pf startup script

Max Laier max at love2party.net
Mon Mar 22 12:21:36 PST 2004 

On Monday 22 March 2004 21:14, Max Laier wrote:
> Okay, two positive replys so far hence I plan to commit it with a minor
> tweak to redirect "pfctl -Fa" output entirely to /dev/null. See attachment.
> Can somebody with more rcNG-fu look at this, please?

huh :-\ ... were did my script go? I'll try it again... 

-- 
Best regards,				| mlaier at freebsd.org
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier at EFnet
-------------- next part --------------
#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: pf
# REQUIRE: root beforenetlkm mountcritlocal netif
# BEFORE:  DAEMON LOGIN
# KEYWORD: FreeBSD nojail

. /etc/rc.subr

name="pf"
rcvar=`set_rcvar`
load_rc_config $name
stop_precmd="test -f ${pf_rules}"
start_precmd="pf_prestart"
start_cmd="pf_start"
stop_cmd="pf_stop"
reload_precmd="$stop_precmd"
reload_cmd="pf_reload"
resync_precmd="$stop_precmd"
resync_cmd="pf_resync"
status_precmd="$stop_precmd"
status_cmd="pf_status"
extra_commands="reload resync status"

pf_prestart()
{
	# load pf kernel module if needed
	if ! kldstat -v | grep -q pf\$; then
		if kldload pf; then
			info 'pf module loaded.'
		else
			err 1 'pf module failed to load.'
		fi
	fi

	# check for pf rules
	if [ ! -r "${pf_rules}" ]
	then
		warn 'pf: NO PF RULESET FOUND'
		return 1
	fi
}

pf_start()
{
	echo "Enabling pf."
	if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
		${pf_program:-/sbin/pfctl} -e
	fi
	${pf_program:-/sbin/pfctl} -Fa >/dev/null 2>&1
	if [ -r "${pf_rules}" ]; then
		${pf_program:-/sbin/pfctl} \
		    -f "${pf_rules}" ${pf_flags}
	fi
}

pf_stop()
{
	if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
		echo "Disabling pf."
		${pf_program:-/sbin/pfctl} -d
	fi
}

pf_reload()
{
	echo "Reloading pf rules."

	${pf_program:-/sbin/pfctl} -Fa >/dev/null 2>&1
	if [ -r "${pf_rules}" ]; then
		${pf_program:-/sbin/pfctl} \
		    -f "${pf_rules}" ${pf_flags}
	fi
}

pf_resync()
{
	# Don't resync if pf is not loaded
	if ! kldstat -v | grep -q pf\$ ; then
		 return
	fi
	${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
}

pf_status()
{
	${pf_program:-/sbin/pfctl} -si
}

run_rc_command "$1"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040322/bacf1574/attachment.bin

More information about the freebsd-current mailing list