xref: /freebsd/libexec/rc/rc.d/pf (revision e9dcd83155b39327497e7a2577d8990074144ff3)
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: pf
7# REQUIRE: FILESYSTEMS netif pflog pfsync
8# BEFORE:  routing
9# KEYWORD: nojailvnet
10
11. /etc/rc.subr
12
13name="pf"
14desc="Packet filter"
15rcvar="pf_enable"
16load_rc_config $name
17start_cmd="pf_start"
18stop_cmd="pf_stop"
19check_cmd="pf_check"
20reload_cmd="pf_reload"
21resync_cmd="pf_resync"
22status_cmd="pf_status"
23extra_commands="check reload resync"
24required_files="$pf_rules"
25required_modules="pf"
26
27pf_start()
28{
29	check_startmsgs && echo -n 'Enabling pf'
30	$pf_program -F all > /dev/null 2>&1
31	$pf_program -f "$pf_rules" $pf_flags
32	if ! $pf_program -s info | grep -q "Enabled" ; then
33		$pf_program -eq
34	fi
35	check_startmsgs && echo '.'
36}
37
38pf_stop()
39{
40	if $pf_program -s info | grep -q "Enabled" ; then
41		echo -n 'Disabling pf'
42		$pf_program -dq
43		echo '.'
44	fi
45}
46
47pf_check()
48{
49	echo "Checking pf rules."
50	$pf_program -n -f "$pf_rules" $pf_flags
51}
52
53pf_reload()
54{
55	echo "Reloading pf rules."
56	pf_resync
57}
58
59pf_resync()
60{
61	$pf_program -n -f "$pf_rules" $pf_flags || return 1
62	$pf_program -f "$pf_rules" $pf_flags
63}
64
65pf_status()
66{
67	if ! [ -c /dev/pf ] ; then
68		echo "pf.ko is not loaded"
69		return 1
70	else
71		$pf_program -s info
72		$pf_program -s Running >/dev/null
73	fi
74}
75
76run_rc_command "$1"
77