs && echo -n 'Enabling pf'
29	$pf_program -F all > /dev/null 2>&1
30	$pf_program -f "$pf_rules" $pf_flags
31	if ! $pf_program -s info | grep -q "Enabled" ; then
32		$pf_program -eq
33	fi
34	check_startmsgs && echo '.'
35}
36
37pf_stop()
38{
39	if $pf_program -s info | grep -q "Enabled" ; then
40		echo -n 'Disabling pf'
41		$pf_program -dq
42		echo '.'
43	fi
44}
45
46pf_check()
47{
48	echo "Checking pf rules."
49	$pf_program -n -f "$pf_rules" $pf_flags
50}
51
52pf_reload()
53{
54	echo "Reloading pf rules."
55	pf_resync
56}
57
58pf_resync()
59{
60	$pf_program -n -f "$pf_rules" $pf_flags || return 1
61	$pf_program -f "$pf_rules" $pf_flags
62}
63
64pf_status()
65{
66	if ! [ -c /dev/pf ] ; then
67		echo "pf.ko is not loaded"
68		return 1
69	else
70		$pf_program -s info
71		$pf_program -s Running >/dev/null
72	fi
73}
74
75run_rc_command "$1"
76