1203955Srdivacky#!/bin/sh 2203955Srdivacky# 3203955Srdivacky# $FreeBSD$ 4203955Srdivacky# 5203955Srdivacky 6203955Srdivacky# PROVIDE: ipfilter 7203955Srdivacky# REQUIRE: FILESYSTEMS 8203955Srdivacky# KEYWORD: nojail 9203955Srdivacky 10203955Srdivacky. /etc/rc.subr 11203955Srdivacky 12203955Srdivackyname="ipfilter" 13203955Srdivackyrcvar="ipfilter_enable" 14203955Srdivackyload_rc_config $name 15203955Srdivackystop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" 16249423Sdim 17249423Sdimstart_precmd="$stop_precmd" 18239462Sdimstart_cmd="ipfilter_start" 19203955Srdivackystop_cmd="ipfilter_stop" 20239462Sdimreload_precmd="$stop_precmd" 21203955Srdivackyreload_cmd="ipfilter_reload" 22203955Srdivackyresync_precmd="$stop_precmd" 23203955Srdivackyresync_cmd="ipfilter_resync" 24203955Srdivackystatus_precmd="$stop_precmd" 25208600Srdivackystatus_cmd="ipfilter_status" 26208600Srdivackyextra_commands="reload resync" 27208600Srdivackyrequired_modules="ipl:ipfilter" 28208600Srdivacky 29208600Srdivackyipfilter_start() 30203955Srdivacky{ 31208600Srdivacky echo "Enabling ipfilter." 32208600Srdivacky if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 33203955Srdivacky ${ipfilter_program:-/sbin/ipf} -E 34218893Sdim fi 35218893Sdim ${ipfilter_program:-/sbin/ipf} -Fa 36203955Srdivacky if [ -r "${ipfilter_rules}" ]; then 37203955Srdivacky ${ipfilter_program:-/sbin/ipf} \ 38218893Sdim -f "${ipfilter_rules}" ${ipfilter_flags} 39218893Sdim fi 40218893Sdim if [ -r "${ipv6_ipfilter_rules}" ]; then 41203955Srdivacky ${ipfilter_program:-/sbin/ipf} -6 \ 42203955Srdivacky -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 43218893Sdim fi 44218893Sdim} 45218893Sdim 46218893Sdimipfilter_stop() 47218893Sdim{ 48218893Sdim if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 49221345Sdim echo "Saving firewall state tables" 50221345Sdim ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 51221345Sdim echo "Disabling ipfilter." 52221345Sdim ${ipfilter_program:-/sbin/ipf} -D 53221345Sdim fi 54218893Sdim} 55218893Sdim 56218893Sdimipfilter_reload() 57218893Sdim{ 58218893Sdim echo "Reloading ipfilter rules." 59218893Sdim 60218893Sdim ${ipfilter_program:-/sbin/ipf} -I -Fa 61208600Srdivacky if [ -r "${ipfilter_rules}" ]; then 62223017Sdim ${ipfilter_program:-/sbin/ipf} -I \ 63223017Sdim -f "${ipfilter_rules}" ${ipfilter_flags} 64223017Sdim if [ $? -ne 0 ]; then 65223017Sdim err 1 'Load of rules into alternate set failed; aborting reload' 66223017Sdim fi 67208600Srdivacky fi 68203955Srdivacky ${ipfilter_program:-/sbin/ipf} -I -6 -Fa 69203955Srdivacky if [ -r "${ipv6_ipfilter_rules}" ]; then 70203955Srdivacky ${ipfilter_program:-/sbin/ipf} -I -6 \ 71203955Srdivacky -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 72203955Srdivacky if [ $? -ne 0 ]; then 73203955Srdivacky err 1 'Load of IPv6 rules into alternate set failed; aborting reload' 74208600Srdivacky fi 75203955Srdivacky fi 76203955Srdivacky ${ipfilter_program:-/sbin/ipf} -s 77203955Srdivacky 78208600Srdivacky} 79203955Srdivacky 80203955Srdivackyipfilter_resync() 81203955Srdivacky{ 82203955Srdivacky ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 83203955Srdivacky} 84203955Srdivacky 85203955Srdivackyipfilter_status() 86203955Srdivacky{ 87203955Srdivacky ${ipfilter_program:-/sbin/ipf} -V 88203955Srdivacky} 89203955Srdivacky 90203955Srdivackyrun_rc_command "$1" 91203955Srdivacky