Cross Reference: /freebsd-11.0-release/etc/rc.d/ipfilter

Deleted Added

sdiff udiff text old ( 78345 ) new ( 98184 )

full compact

ipfilter (78345)	ipfilter (98184)
1#!/bin/sh 2#	1#!/bin/sh 2#
3# $NetBSD: ipfilter,v 1.8 2000/10/01 05:58:06 lukem Exp $	3# $NetBSD: ipfilter,v 1.10 2001/02/28 17:03:50 lukem Exp $ 4# $FreeBSD: head/etc/rc.d/ipfilter 98184 2002-06-13 22:14:37Z gordon $
4# 5 6# PROVIDE: ipfilter 7# REQUIRE: root beforenetlkm mountcritlocal tty	5# 6 7# PROVIDE: ipfilter 8# REQUIRE: root beforenetlkm mountcritlocal tty
	9# KEYWORD: FreeBSD NetBSD
8 9. /etc/rc.subr 10 11name="ipfilter"	10 11. /etc/rc.subr 12 13name="ipfilter"
12rcvar=$name	14rcvar=`set_rcvar` 15load_rc_config $name 16 17case `${CMD_OSTYPE}` in 18FreeBSD) 19 stop_precmd="test -f ${ipfilter_rules}" 20 ;; 21NetBSD) 22 stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf" 23 ;; 24esac 25
13start_precmd="ipfilter_prestart" 14start_cmd="ipfilter_start"	26start_precmd="ipfilter_prestart" 27start_cmd="ipfilter_start"
15stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
16stop_cmd="ipfilter_stop" 17reload_precmd="$stop_precmd" 18reload_cmd="ipfilter_reload"	28stop_cmd="ipfilter_stop" 29reload_precmd="$stop_precmd" 30reload_cmd="ipfilter_reload"
	31resync_precmd="$stop_precmd" 32resync_cmd="ipfilter_resync"
19status_precmd="$stop_precmd" 20status_cmd="ipfilter_status"	33status_precmd="$stop_precmd" 34status_cmd="ipfilter_status"
21extra_commands="reload status"	35extra_commands="reload resync status"
22 23ipfilter_prestart() 24{	36 37ipfilter_prestart() 38{
	39case `${CMD_OSTYPE}` in 40FreeBSD) 41 # load ipfilter kernel module if needed 42 if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then 43 if kldload ipl ; then 44 echo 'IP-filter module loaded.' 45 else 46 warn 'IP-filter module failed to load.' 47 return 1 48 fi 49 fi 50 51 # check for ipfilter rules 52 if [ ! -r "${ipfilter_rules}" ]; then 53 warn 'IP-filter: NO IPF RULES' 54 return 1 55 fi 56 ;; 57NetBSD)
25 if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then 26 warn "/etc/ipf*.conf not readable; ipfilter start aborted." 27 # 28 # If booting directly to multiuser, send SIGTERM to 29 # the parent (/etc/rc) to abort the boot 30 # 31 if [ "$autoboot" = yes ]; then 32 echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" 33 kill -TERM $$ 34 exit 1 35 fi 36 return 1 37 fi	58 if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then 59 warn "/etc/ipf*.conf not readable; ipfilter start aborted." 60 # 61 # If booting directly to multiuser, send SIGTERM to 62 # the parent (/etc/rc) to abort the boot 63 # 64 if [ "$autoboot" = yes ]; then 65 echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" 66 kill -TERM $$ 67 exit 1 68 fi 69 return 1 70 fi
	71 ;; 72esac
38 return 0 39} 40 41ipfilter_start() 42{ 43 echo "Enabling ipfilter."	73 return 0 74} 75 76ipfilter_start() 77{ 78 echo "Enabling ipfilter."
44 /sbin/ipf -E -Fa 45 if [ -f /etc/ipf.conf ]; then 46 /sbin/ipf -f /etc/ipf.conf 47 fi 48 if [ -f /etc/ipf6.conf ]; then 49 /sbin/ipf -6 -f /etc/ipf6.conf 50 fi	79 case `${CMD_OSTYPE}` in 80 FreeBSD) 81 ${ipfilter_program:-/sbin/ipf} -Fa -f \ 82 "${ipfilter_rules}" ${ipfilter_flags} 83 ;; 84 NetBSD) 85 /sbin/ipf -E -Fa 86 if [ -f /etc/ipf.conf ]; then 87 /sbin/ipf -f /etc/ipf.conf 88 fi 89 if [ -f /etc/ipf6.conf ]; then 90 /sbin/ipf -6 -f /etc/ipf6.conf 91 fi 92 ;; 93 esac
51} 52 53ipfilter_stop() 54{	94} 95 96ipfilter_stop() 97{
	98 case `${CMD_OSTYPE}` in 99 FreeBSD) 100 echo "Saving firewall state tables" 101 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 102 ;; 103 NetBSD) 104 ;; 105 esac 106 # XXX - The following command is not effective for 'lkm's
55 echo "Disabling ipfilter." 56 /sbin/ipf -D 57} 58 59ipfilter_reload() 60{ 61 echo "Reloading ipfilter rules." 62	107 echo "Disabling ipfilter." 108 /sbin/ipf -D 109} 110 111ipfilter_reload() 112{ 113 echo "Reloading ipfilter rules." 114
63 /sbin/ipf -I -Fa 64 if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then 65 err 1 "reload of ipf.conf failed; not swapping to new ruleset." 66 fi 67 if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then 68 err 1 "reload of ipf6.conf failed; not swapping to new ruleset." 69 fi 70 /sbin/ipf -s	115 case `${CMD_OSTYPE}` in 116 FreeBSD) 117 ${ipfilter_program:-/sbin/ipf} -I -Fa -f \ 118 "${ipfilter_rules}" ${ipfilter_flags} 119 ;; 120 NetBSD) 121 /sbin/ipf -I -Fa 122 if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then 123 err 1 "reload of ipf.conf failed; not swapping to" \ 124 " new ruleset." 125 fi 126 if [ -f /etc/ipf6.conf ] && \ 127 ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then 128 err 1 "reload of ipf6.conf failed; not swapping to" \ 129 " new ruleset." 130 fi 131 /sbin/ipf -s 132 ;; 133 esac 134
71} 72	135} 136
	137ipfilter_resync() 138{ 139 case `${CMD_OSTYPE}` in 140 FreeBSD) 141 # Don't resync if ipfilter is not loaded 142 [ sysctl net.inet.ipf.fr_pass > /dev/null 2>&1 ] && return 143 ;; 144 esac 145 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 146} 147
73ipfilter_status() 74{	148ipfilter_status() 149{
75 /sbin/ipf -V	150 ${ipfilter_program:-/sbin/ipf} -V
76} 77	151} 152
78load_rc_config $name
79run_rc_command "$1"	153run_rc_command "$1"