From 55eb3794fb4ad563102d5ab30c1d5337a599b2e5 Mon Sep 17 00:00:00 2001
From: Roy Marples <roy@marples.name>
Date: Tue, 25 Mar 2008 14:06:05 +0000
Subject: Rework our folder structure so that we don't have OS specific dirs,
 making it easier to share init and conf files per OS.

---
 init.d/pf.in | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 init.d/pf.in

(limited to 'init.d/pf.in')

diff --git a/init.d/pf.in b/init.d/pf.in
new file mode 100644
index 00000000..fa55ea48
--- /dev/null
+++ b/init.d/pf.in
@@ -0,0 +1,59 @@
+#!@PREFIX@/sbin/runscript
+# Copyright 2007-2008 Roy Marples <roy@marples.name>
+# All rights reserved. Released under the 2-clause BSD license.
+
+name="Packet Filter"
+pf_conf=${pf_conf:-${pf_rules:-/etc/pf.conf}}
+required_files=${pf_conf}
+
+extra_commands="checkconfig showstatus"
+extra_started_commands="reload"
+
+depend() {
+	need localmount
+	keyword nojail noprefix
+}
+
+start()
+{
+	ebegin "Starting ${name}"
+	if type kldload >/dev/null 2>&1; then
+		kldload pf 2>/dev/null
+	fi
+	pfctl -q -F all
+	pfctl -q -f "${pf_conf}" ${pf_args}
+	pfctl -q -e
+	eend $?
+}
+
+stop()
+{
+	ebegin "Stopping ${name}"
+	pfctl -q -d
+	eend $?
+}
+
+checkconfig()
+{
+	ebegin "Checking ${name} configuration"
+	pfctl -n -f "${pf_conf}"
+	eend $?
+}
+
+reload()
+{
+	ebegin "Reloading ${name} rules."
+	pfctl -q -n -f "${pf_conf}" && \
+	{ 
+		# Flush everything but existing state entries that way when
+		# rules are read in, it doesn't break established connections.
+		pfctl -q -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp
+		pfctl -q -f "${pf_conf}" ${pf_args}
+	}
+	eend $?
+}
+
+showstatus()
+{
+	pfctl -s info
+}
-- 
cgit v1.2.3