path: root/etc/rc.d/pf

#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: pf
# REQUIRE: FILESYSTEMS netif pflog pfsync
# BEFORE:  routing
# KEYWORD: nojail

. /etc/rc.subr

name="pf"
rcvar="pf_enable"
load_rc_config $name
start_cmd="pf_start"
stop_cmd="pf_stop"
check_cmd="pf_check"
reload_cmd="pf_reload"
resync_cmd="pf_resync"
status_cmd="pf_status"
extra_commands="check reload resync"
required_files="$pf_rules"
required_modules="pf"

pf_start()
{
	check_startmsgs && echo -n 'Enabling pf'
	$pf_program -F all > /dev/null 2>&1
	$pf_program -f "$pf_rules" $pf_flags
	if ! $pf_program -s info | grep -q "Enabled" ; then
		$pf_program -eq
	fi
	check_startmsgs && echo '.'
}

pf_stop()
{
	if $pf_program -s info | grep -q "Enabled" ; then
		echo -n 'Disabling pf'
		$pf_program -dq
		echo '.'
	fi
}

pf_check()
{
	echo "Checking pf rules."
	$pf_program -n -f "$pf_rules"
}

pf_reload()
{
	echo "Reloading pf rules."
	$pf_program -n -f "$pf_rules" || return 1
	# Flush everything but existing state entries that way when
	# rules are read in, it doesn't break established connections.
	$pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1
	$pf_program -f "$pf_rules" $pf_flags
}

pf_resync()
{
	$pf_program -f "$pf_rules" $pf_flags
}

pf_status()
{
	$pf_program -s info
}

run_rc_command "$1"