diff options
| author | Roy Marples <roy@marples.name> | 2008-03-25 14:06:05 +0000 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2008-03-25 14:06:05 +0000 |
| commit | 55eb3794fb4ad563102d5ab30c1d5337a599b2e5 (patch) | |
| tree | 0d052faeb050c1e18ba56f6f6189bff3ffca28c9 /init.d/pf.in | |
| parent | 08aff6ef44ac5dc438d916b53aa61385f6d299f3 (diff) | |
| download | openrc-55eb3794fb4ad563102d5ab30c1d5337a599b2e5.tar.gz openrc-55eb3794fb4ad563102d5ab30c1d5337a599b2e5.tar.bz2 openrc-55eb3794fb4ad563102d5ab30c1d5337a599b2e5.tar.xz | |
Rework our folder structure so that we don't have OS specific dirs, making it easier to share init and conf files per OS.
Diffstat (limited to 'init.d/pf.in')
| -rw-r--r-- | init.d/pf.in | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/init.d/pf.in b/init.d/pf.in new file mode 100644 index 0000000..fa55ea4 --- /dev/null +++ b/init.d/pf.in @@ -0,0 +1,59 @@ +#!@PREFIX@/sbin/runscript +# Copyright 2007-2008 Roy Marples <roy@marples.name> +# All rights reserved. Released under the 2-clause BSD license. + +name="Packet Filter" +pf_conf=${pf_conf:-${pf_rules:-/etc/pf.conf}} +required_files=${pf_conf} + +extra_commands="checkconfig showstatus" +extra_started_commands="reload" + +depend() { + need localmount + keyword nojail noprefix +} + +start() +{ + ebegin "Starting ${name}" + if type kldload >/dev/null 2>&1; then + kldload pf 2>/dev/null + fi + pfctl -q -F all + pfctl -q -f "${pf_conf}" ${pf_args} + pfctl -q -e + eend $? +} + +stop() +{ + ebegin "Stopping ${name}" + pfctl -q -d + eend $? +} + +checkconfig() +{ + ebegin "Checking ${name} configuration" + pfctl -n -f "${pf_conf}" + eend $? +} + +reload() +{ + ebegin "Reloading ${name} rules." + pfctl -q -n -f "${pf_conf}" && \ + { + # Flush everything but existing state entries that way when + # rules are read in, it doesn't break established connections. + pfctl -q -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp + pfctl -q -f "${pf_conf}" ${pf_args} + } + eend $? +} + +showstatus() +{ + pfctl -s info +} |