From owner-freebsd-current@FreeBSD.ORG  Mon Mar 22 12:21:36 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 21E9616A4CE
	for <freebsd-current@freebsd.org>;
	Mon, 22 Mar 2004 12:21:36 -0800 (PST)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.187])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A69FB43D3F
	for <freebsd-current@freebsd.org>;
	Mon, 22 Mar 2004 12:21:35 -0800 (PST)
	(envelope-from max@love2party.net)
Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1B5VvS-0005Pa-00
	for freebsd-current@freebsd.org; Mon, 22 Mar 2004 21:21:34 +0100
Received: from [217.227.145.177] (helo=donor.laier.local)
	by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.35 #1)
	id 1B5VvS-0005U8-00
	for freebsd-current@freebsd.org; Mon, 22 Mar 2004 21:21:34 +0100
From: Max Laier <max@love2party.net>
To: freebsd-current@freebsd.org
Date: Mon, 22 Mar 2004 21:22:15 +0100
User-Agent: KMail/1.6.1
References: <024201c40eba$22912520$0201a8c0@idlewild.net>
	<047d01c40fb5$bbd67db0$0201a8c0@idlewild.net>
	<200403222114.36153.max@love2party.net>
In-Reply-To: <200403222114.36153.max@love2party.net>
MIME-Version: 1.0
Content-Type: multipart/signed;
  protocol="application/pgp-signature";
  micalg=pgp-sha1;
  boundary="Boundary-03=_3r0XA/9U7eJuk/t";
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200403222122.15373.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:e28873fbe4dbe612ce62ab869898ff08
Subject: Re: pf startup script
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2004 20:21:36 -0000


--Boundary-03=_3r0XA/9U7eJuk/t
Content-Type: multipart/mixed;
  boundary="Boundary-01=_3r0XAtaw1OLB39G"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--Boundary-01=_3r0XAtaw1OLB39G
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Monday 22 March 2004 21:14, Max Laier wrote:
> Okay, two positive replys so far hence I plan to commit it with a minor
> tweak to redirect "pfctl -Fa" output entirely to /dev/null. See attachmen=
t.
> Can somebody with more rcNG-fu look at this, please?

huh :-\ ... were did my script go? I'll try it again...=20

=2D-=20
Best regards,				| mlaier@freebsd.org
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier@EFnet

--Boundary-01=_3r0XAtaw1OLB39G
Content-Type: text/plain;
  charset="iso-8859-1";
  name="etc_rc.d_pf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="etc_rc.d_pf"

#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: pf
# REQUIRE: root beforenetlkm mountcritlocal netif
# BEFORE:  DAEMON LOGIN
# KEYWORD: FreeBSD nojail

. /etc/rc.subr

name="pf"
rcvar=`set_rcvar`
load_rc_config $name
stop_precmd="test -f ${pf_rules}"
start_precmd="pf_prestart"
start_cmd="pf_start"
stop_cmd="pf_stop"
reload_precmd="$stop_precmd"
reload_cmd="pf_reload"
resync_precmd="$stop_precmd"
resync_cmd="pf_resync"
status_precmd="$stop_precmd"
status_cmd="pf_status"
extra_commands="reload resync status"

pf_prestart()
{
	# load pf kernel module if needed
	if ! kldstat -v | grep -q pf\$; then
		if kldload pf; then
			info 'pf module loaded.'
		else
			err 1 'pf module failed to load.'
		fi
	fi

	# check for pf rules
	if [ ! -r "${pf_rules}" ]
	then
		warn 'pf: NO PF RULESET FOUND'
		return 1
	fi
}

pf_start()
{
	echo "Enabling pf."
	if ! ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
		${pf_program:-/sbin/pfctl} -e
	fi
	${pf_program:-/sbin/pfctl} -Fa >/dev/null 2>&1
	if [ -r "${pf_rules}" ]; then
		${pf_program:-/sbin/pfctl} \
		    -f "${pf_rules}" ${pf_flags}
	fi
}

pf_stop()
{
	if ${pf_program:-/sbin/pfctl} -si | grep -q "Enabled" ; then
		echo "Disabling pf."
		${pf_program:-/sbin/pfctl} -d
	fi
}

pf_reload()
{
	echo "Reloading pf rules."

	${pf_program:-/sbin/pfctl} -Fa >/dev/null 2>&1
	if [ -r "${pf_rules}" ]; then
		${pf_program:-/sbin/pfctl} \
		    -f "${pf_rules}" ${pf_flags}
	fi
}

pf_resync()
{
	# Don't resync if pf is not loaded
	if ! kldstat -v | grep -q pf\$ ; then
		 return
	fi
	${pf_program:-/sbin/pfctl} -f "${pf_rules}" ${pf_flags}
}

pf_status()
{
	${pf_program:-/sbin/pfctl} -si
}

run_rc_command "$1"

--Boundary-01=_3r0XAtaw1OLB39G--

--Boundary-03=_3r0XA/9U7eJuk/t
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQBAX0r3XyyEoT62BG0RAq1bAJ9uEP8GEmlBDpmmkn6NVlgHnJs4ZQCfWYG8
MeOhZsYT6Qv37DMMhrfkTzs=
=geXH
-----END PGP SIGNATURE-----

--Boundary-03=_3r0XA/9U7eJuk/t--