ipfilter revision 78344
178344Sobrien#!/bin/sh 278344Sobrien# 378344Sobrien# $NetBSD: ipfilter,v 1.8 2000/10/01 05:58:06 lukem Exp $ 478344Sobrien# 578344Sobrien 678344Sobrien# PROVIDE: ipfilter 778344Sobrien# REQUIRE: root beforenetlkm mountcritlocal tty 878344Sobrien 978344Sobrien. /etc/rc.subr 1078344Sobrien 1178344Sobrienname="ipfilter" 1278344Sobrienrcvar=$name 1378344Sobrienstart_precmd="ipfilter_prestart" 1478344Sobrienstart_cmd="ipfilter_start" 1578344Sobrienstop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf" 1678344Sobrienstop_cmd="ipfilter_stop" 1778344Sobrienreload_precmd="$stop_precmd" 1878344Sobrienreload_cmd="ipfilter_reload" 1978344Sobrienstatus_precmd="$stop_precmd" 2078344Sobrienstatus_cmd="ipfilter_status" 2178344Sobrienextra_commands="reload status" 2278344Sobrien 2378344Sobrienipfilter_prestart() 2478344Sobrien{ 2578344Sobrien if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then 2678344Sobrien warn "/etc/ipf*.conf not readable; ipfilter start aborted." 2778344Sobrien # 2878344Sobrien # If booting directly to multiuser, send SIGTERM to 2978344Sobrien # the parent (/etc/rc) to abort the boot 3078344Sobrien # 3178344Sobrien if [ "$autoboot" = yes ]; then 3278344Sobrien echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" 3378344Sobrien kill -TERM $$ 3478344Sobrien exit 1 3578344Sobrien fi 3678344Sobrien return 1 3778344Sobrien fi 3878344Sobrien return 0 3978344Sobrien} 4078344Sobrien 4178344Sobrienipfilter_start() 4278344Sobrien{ 4378344Sobrien echo "Enabling ipfilter." 4478344Sobrien /sbin/ipf -E -Fa 4578344Sobrien if [ -f /etc/ipf.conf ]; then 4678344Sobrien /sbin/ipf -f /etc/ipf.conf 4778344Sobrien fi 4878344Sobrien if [ -f /etc/ipf6.conf ]; then 4978344Sobrien /sbin/ipf -6 -f /etc/ipf6.conf 5078344Sobrien fi 5178344Sobrien} 5278344Sobrien 5378344Sobrienipfilter_stop() 5478344Sobrien{ 5578344Sobrien echo "Disabling ipfilter." 5678344Sobrien /sbin/ipf -D 5778344Sobrien} 5878344Sobrien 5978344Sobrienipfilter_reload() 6078344Sobrien{ 6178344Sobrien echo "Reloading ipfilter rules." 6278344Sobrien 6378344Sobrien /sbin/ipf -I -Fa 6478344Sobrien if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then 6578344Sobrien err 1 "reload of ipf.conf failed; not swapping to new ruleset." 6678344Sobrien fi 6778344Sobrien if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then 6878344Sobrien err 1 "reload of ipf6.conf failed; not swapping to new ruleset." 6978344Sobrien fi 7078344Sobrien /sbin/ipf -s 7178344Sobrien} 7278344Sobrien 7378344Sobrienipfilter_status() 7478344Sobrien{ 7578344Sobrien /sbin/ipf -V 7678344Sobrien} 7778344Sobrien 7878344Sobrienload_rc_config $name 7978344Sobrienrun_rc_command "$1" 80