ipfw revision 112849
198184Sgordon#!/bin/sh 298184Sgordon# 398184Sgordon# $FreeBSD: head/etc/rc.d/ipfw 112849 2003-03-30 15:52:18Z mtm $ 498184Sgordon# 598184Sgordon 698184Sgordon# PROVIDE: ipfw 798184Sgordon# REQUIRE: ppp-user 898184Sgordon# BEFORE: NETWORKING 998184Sgordon# KEYWORD: FreeBSD 1098184Sgordon 1198184Sgordon. /etc/rc.subr 1298184Sgordon 1398184Sgordonname="ipfw" 1498184Sgordonrcvar="firewall_enable" 1598184Sgordonstart_cmd="ipfw_start" 1698184Sgordonstart_precmd="ipfw_precmd" 17112849Smtmstop_cmd="ipfw_stop" 1898184Sgordon 1998184Sgordonipfw_precmd() 2098184Sgordon{ 21104980Sschweikh if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then 22104980Sschweikh if ! kldload ipfw; then 2398184Sgordon warn unable to load firewall module. 2498184Sgordon return 1 2598184Sgordon fi 2698184Sgordon fi 2798184Sgordon 2898184Sgordon return 0 2998184Sgordon} 3098184Sgordon 3198184Sgordonipfw_start() 3298184Sgordon{ 3398184Sgordon # set the firewall rules script if none was specified 3498184Sgordon [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 3598184Sgordon 3698184Sgordon if [ -r "${firewall_script}" ]; then 3798184Sgordon . "${firewall_script}" 3898184Sgordon echo -n 'Firewall rules loaded, starting divert daemons:' 3998184Sgordon 4098184Sgordon # Network Address Translation daemon 4198184Sgordon # 42104980Sschweikh if checkyesno natd_enable; then 4398184Sgordon if [ -n "${natd_interface}" ]; then 4498184Sgordon if echo ${natd_interface} | \ 45104980Sschweikh grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then 4698184Sgordon natd_flags="$natd_flags -a ${natd_interface}" 4798184Sgordon else 4898184Sgordon natd_flags="$natd_flags -n ${natd_interface}" 4998184Sgordon fi 5098184Sgordon fi 51109232Smtm echo -n ' natd' 52109232Smtm ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 5398184Sgordon fi 5498184Sgordon elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 5598184Sgordon echo 'Warning: kernel has firewall functionality, but' \ 5698184Sgordon ' firewall rules are not enabled.' 5798184Sgordon echo ' All ip services are disabled.' 5898184Sgordon fi 5998184Sgordon echo '.' 6098184Sgordon 6198184Sgordon # Firewall logging 6298184Sgordon # 63112849Smtm if checkyesno firewall_logging; then 64112849Smtm echo 'Firewall logging enabled' 65112849Smtm sysctl net.inet.ip.fw.verbose=1 >/dev/null 66112849Smtm fi 6798184Sgordon 68112849Smtm # Enable the firewall 69112849Smtm # 70112849Smtm ${SYSCTL_W} net.inet.ip.fw.enable=1 7198184Sgordon} 7298184Sgordon 73112849Smtmipfw_stop() 74112849Smtm{ 75112849Smtm # Disable the firewall 76112849Smtm # 77112849Smtm ${SYSCTL_W} net.inet.ip.fw.enable=0 78112849Smtm} 79112849Smtm 8098184Sgordonload_rc_config $name 8198184Sgordonrun_rc_command "$1" 82