141 lines
3.3 KiB
Bash
141 lines
3.3 KiB
Bash
#!/bin/sh
|
|
|
|
. /etc/rc.subr
|
|
|
|
# PROVIDE: pftab
|
|
# REQUIRE: FILESYSTEMS pf unbound
|
|
# BEFORE: NETWORKING
|
|
# KEYWORD: nojailvnet shutdown
|
|
|
|
name="pftab"
|
|
rcvar=pftab_enable
|
|
|
|
start_cmd="pftab_start"
|
|
stop_cmd="pftab_flush"
|
|
load_cmd="pftab_load"
|
|
flush_cmd="pftab_flush"
|
|
extra_commands="load flush"
|
|
|
|
load_rc_config $name
|
|
: ${pftab_enable:="NO"}
|
|
: ${pftab_file=/usr/local/etc/pftab}
|
|
: ${pftab_suffix=""}
|
|
|
|
pftab_command_flush() {
|
|
file="$1" ; anchor="$2$pftab_suffix" ; flags=$3
|
|
if ( echo -n $flags | grep -qi "noflush" ) ; then
|
|
info "Not flushing anchor $anchor with flag noflush."
|
|
else
|
|
info "Flushing anchor $anchor..."
|
|
pfctl -q -F all -a $anchor
|
|
fi
|
|
}
|
|
|
|
pftab_command_load() {
|
|
file="$1" ; anchor="$2$pftab_suffix" ; flags=$3
|
|
if ( pfctl -n -a $anchor -f "$file" ) ; then
|
|
if ( echo -n $flags | grep -qi "noflush" ) ; then
|
|
info "Loading anchor $anchor from file $file without flushing..."
|
|
pfctl -q -a $anchor -f "$file"
|
|
else
|
|
info "Loading anchor $anchor from file $file..."
|
|
pfctl -q -F all -a $anchor -f "$file"
|
|
fi
|
|
else
|
|
if ( echo -n $flags | grep -qi "nofail" ) ; then
|
|
warn "Error(s) while checking file $file with flag nofail."
|
|
else
|
|
err 1 "Error(s) while checking file $file."
|
|
fi
|
|
fi
|
|
}
|
|
|
|
pftab_command_start() {
|
|
file="$1" ; anchor=$2 ; flags=$3
|
|
if ( echo -n $flags | grep -qi "noauto" ) ; then
|
|
info "Not loading anchor $anchor with flag noauto"
|
|
else
|
|
pftab_command_load "$file" $anchor $flags
|
|
fi
|
|
}
|
|
|
|
pftab_process_command() {
|
|
cmd=$1 ; file="$2" ; anchor=$3 ; flags=$4
|
|
if ( [ $cmd != "flush" ] && [ ! -r "$file" ] ) ; then
|
|
if ( echo -n $flags | grep -qi "nofail" ) ; then
|
|
warn "File $file missing or not readable with flag nofail."
|
|
else
|
|
err 1 "File $file missing or not readable."
|
|
fi
|
|
else
|
|
case $cmd in
|
|
"load")
|
|
pftab_command_load "$file" $anchor $flags
|
|
;;
|
|
"flush")
|
|
pftab_command_flush "$file" $anchor $flags
|
|
;;
|
|
"start")
|
|
pftab_command_start "$file" $anchor $flags
|
|
;;
|
|
esac
|
|
fi
|
|
}
|
|
|
|
pftab_process_line() {
|
|
cmd=$1 ; sel="$2" ; file="$3" ; anchor=$4
|
|
if [ $# -gt 4 ] ; then
|
|
flags=$5
|
|
else
|
|
flags="defaults"
|
|
fi
|
|
if [ "$sel" = "all" ] ; then
|
|
pftab_process_command $cmd "$file" $anchor $flags
|
|
else
|
|
for x in $sel ; do
|
|
if [ $x = $anchor ] ; then
|
|
pftab_process_command $cmd "$file" $anchor $flags
|
|
break
|
|
fi
|
|
done
|
|
fi
|
|
}
|
|
|
|
pftab_process_file() {
|
|
cmd=$1 ; sel="$2"
|
|
while read line ; do
|
|
case "$line" in
|
|
''|\#*)
|
|
continue
|
|
;;
|
|
esac
|
|
pftab_process_line $cmd "$sel" $line
|
|
done < "$pftab_file"
|
|
}
|
|
|
|
pftab_start() {
|
|
if [ $# -gt 0 ] ; then
|
|
pftab_process_file start "$*"
|
|
else
|
|
pftab_process_file start all
|
|
fi
|
|
}
|
|
|
|
pftab_load() {
|
|
if [ $# -gt 0 ] ; then
|
|
pftab_process_file load "$*"
|
|
else
|
|
pftab_process_file load all
|
|
fi
|
|
}
|
|
|
|
pftab_flush() {
|
|
if [ $# -gt 0 ] ; then
|
|
pftab_process_file flush "$*"
|
|
else
|
|
pftab_process_file flush all
|
|
fi
|
|
}
|
|
|
|
run_rc_command "$@"
|