#!/bin/sh # # $NetBSD: pf,v 1.6 2005/08/23 12:12:56 peter Exp $ # # PROVIDE: pf # REQUIRE: root beforenetlkm mountcritlocal tty network dhclient # BEFORE: NETWORKING $_rc_subr_loaded . /etc/rc.subr name="pf" rcvar=$name start_precmd="pf_prestart" start_cmd="pf_start" stop_cmd="pf_stop" reload_cmd="pf_reload" status_cmd="pf_status" extra_commands="reload status" pf_prestart() { if [ ! -f ${pf_rules} ]; then warn "${pf_rules} not readable; pf start aborted." # If booting directly to multiuser, send SIGTERM to # the parent (/etc/rc) to abort the boot if [ "$autoboot" = yes ]; then echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" kill -TERM $$ exit 1 fi return 1 fi return 0 } pf_start() { echo "Enabling pf firewall." # The pf_boot script has enabled pf already. if [ "$autoboot" != yes ]; then /sbin/pfctl -q -e fi if [ -f ${pf_rules} ]; then /sbin/pfctl -q -f ${pf_rules} else warn "${pf_rules} not found; no pf rules loaded." fi } pf_stop() { echo "Disabling pf firewall." /sbin/pfctl -q -Fa -d } pf_reload() { echo "Reloading pf rules." if [ -f ${pf_rules} ]; then /sbin/pfctl -q -f ${pf_rules} else warn "${pf_rules} not found; no pf rules loaded." fi } pf_status() { /sbin/pfctl -s info } load_rc_config $name run_rc_command "$1"