1 files changed, 94 insertions, 0 deletions

diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf
new file mode 100755
index 000000000000..46fb085e5175
--- /dev/null
+++ b/libexec/rc/rc.d/pf
@@ -0,0 +1,94 @@
+#!/bin/sh
+#
+#
+
+# PROVIDE: pf
+# REQUIRE: FILESYSTEMS netif pflog pfsync routing
+# KEYWORD: nojailvnet
+
+. /etc/rc.subr
+
+name="pf"
+desc="Packet filter"
+rcvar="pf_enable"
+load_rc_config $name
+start_cmd="pf_start"
+stop_cmd="pf_stop"
+check_cmd="pf_check"
+reload_cmd="pf_reload"
+resync_cmd="pf_resync"
+status_cmd="pf_status"
+extra_commands="check reload resync"
+required_files="$pf_rules"
+required_modules="pf"
+
+# doesn't make sense to run in a svcj: config setting
+pf_svcj="NO"
+
+pf_fallback()
+{
+	warn "Unable to load $pf_rules."
+
+	if ! checkyesno pf_fallback_rules_enable; then
+		return
+	fi
+
+	if [ -f $pf_fallback_rules_file ]; then
+		warn "Loading fallback rules file: $pf_fallback_rules_file"
+		$pf_program -f "$pf_fallback_rules_file" $pf_flags
+	else
+		warn "Loading fallback rules: $pf_fallback_rules"
+		echo "$pf_fallback_rules" | $pf_program -f - $pf_flags
+	fi
+}
+
+pf_start()
+{
+	startmsg -n 'Enabling pf'
+	$pf_program -F all > /dev/null 2>&1
+	$pf_program -f "$pf_rules" $pf_flags || pf_fallback
+	if ! $pf_program -s info | grep -q "Enabled" ; then
+		$pf_program -eq
+	fi
+	startmsg '.'
+}
+
+pf_stop()
+{
+	if $pf_program -s info | grep -q "Enabled" ; then
+		echo -n 'Disabling pf'
+		$pf_program -dq
+		echo '.'
+	fi
+}
+
+pf_check()
+{
+	echo "Checking pf rules."
+	$pf_program -n -f "$pf_rules" $pf_flags
+}
+
+pf_reload()
+{
+	echo "Reloading pf rules."
+	pf_resync
+}
+
+pf_resync()
+{
+	$pf_program -n -f "$pf_rules" $pf_flags || return 1
+	$pf_program -f "$pf_rules" $pf_flags
+}
+
+pf_status()
+{
+	if ! [ -c /dev/pf ] ; then
+		echo "pf.ko is not loaded"
+		return 1
+	else
+		$pf_program -s info
+		$pf_program -s Running >/dev/null
+	fi
+}
+
+run_rc_command "$1"