#!/bin/sh
#
# $NetBSD: pf,v 1.10 2011/11/21 20:56:21 darcy Exp $
#

# PROVIDE: pf
# REQUIRE: root bootconf mountcritlocal tty network dhclient
# BEFORE: NETWORKING

$_rc_subr_loaded . /etc/rc.subr

name="pf"
rcvar=$name
start_precmd="pf_prestart"
start_cmd="pf_start"
stop_cmd="pf_stop"
reload_cmd="pf_reload"
status_cmd="pf_status"
extra_commands="reload status"

pf_prestart()
{
	if [ ! -f ${pf_rules} ]; then
		warn "${pf_rules} not readable; pf start aborted."

		stop_boot
		return 1
	fi
	return 0
}

pf_start()
{
	echo "Enabling pf firewall."

	# The pf_boot script has enabled pf already.
	if [ "$autoboot" != yes ]; then
		/sbin/pfctl -q ${pf_flags} -e 
	fi

	if [ -f ${pf_rules} ]; then
		/sbin/pfctl -q ${pf_flags} -f ${pf_rules}
	else
		warn "${pf_rules} not found; no pf rules loaded."
	fi
}

pf_stop()
{
	echo "Disabling pf firewall."
	/sbin/pfctl -q ${pf_flags} -Fa -d
}

pf_reload()
{
	echo "Reloading pf rules."
	if [ -f ${pf_rules} ]; then
		/sbin/pfctl -q ${pf_flags} -f ${pf_rules}
	else
		warn "${pf_rules} not found; no pf rules loaded."
	fi
}

pf_status()
{
	/sbin/pfctl ${pf_flags} -s info
}

load_rc_config $name
run_rc_command "$1"