diff options
author | Roy Marples <roy@marples.name> | 2008-01-15 14:18:26 +0000 |
---|---|---|
committer | Roy Marples <roy@marples.name> | 2008-01-15 14:18:26 +0000 |
commit | aa0399e22b1c3e8eebdd05a5339039496123aa61 (patch) | |
tree | d05977dbd5d0b970031c141d8be6d2fb40456bb8 | |
parent | 18da799040f6d736208065ee53f4d88eaf23733d (diff) |
Add a pf init script.
-rw-r--r-- | init.d.BSD/pf | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/init.d.BSD/pf b/init.d.BSD/pf new file mode 100644 index 00000000..bf2ac1a6 --- /dev/null +++ b/init.d.BSD/pf @@ -0,0 +1,58 @@ +#!/sbin/runscript +# Copyright 2007-2008 Roy Marples <roy@marples.name> +# All rights reserved. Released under the 2-clause BSD license. + +name="Packet Filter" +pf_conf=${pf_conf:-${pf_rules:-/etc/pf.conf}} +required_files=${pf_conf} + +extra_commands="checkconfig showstatus" +extra_started_commands="reload" + +depend() { + need localmount +} + +start() +{ + ebegin "Starting ${name}" + if type kldload >/dev/null 2>&1; then + kldload pf 2>/dev/null + fi + pfctl -q -F all + pfctl -q -f "${pf_conf}" ${pf_args} + pfctl -q -e + eend $? +} + +stop() +{ + ebegin "Stopping ${name}" + pfctl -q -d + eend $? +} + +checkconfig() +{ + ebegin "Checking ${name} configuration" + pfctl -n -f "${pf_conf}" + eend $? +} + +reload() +{ + ebegin "Reloading ${name} rules." + pfctl -q -n -f "${pf_conf}" && \ + { + # Flush everything but existing state entries that way when + # rules are read in, it doesn't break established connections. + pfctl -q -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp + pfctl -q -f "${pf_conf}" ${pf_args} + } + eend $? +} + +showstatus() +{ + pfctl -s info +} |