1#!/bin/sh 2# 3# 4 5# PROVIDE: pf 6# REQUIRE: FILESYSTEMS netif pflog pfsync routing 7# KEYWORD: nojailvnet 8 9. /etc/rc.subr 10 11name="pf" 12desc="Packet filter" 13rcvar="pf_enable" 14load_rc_config $name 15start_cmd="pf_start" 16stop_cmd="pf_stop" 17check_cmd="pf_check" 18reload_cmd="pf_reload" 19resync_cmd="pf_resync" 20status_cmd="pf_status" 21extra_commands="check reload resync" 22required_files="$pf_rules" 23required_modules="pf" 24 25# doesn't make sense to run in a svcj: config setting 26pf_svcj="NO" 27 28pf_fallback() 29{ 30 warn "Unable to load $pf_rules." 31 32 if ! checkyesno pf_fallback_rules_enable; then 33 return 34 fi 35 36 if [ -f $pf_fallback_rules_file ]; then 37 warn "Loading fallback rules file: $pf_fallback_rules_file" 38 $pf_program -f "$pf_fallback_rules_file" $pf_flags 39 else 40 warn "Loading fallback rules: $pf_fallback_rules" 41 echo $pf_fallback_rules | $pf_program -f - $pf_flags 42 fi 43} 44 45pf_start() 46{ 47 startmsg -n 'Enabling pf' 48 $pf_program -F all > /dev/null 2>&1 49 $pf_program -f "$pf_rules" $pf_flags || pf_fallback 50 if ! $pf_program -s info | grep -q "Enabled" ; then 51 $pf_program -eq 52 fi 53 startmsg '.' 54} 55 56pf_stop() 57{ 58 if $pf_program -s info | grep -q "Enabled" ; then 59 echo -n 'Disabling pf' 60 $pf_program -dq 61 echo '.' 62 fi 63} 64 65pf_check() 66{ 67 echo "Checking pf rules." 68 $pf_program -n -f "$pf_rules" $pf_flags 69} 70 71pf_reload() 72{ 73 echo "Reloading pf rules." 74 pf_resync 75} 76 77pf_resync() 78{ 79 $pf_program -n -f "$pf_rules" $pf_flags || return 1 80 $pf_program -f "$pf_rules" $pf_flags 81} 82 83pf_status() 84{ 85 if ! [ -c /dev/pf ] ; then 86 echo "pf.ko is not loaded" 87 return 1 88 else 89 $pf_program -s info 90 $pf_program -s Running >/dev/null 91 fi 92} 93 94run_rc_command "$1" 95