ipfw revision 118099
198184Sgordon#!/bin/sh 298184Sgordon# 398184Sgordon# $FreeBSD: head/etc/rc.d/ipfw 118099 2003-07-27 20:34:30Z mbr $ 498184Sgordon# 598184Sgordon 698184Sgordon# PROVIDE: ipfw 798184Sgordon# REQUIRE: ppp-user 898184Sgordon# BEFORE: NETWORKING 998184Sgordon# KEYWORD: FreeBSD 1098184Sgordon 1198184Sgordon. /etc/rc.subr 12118099Smbr. /etc/network.subr 1398184Sgordon 1498184Sgordonname="ipfw" 1598184Sgordonrcvar="firewall_enable" 1698184Sgordonstart_cmd="ipfw_start" 1798184Sgordonstart_precmd="ipfw_precmd" 18112849Smtmstop_cmd="ipfw_stop" 1998184Sgordon 2098184Sgordonipfw_precmd() 2198184Sgordon{ 22104980Sschweikh if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then 23104980Sschweikh if ! kldload ipfw; then 2498184Sgordon warn unable to load firewall module. 2598184Sgordon return 1 2698184Sgordon fi 2798184Sgordon fi 2898184Sgordon 2998184Sgordon return 0 3098184Sgordon} 3198184Sgordon 3298184Sgordonipfw_start() 3398184Sgordon{ 3498184Sgordon # set the firewall rules script if none was specified 3598184Sgordon [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 3698184Sgordon 3798184Sgordon if [ -r "${firewall_script}" ]; then 3898184Sgordon . "${firewall_script}" 3998184Sgordon echo -n 'Firewall rules loaded, starting divert daemons:' 4098184Sgordon 4198184Sgordon # Network Address Translation daemon 4298184Sgordon # 43104980Sschweikh if checkyesno natd_enable; then 44118099Smbr dhcp_list="`list_net_interfaces dhcp`" 45118099Smbr for ifn in ${dhcp_list}; do 46118099Smbr case ${natd_interface} in 47118099Smbr ${ifn}) 48118099Smbr natd_flags="$natd_flags -dynamic" 49118099Smbr ;; 50118099Smbr *) 51118099Smbr ;; 52118099Smbr esac 53118099Smbr done 5498184Sgordon if [ -n "${natd_interface}" ]; then 5598184Sgordon if echo ${natd_interface} | \ 56104980Sschweikh grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then 5798184Sgordon natd_flags="$natd_flags -a ${natd_interface}" 5898184Sgordon else 5998184Sgordon natd_flags="$natd_flags -n ${natd_interface}" 6098184Sgordon fi 6198184Sgordon fi 62109232Smtm echo -n ' natd' 63109232Smtm ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 6498184Sgordon fi 6598184Sgordon elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 6698184Sgordon echo 'Warning: kernel has firewall functionality, but' \ 6798184Sgordon ' firewall rules are not enabled.' 6898184Sgordon echo ' All ip services are disabled.' 6998184Sgordon fi 7098184Sgordon echo '.' 7198184Sgordon 7298184Sgordon # Firewall logging 7398184Sgordon # 74112849Smtm if checkyesno firewall_logging; then 75112849Smtm echo 'Firewall logging enabled' 76112849Smtm sysctl net.inet.ip.fw.verbose=1 >/dev/null 77112849Smtm fi 7898184Sgordon 79112849Smtm # Enable the firewall 80112849Smtm # 81112849Smtm ${SYSCTL_W} net.inet.ip.fw.enable=1 8298184Sgordon} 8398184Sgordon 84112849Smtmipfw_stop() 85112849Smtm{ 86112849Smtm # Disable the firewall 87112849Smtm # 88112849Smtm ${SYSCTL_W} net.inet.ip.fw.enable=0 89118099Smbr killall natd; 90118099Smbr sleep 2; 91112849Smtm} 92112849Smtm 9398184Sgordonload_rc_config $name 9498184Sgordonrun_rc_command "$1" 95