diff options
Diffstat (limited to 'init.d.BSD/pf.in')
| -rw-r--r-- | init.d.BSD/pf.in | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/init.d.BSD/pf.in b/init.d.BSD/pf.in new file mode 100644 index 0000000..daca82a --- /dev/null +++ b/init.d.BSD/pf.in @@ -0,0 +1,59 @@ +#!/sbin/runscript +# Copyright 2007-2008 Roy Marples <roy@marples.name> +# All rights reserved. Released under the 2-clause BSD license. + +name="Packet Filter" +pf_conf=${pf_conf:-${pf_rules:-/etc/pf.conf}} +required_files=${pf_conf} + +extra_commands="checkconfig showstatus" +extra_started_commands="reload" + +depend() { + need localmount + keyword nojail noprefix +} + +start() +{ + ebegin "Starting ${name}" + if type kldload >/dev/null 2>&1; then + kldload pf 2>/dev/null + fi + pfctl -q -F all + pfctl -q -f "${pf_conf}" ${pf_args} + pfctl -q -e + eend $? +} + +stop() +{ + ebegin "Stopping ${name}" + pfctl -q -d + eend $? +} + +checkconfig() +{ + ebegin "Checking ${name} configuration" + pfctl -n -f "${pf_conf}" + eend $? +} + +reload() +{ + ebegin "Reloading ${name} rules." + pfctl -q -n -f "${pf_conf}" && \ + { + # Flush everything but existing state entries that way when + # rules are read in, it doesn't break established connections. + pfctl -q -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp + pfctl -q -f "${pf_conf}" ${pf_args} + } + eend $? +} + +showstatus() +{ + pfctl -s info +} |