blob: 0b4c086db22b9c36ce916388fdf56f23ac5c64b6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
#!/bin/sh
#
#
# PROVIDE: pf
# REQUIRE: FILESYSTEMS netif pflog pfsync routing
# KEYWORD: nojailvnet
. /etc/rc.subr
name="pf"
desc="Packet filter"
rcvar="pf_enable"
load_rc_config $name
start_cmd="pf_start"
stop_cmd="pf_stop"
check_cmd="pf_check"
reload_cmd="pf_reload"
resync_cmd="pf_resync"
status_cmd="pf_status"
extra_commands="check reload resync"
required_files="$pf_rules"
required_modules="pf"
# doesn't make sense to run in a svcj: config setting
pf_svcj="NO"
pf_fallback()
{
warn "Unable to load $pf_rules."
if ! checkyesno pf_fallback_rules_enable; then
return
fi
if [ -f $pf_fallback_rules_file ]; then
warn "Loading fallback rules file: $pf_fallback_rules_file"
$pf_program -f "$pf_fallback_rules_file" $pf_flags
else
warn "Loading fallback rules: $pf_fallback_rules"
echo $pf_fallback_rules | $pf_program -f - $pf_flags
fi
}
pf_start()
{
startmsg -n 'Enabling pf'
$pf_program -F all > /dev/null 2>&1
$pf_program -f "$pf_rules" $pf_flags || pf_fallback
if ! $pf_program -s info | grep -q "Enabled" ; then
$pf_program -eq
fi
startmsg '.'
}
pf_stop()
{
if $pf_program -s info | grep -q "Enabled" ; then
echo -n 'Disabling pf'
$pf_program -dq
echo '.'
fi
}
pf_check()
{
echo "Checking pf rules."
$pf_program -n -f "$pf_rules" $pf_flags
}
pf_reload()
{
echo "Reloading pf rules."
pf_resync
}
pf_resync()
{
$pf_program -n -f "$pf_rules" $pf_flags || return 1
$pf_program -f "$pf_rules" $pf_flags
}
pf_status()
{
if ! [ -c /dev/pf ] ; then
echo "pf.ko is not loaded"
return 1
else
$pf_program -s info
$pf_program -s Running >/dev/null
fi
}
run_rc_command "$1"
|
