ipfw revision 160672
198184Sgordon#!/bin/sh 298184Sgordon# 398184Sgordon# $FreeBSD: head/etc/rc.d/ipfw 160672 2006-07-25 17:28:18Z yar $ 498184Sgordon# 598184Sgordon 698184Sgordon# PROVIDE: ipfw 7151806Syar# REQUIRE: ppp 898184Sgordon# BEFORE: NETWORKING 9136224Smtm# KEYWORD: nojail 1098184Sgordon 1198184Sgordon. /etc/rc.subr 12118099Smbr. /etc/network.subr 1398184Sgordon 1498184Sgordonname="ipfw" 1598184Sgordonrcvar="firewall_enable" 1698184Sgordonstart_cmd="ipfw_start" 1798184Sgordonstart_precmd="ipfw_precmd" 18112849Smtmstop_cmd="ipfw_stop" 1998184Sgordon 2098184Sgordonipfw_precmd() 2198184Sgordon{ 22104980Sschweikh if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then 23104980Sschweikh if ! kldload ipfw; then 2498184Sgordon warn unable to load firewall module. 2598184Sgordon return 1 2698184Sgordon fi 2798184Sgordon fi 2898184Sgordon 2998184Sgordon return 0 3098184Sgordon} 3198184Sgordon 3298184Sgordonipfw_start() 3398184Sgordon{ 3498184Sgordon # set the firewall rules script if none was specified 3598184Sgordon [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 3698184Sgordon 3798184Sgordon if [ -r "${firewall_script}" ]; then 38128714Sphk if [ -f /etc/rc.d/natd ] ; then 39128714Sphk /etc/rc.d/natd start 40128714Sphk fi 41143688Sru . "${firewall_script}" 42160672Syar echo 'Firewall rules loaded.' 43156030Swkoszek elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then 4498184Sgordon echo 'Warning: kernel has firewall functionality, but' \ 4598184Sgordon ' firewall rules are not enabled.' 4698184Sgordon echo ' All ip services are disabled.' 4798184Sgordon fi 4898184Sgordon 4998184Sgordon # Firewall logging 5098184Sgordon # 51112849Smtm if checkyesno firewall_logging; then 52160672Syar echo 'Firewall logging enabled.' 53112849Smtm sysctl net.inet.ip.fw.verbose=1 >/dev/null 54112849Smtm fi 5598184Sgordon 56112849Smtm # Enable the firewall 57112849Smtm # 58112849Smtm ${SYSCTL_W} net.inet.ip.fw.enable=1 5998184Sgordon} 6098184Sgordon 61112849Smtmipfw_stop() 62112849Smtm{ 63112849Smtm # Disable the firewall 64112849Smtm # 65112849Smtm ${SYSCTL_W} net.inet.ip.fw.enable=0 66128714Sphk if [ -f /etc/rc.d/natd ] ; then 67128714Sphk /etc/rc.d/natd stop 68128714Sphk fi 69112849Smtm} 70112849Smtm 7198184Sgordonload_rc_config $name 7298184Sgordonrun_rc_command "$1" 73