ipfilter revision 193198
1144518Sdavidxu#!/bin/sh 2144518Sdavidxu# 3144518Sdavidxu# $FreeBSD: head/etc/rc.d/ipfilter 193198 2009-06-01 05:35:03Z dougb $ 4144518Sdavidxu# 5144518Sdavidxu 6144518Sdavidxu# PROVIDE: ipfilter 7144518Sdavidxu# REQUIRE: FILESYSTEMS 8144518Sdavidxu# KEYWORD: nojail 9144518Sdavidxu 10144518Sdavidxu. /etc/rc.subr 11144518Sdavidxu 12144518Sdavidxuname="ipfilter" 13144518Sdavidxurcvar=`set_rcvar` 14144518Sdavidxuload_rc_config $name 15144518Sdavidxustop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" 16144518Sdavidxu 17144518Sdavidxustart_precmd="$stop_precmd" 18144518Sdavidxustart_cmd="ipfilter_start" 19144518Sdavidxustop_cmd="ipfilter_stop" 20144518Sdavidxureload_precmd="$stop_precmd" 21144518Sdavidxureload_cmd="ipfilter_reload" 22144518Sdavidxuresync_precmd="$stop_precmd" 23144518Sdavidxuresync_cmd="ipfilter_resync" 24144518Sdavidxustatus_precmd="$stop_precmd" 25144518Sdavidxustatus_cmd="ipfilter_status" 26144518Sdavidxuextra_commands="reload resync status" 27144518Sdavidxurequired_modules="ipl:ipfilter" 28144518Sdavidxu 29144518Sdavidxuipfilter_start() 30144518Sdavidxu{ 31144518Sdavidxu echo "Enabling ipfilter." 32144518Sdavidxu if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then 33144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -E 34144518Sdavidxu fi 35144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -Fa 36144518Sdavidxu if [ -r "${ipfilter_rules}" ]; then 37144518Sdavidxu ${ipfilter_program:-/sbin/ipf} \ 38144518Sdavidxu -f "${ipfilter_rules}" ${ipfilter_flags} 39144518Sdavidxu fi 40144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -6 -Fa 41144518Sdavidxu if [ -r "${ipv6_ipfilter_rules}" ]; then 42144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -6 \ 43144518Sdavidxu -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 44144518Sdavidxu fi 45144518Sdavidxu} 46144518Sdavidxu 47144518Sdavidxuipfilter_stop() 48144518Sdavidxu{ 49144518Sdavidxu # XXX - The ipf -D command is not effective for 'lkm's 50144518Sdavidxu if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then 51144518Sdavidxu echo "Saving firewall state tables" 52144518Sdavidxu ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 53144518Sdavidxu echo "Disabling ipfilter." 54144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -D 55144518Sdavidxu fi 56144518Sdavidxu} 57144518Sdavidxu 58144518Sdavidxuipfilter_reload() 59144518Sdavidxu{ 60144518Sdavidxu echo "Reloading ipfilter rules." 61144518Sdavidxu 62144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -I -Fa 63144518Sdavidxu if [ -r "${ipfilter_rules}" ]; then 64144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -I \ 65144518Sdavidxu -f "${ipfilter_rules}" ${ipfilter_flags} 66144518Sdavidxu if [ $? -ne 0 ]; then 67144518Sdavidxu err 1 'Load of rules into alternate set failed; aborting reload' 68144736Sdavidxu fi 69144518Sdavidxu fi 70144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -I -6 -Fa 71144518Sdavidxu if [ -r "${ipv6_ipfilter_rules}" ]; then 72144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -I -6 \ 73144518Sdavidxu -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 74144518Sdavidxu if [ $? -ne 0 ]; then 75144518Sdavidxu err 1 'Load of IPv6 rules into alternate set failed; aborting reload' 76144518Sdavidxu fi 77144518Sdavidxu fi 78144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -s 79144518Sdavidxu 80144518Sdavidxu} 81144518Sdavidxu 82144518Sdavidxuipfilter_resync() 83144518Sdavidxu{ 84144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 85144518Sdavidxu} 86144518Sdavidxu 87144518Sdavidxuipfilter_status() 88144518Sdavidxu{ 89144518Sdavidxu ${ipfilter_program:-/sbin/ipf} -V 90144518Sdavidxu} 91144518Sdavidxu 92144518Sdavidxurun_rc_command "$1" 93144518Sdavidxu