Last change
on this file since 10441 was 10441, checked in by rick, 13 years ago |
The pf_flags are not always included causing the external definitions like
-Dif=foo not to be included, yielding false errors in the config files.
The needs to become an send-pr(1) patch, or otherwise reported (also not fixed
in CURRENT/HEAD yet).
|
-
Property svn:executable
set to
*
|
File size:
1.3 KB
|
Line | |
---|
1 | #!/bin/sh
|
---|
2 | #
|
---|
3 | # $FreeBSD: releng/9.0/etc/rc.d/pf 222007 2011-05-17 07:40:13Z hrs $
|
---|
4 | #
|
---|
5 |
|
---|
6 | # PROVIDE: pf
|
---|
7 | # REQUIRE: FILESYSTEMS netif pflog pfsync
|
---|
8 | # BEFORE: routing
|
---|
9 | # KEYWORD: nojail
|
---|
10 |
|
---|
11 | . /etc/rc.subr
|
---|
12 |
|
---|
13 | name="pf"
|
---|
14 | rcvar=`set_rcvar`
|
---|
15 | load_rc_config $name
|
---|
16 | start_cmd="pf_start"
|
---|
17 | stop_cmd="pf_stop"
|
---|
18 | check_cmd="pf_check"
|
---|
19 | reload_cmd="pf_reload"
|
---|
20 | resync_cmd="pf_resync"
|
---|
21 | status_cmd="pf_status"
|
---|
22 | extra_commands="check reload resync"
|
---|
23 | required_files="$pf_rules"
|
---|
24 | required_modules="pf"
|
---|
25 |
|
---|
26 | pf_start()
|
---|
27 | {
|
---|
28 | check_startmsgs && echo -n 'Enabling pf'
|
---|
29 | $pf_program -F all > /dev/null 2>&1
|
---|
30 | $pf_program -f "$pf_rules" $pf_flags
|
---|
31 | if ! $pf_program -s info | grep -q "Enabled" ; then
|
---|
32 | $pf_program -eq
|
---|
33 | fi
|
---|
34 | check_startmsgs && echo '.'
|
---|
35 | }
|
---|
36 |
|
---|
37 | pf_stop()
|
---|
38 | {
|
---|
39 | if $pf_program -s info | grep -q "Enabled" ; then
|
---|
40 | echo -n 'Disabling pf'
|
---|
41 | $pf_program -dq
|
---|
42 | echo '.'
|
---|
43 | fi
|
---|
44 | }
|
---|
45 |
|
---|
46 | pf_check()
|
---|
47 | {
|
---|
48 | echo "Checking pf rules."
|
---|
49 | $pf_program -n -f "$pf_rules" $pf_flags
|
---|
50 | }
|
---|
51 |
|
---|
52 | pf_reload()
|
---|
53 | {
|
---|
54 | echo "Reloading pf rules."
|
---|
55 | $pf_program -n -f "$pf_rules" $pf_flags || return 1
|
---|
56 | # Flush everything but existing state entries that way when
|
---|
57 | # rules are read in, it doesn't break established connections.
|
---|
58 | $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1
|
---|
59 | $pf_program -f "$pf_rules" $pf_flags
|
---|
60 | }
|
---|
61 |
|
---|
62 | pf_resync()
|
---|
63 | {
|
---|
64 | $pf_program -f "$pf_rules" $pf_flags
|
---|
65 | }
|
---|
66 |
|
---|
67 | pf_status()
|
---|
68 | {
|
---|
69 | $pf_program -s info
|
---|
70 | }
|
---|
71 |
|
---|
72 | run_rc_command "$1"
|
---|
Note:
See
TracBrowser
for help on using the repository browser.