From aa0399e22b1c3e8eebdd05a5339039496123aa61 Mon Sep 17 00:00:00 2001
From: Roy Marples <roy@marples.name>
Date: Tue, 15 Jan 2008 14:18:26 +0000
Subject: [PATCH] Add a pf init script.

---
 init.d.BSD/pf | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 init.d.BSD/pf

diff --git a/init.d.BSD/pf b/init.d.BSD/pf
new file mode 100644
index 00000000..bf2ac1a6
--- /dev/null
+++ b/init.d.BSD/pf
@@ -0,0 +1,58 @@
+#!/sbin/runscript
+# Copyright 2007-2008 Roy Marples <roy@marples.name>
+# All rights reserved. Released under the 2-clause BSD license.
+
+name="Packet Filter"
+pf_conf=${pf_conf:-${pf_rules:-/etc/pf.conf}}
+required_files=${pf_conf}
+
+extra_commands="checkconfig showstatus"
+extra_started_commands="reload"
+
+depend() {
+	need localmount
+}
+
+start()
+{
+	ebegin "Starting ${name}"
+	if type kldload >/dev/null 2>&1; then
+		kldload pf 2>/dev/null
+	fi
+	pfctl -q -F all
+	pfctl -q -f "${pf_conf}" ${pf_args}
+	pfctl -q -e
+	eend $?
+}
+
+stop()
+{
+	ebegin "Stopping ${name}"
+	pfctl -q -d
+	eend $?
+}
+
+checkconfig()
+{
+	ebegin "Checking ${name} configuration"
+	pfctl -n -f "${pf_conf}"
+	eend $?
+}
+
+reload()
+{
+	ebegin "Reloading ${name} rules."
+	pfctl -q -n -f "${pf_conf}" && \
+	{ 
+		# Flush everything but existing state entries that way when
+		# rules are read in, it doesn't break established connections.
+		pfctl -q -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp
+		pfctl -q -f "${pf_conf}" ${pf_args}
+	}
+	eend $?
+}
+
+showstatus()
+{
+	pfctl -s info
+}