HardenedBSD/etc/rc.d/pfsync
Kristof Provost 2ca5f390c4 Allow more services to run in vnet jails
After some tests, here are the services that run into a vnet jail:
  - defaultroute
  - dhclient
  - ip6addrctl
  - natd
  - pf
  - pfsync
  - pflog (deamon runs, pflog0 interface usable, but /var/log/pflog not filled)
  - rarpd
  - route6d (do nothing anyway because obsolete)
  - routed (do nothing anyway because obsolete)
  - rtsold
  - static_arp
  - static_ndp

PR:		220530
Submitted by:	olivier@freebsd.org
2017-07-08 09:28:31 +00:00

50 lines
787 B
Bash
Executable File

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: pfsync
# REQUIRE: FILESYSTEMS netif
# KEYWORD: nojailvnet
. /etc/rc.subr
name="pfsync"
desc="Packet filter state table sychronisation interface"
rcvar="pfsync_enable"
start_precmd="pfsync_prestart"
start_cmd="pfsync_start"
stop_cmd="pfsync_stop"
required_modules="pf pfsync"
pfsync_prestart()
{
case "$pfsync_syncdev" in
'')
warn "pfsync_syncdev is not set."
return 1
;;
esac
return 0
}
pfsync_start()
{
local _syncpeer
echo "Enabling pfsync."
if [ -n "${pfsync_syncpeer}" ]; then
_syncpeer="syncpeer ${pfsync_syncpeer}"
fi
ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up
}
pfsync_stop()
{
echo "Disabling pfsync."
ifconfig pfsync0 -syncdev -syncpeer down
}
load_rc_config $name
run_rc_command "$1"