First version.

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) year copyright holder. All Rights Reserved.
+Copyright (c) 2022 Roz K. All Rights Reserved.
 
 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 

README.md

@@ -1,4 +1,7 @@
 # pftab
 
-pf anchors manager for FreeBSD inspired by fstab.
-https://blog.rozk.net/pf/
+pf anchors manager for FreeBSD inspired by fstab.
+
+## Installation, configuration and usage
+
+See https://blog.rozk.net/pf/

pftab

@@ -0,0 +1,140 @@
+#!/bin/sh
+
+. /etc/rc.subr
+
+# PROVIDE: pftab
+# REQUIRE: FILESYSTEMS pf unbound
+# BEFORE:  NETWORKING
+# KEYWORD: nojailvnet shutdown
+
+name="pftab"
+rcvar=pftab_enable
+
+start_cmd="pftab_start"
+stop_cmd="pftab_flush"
+load_cmd="pftab_load"
+flush_cmd="pftab_flush"
+extra_commands="load flush"
+
+load_rc_config $name
+: ${pftab_enable:="NO"}
+: ${pftab_file=/usr/local/etc/pftab}
+: ${pftab_suffix=""}
+
+pftab_command_flush() {
+    file="$1" ; anchor="$2$pftab_suffix" ; flags=$3
+    if ( echo -n $flags | grep -qi "noflush" ) ; then
+        info "Not flushing anchor $anchor with flag noflush."
+    else
+        info "Flushing anchor $anchor..."
+	pfctl -q -F all -a $anchor
+    fi
+}
+
+pftab_command_load() {
+    file="$1" ; anchor="$2$pftab_suffix" ; flags=$3
+    if ( pfctl -n -a $anchor -f "$file" ) ; then
+        if ( echo -n $flags | grep -qi "noflush" ) ; then
+            info "Loading anchor $anchor from file $file without flushing..."
+            pfctl -q -a $anchor -f "$file"
+        else
+            info "Loading anchor $anchor from file $file..."
+            pfctl -q -F all -a $anchor -f "$file"
+        fi
+    else
+        if ( echo -n $flags | grep -qi "nofail" ) ; then
+            warn "Error(s) while checking file $file with flag nofail."
+        else
+            err 1 "Error(s) while checking file $file."
+        fi
+    fi
+}
+
+pftab_command_start() {
+    file="$1" ; anchor=$2 ; flags=$3
+    if ( echo -n $flags | grep -qi "noauto" ) ; then
+        info "Not loading anchor $anchor with flag noauto"
+    else
+	pftab_command_load "$file" $anchor $flags
+    fi
+}
+
+pftab_process_command() {
+    cmd=$1 ; file="$2" ; anchor=$3 ; flags=$4
+    if ( [ $cmd != "flush" ] && [ ! -r "$file" ] ) ; then
+        if ( echo -n $flags | grep -qi "nofail" ) ; then
+            warn "File $file missing or not readable with flag nofail."
+        else
+            err 1 "File $file missing or not readable."
+        fi
+    else
+        case $cmd in
+        "load")
+            pftab_command_load  "$file" $anchor $flags
+            ;;
+        "flush")
+            pftab_command_flush "$file" $anchor $flags
+            ;;
+        "start")
+            pftab_command_start "$file" $anchor $flags
+            ;;
+        esac
+    fi
+}
+
+pftab_process_line() {
+    cmd=$1 ; sel="$2" ; file="$3" ; anchor=$4
+    if [ $# -gt 4 ] ; then
+        flags=$5
+    else
+        flags="defaults"
+    fi
+    if [ "$sel" = "all" ] ; then
+        pftab_process_command $cmd "$file" $anchor $flags
+    else
+        for x in $sel ; do
+            if [ $x = $anchor ] ; then
+                pftab_process_command $cmd "$file" $anchor $flags
+                break
+            fi
+        done
+    fi
+}
+
+pftab_process_file() {
+    cmd=$1 ; sel="$2"
+    while read line ; do
+        case "$line" in
+        ''|\#*)
+            continue
+            ;;
+        esac
+        pftab_process_line $cmd "$sel" $line
+    done < "$pftab_file"
+}
+
+pftab_start() {
+    if [ $# -gt 0 ] ; then
+        pftab_process_file start "$*"
+    else
+        pftab_process_file start all
+    fi
+}
+
+pftab_load() {
+    if [ $# -gt 0 ] ; then
+        pftab_process_file load "$*"
+    else
+        pftab_process_file load all
+    fi
+}
+
+pftab_flush() {
+    if [ $# -gt 0 ] ; then
+        pftab_process_file flush "$*"
+    else
+        pftab_process_file flush all
+    fi
+}
+
+run_rc_command "$@"