ipfw revision 143688
1224110Sjchandra#!/bin/sh 2224110Sjchandra# 3224110Sjchandra# $FreeBSD: head/etc/rc.d/ipfw 143688 2005-03-16 08:47:48Z ru $ 4224110Sjchandra# 5224110Sjchandra 6224110Sjchandra# PROVIDE: ipfw 7224110Sjchandra# REQUIRE: ppp-user 8224110Sjchandra# BEFORE: NETWORKING 9224110Sjchandra# KEYWORD: nojail 10224110Sjchandra 11224110Sjchandra. /etc/rc.subr 12224110Sjchandra. /etc/network.subr 13224110Sjchandra 14224110Sjchandraname="ipfw" 15224110Sjchandrarcvar="firewall_enable" 16224110Sjchandrastart_cmd="ipfw_start" 17224110Sjchandrastart_precmd="ipfw_precmd" 18224110Sjchandrastop_cmd="ipfw_stop" 19224110Sjchandra 20224110Sjchandraipfw_precmd() 21224110Sjchandra{ 22224110Sjchandra if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then 23224110Sjchandra if ! kldload ipfw; then 24224110Sjchandra warn unable to load firewall module. 25224110Sjchandra return 1 26224110Sjchandra fi 27224110Sjchandra fi 28225394Sjchandra 29224110Sjchandra return 0 30225394Sjchandra} 31224110Sjchandra 32225394Sjchandraipfw_start() 33225394Sjchandra{ 34224110Sjchandra # set the firewall rules script if none was specified 35224110Sjchandra [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 36225394Sjchandra 37225394Sjchandra if [ -r "${firewall_script}" ]; then 38224110Sjchandra echo -n 'Starting divert daemons:' 39225394Sjchandra if [ -f /etc/rc.d/natd ] ; then 40225394Sjchandra /etc/rc.d/natd start 41225394Sjchandra fi 42225394Sjchandra . "${firewall_script}" 43225394Sjchandra echo -n 'Firewall rules loaded' 44225394Sjchandra elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 45225394Sjchandra echo 'Warning: kernel has firewall functionality, but' \ 46224110Sjchandra ' firewall rules are not enabled.' 47225394Sjchandra echo ' All ip services are disabled.' 48225394Sjchandra fi 49224110Sjchandra echo '.' 50225394Sjchandra 51225394Sjchandra # Firewall logging 52224110Sjchandra # 53224110Sjchandra if checkyesno firewall_logging; then 54225394Sjchandra echo 'Firewall logging enabled' 55225394Sjchandra sysctl net.inet.ip.fw.verbose=1 >/dev/null 56225394Sjchandra fi 57225394Sjchandra 58225394Sjchandra # Enable the firewall 59225394Sjchandra # 60225394Sjchandra ${SYSCTL_W} net.inet.ip.fw.enable=1 61225394Sjchandra} 62225394Sjchandra 63225394Sjchandraipfw_stop() 64225394Sjchandra{ 65225394Sjchandra # Disable the firewall 66225394Sjchandra # 67224110Sjchandra ${SYSCTL_W} net.inet.ip.fw.enable=0 68224110Sjchandra if [ -f /etc/rc.d/natd ] ; then 69225394Sjchandra /etc/rc.d/natd stop 70225394Sjchandra fi 71225394Sjchandra} 72225394Sjchandra 73225394Sjchandraload_rc_config $name 74224110Sjchandrarun_rc_command "$1" 75224110Sjchandra