Date: Mon, 22 Mar 2004 21:22:15 +0100 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Subject: Re: pf startup script Message-ID: <200403222122.15373.max@love2party.net> In-Reply-To: <200403222114.36153.max@love2party.net> References: <024201c40eba$22912520$0201a8c0@idlewild.net> <047d01c40fb5$bbd67db0$0201a8c0@idlewild.net> <200403222114.36153.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-03=_3r0XA/9U7eJuk/t Content-Type: multipart/mixed; boundary="Boundary-01=_3r0XAtaw1OLB39G" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_3r0XAtaw1OLB39G Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 22 March 2004 21:14, Max Laier wrote: > Okay, two positive replys so far hence I plan to commit it with a minor > tweak to redirect "pfctl -Fa" output entirely to /dev/null. See attachmen= t. > Can somebody with more rcNG-fu look at this, please? huh :-\ ... were did my script go? I'll try it again...=20 =2D-=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --Boundary-01=_3r0XAtaw1OLB39G Content-Type: text/plain; charset="iso-8859-1"; name="etc_rc.d_pf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="etc_rc.d_pf" #!/bin/sh # # $FreeBSD$ # # PROVIDE: pf # REQUIRE: root beforenetlkm mountcritlocal netif # BEFORE: DAEMON LOGIN # KEYWORD: FreeBSD nojail . /etc/rc.subr name="pf" rcvar=`set_rcvar` load_rc_config $name stop_precmd="test -f ${pf_rules}" start_precmd="pf_prestart" start_cmd="pf_start" stop_cmd="pf_stop" reload_precmd="$stop_precmd" reload_cmd="pf_reload" resync_precmd="$stop_precmd" resync_cmd="pf_resync" status_precmd="$stop_precmd" status_cmd="pf_status" extra_commands="reload resync status" pf_prestart() { # load pf kernel module if needed if ! kldstat -v | grep -q pf\$; then if kldload pf; then info 'pf module loaded.' else err 1 'pf module failed to load.' fi fi # check for pf rules if [ ! -r "${pf_rules}" ] then warn 'pf: NO PF RULESET FOUND' return 1 fi } pf_start() { echo "Enabling pf." if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then ${pf_program:-/sbin/pfctl} -e fi ${pf_program:-/sbin/pfctl} -Fa >/dev/null 2>&1 if [ -r "${pf_rules}" ]; then ${pf_program:-/sbin/pfctl} \ -f "${pf_rules}" ${pf_flags} fi } pf_stop() { if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then echo "Disabling pf." ${pf_program:-/sbin/pfctl} -d fi } pf_reload() { echo "Reloading pf rules." ${pf_program:-/sbin/pfctl} -Fa >/dev/null 2>&1 if [ -r "${pf_rules}" ]; then ${pf_program:-/sbin/pfctl} \ -f "${pf_rules}" ${pf_flags} fi } pf_resync() { # Don't resync if pf is not loaded if ! kldstat -v | grep -q pf\$ ; then return fi ${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags} } pf_status() { ${pf_program:-/sbin/pfctl} -si } run_rc_command "$1" --Boundary-01=_3r0XAtaw1OLB39G-- --Boundary-03=_3r0XA/9U7eJuk/t Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAX0r3XyyEoT62BG0RAq1bAJ9uEP8GEmlBDpmmkn6NVlgHnJs4ZQCfWYG8 MeOhZsYT6Qv37DMMhrfkTzs= =geXH -----END PGP SIGNATURE----- --Boundary-03=_3r0XA/9U7eJuk/t--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403222122.15373.max>