178344Sobrien#!/bin/sh 278344Sobrien# 398184Sgordon# $FreeBSD$ 478344Sobrien# 578344Sobrien 678344Sobrien# PROVIDE: ipfilter 7168531Sdes# REQUIRE: FILESYSTEMS 8136224Smtm# KEYWORD: nojail 978344Sobrien 1078344Sobrien. /etc/rc.subr 1178344Sobrien 1278344Sobrienname="ipfilter" 13230099Sdougbrcvar="ipfilter_enable" 1498184Sgordonload_rc_config $name 15124618Smtmstop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" 1698184Sgordon 17165683Syarstart_precmd="$stop_precmd" 1878344Sobrienstart_cmd="ipfilter_start" 1978344Sobrienstop_cmd="ipfilter_stop" 2078344Sobrienreload_precmd="$stop_precmd" 2178344Sobrienreload_cmd="ipfilter_reload" 2298184Sgordonresync_precmd="$stop_precmd" 2398184Sgordonresync_cmd="ipfilter_resync" 2478344Sobrienstatus_precmd="$stop_precmd" 2578344Sobrienstatus_cmd="ipfilter_status" 26222007Shrsextra_commands="reload resync" 27165683Syarrequired_modules="ipl:ipfilter" 2878344Sobrien 2978344Sobrienipfilter_start() 3078344Sobrien{ 3178344Sobrien echo "Enabling ipfilter." 32255450Scy if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 33124618Smtm ${ipfilter_program:-/sbin/ipf} -E 34124618Smtm fi 35124618Smtm ${ipfilter_program:-/sbin/ipf} -Fa 36124618Smtm if [ -r "${ipfilter_rules}" ]; then 37124618Smtm ${ipfilter_program:-/sbin/ipf} \ 38124618Smtm -f "${ipfilter_rules}" ${ipfilter_flags} 39124618Smtm fi 40124618Smtm if [ -r "${ipv6_ipfilter_rules}" ]; then 41124618Smtm ${ipfilter_program:-/sbin/ipf} -6 \ 42124618Smtm -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 43124618Smtm fi 4478344Sobrien} 4578344Sobrien 4678344Sobrienipfilter_stop() 4778344Sobrien{ 48255450Scy if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 49124618Smtm echo "Saving firewall state tables" 50124618Smtm ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 51124618Smtm echo "Disabling ipfilter." 52124618Smtm ${ipfilter_program:-/sbin/ipf} -D 53120515Smux fi 5478344Sobrien} 5578344Sobrien 5678344Sobrienipfilter_reload() 5778344Sobrien{ 5878344Sobrien echo "Reloading ipfilter rules." 5978344Sobrien 60124618Smtm ${ipfilter_program:-/sbin/ipf} -I -Fa 61124618Smtm if [ -r "${ipfilter_rules}" ]; then 62124618Smtm ${ipfilter_program:-/sbin/ipf} -I \ 63124618Smtm -f "${ipfilter_rules}" ${ipfilter_flags} 64164175Sceri if [ $? -ne 0 ]; then 65164175Sceri err 1 'Load of rules into alternate set failed; aborting reload' 66164175Sceri fi 67124618Smtm fi 68124618Smtm ${ipfilter_program:-/sbin/ipf} -I -6 -Fa 69124618Smtm if [ -r "${ipv6_ipfilter_rules}" ]; then 70124618Smtm ${ipfilter_program:-/sbin/ipf} -I -6 \ 71124618Smtm -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 72164175Sceri if [ $? -ne 0 ]; then 73164175Sceri err 1 'Load of IPv6 rules into alternate set failed; aborting reload' 74164175Sceri fi 75124618Smtm fi 76124618Smtm ${ipfilter_program:-/sbin/ipf} -s 7798184Sgordon 7878344Sobrien} 7978344Sobrien 8098184Sgordonipfilter_resync() 8198184Sgordon{ 8298184Sgordon ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 8398184Sgordon} 8498184Sgordon 8578344Sobrienipfilter_status() 8678344Sobrien{ 8798184Sgordon ${ipfilter_program:-/sbin/ipf} -V 8878344Sobrien} 8978344Sobrien 9078344Sobrienrun_rc_command "$1" 91