xref: /freebsd-10.2-release/etc/rc.d/ipfw

#!/bin/sh
#
# $FreeBSD: head/etc/rc.d/ipfw 175722 2008-01-27 15:15:12Z mtm $
#

# PROVIDE: ipfw
# REQUIRE: ppp
# BEFORE: NETWORKING
# KEYWORD: nojail

. /etc/rc.subr
. /etc/network.subr

name="ipfw"
rcvar="firewall_enable"
start_cmd="ipfw_start"
start_precmd="ipfw_prestart"
stop_cmd="ipfw_stop"
required_modules="ipfw"

ipfw_prestart()
{
	if checkyesno dummynet_enable; then
		required_modules="$required_modules dummynet"
	fi
}

ipfw_start()
{
	# set the firewall rules script if none was specified
	[ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall

	if [ -r "${firewall_script}" ]; then
		if [ -f /etc/rc.d/natd ] ; then
			/etc/rc.d/natd quietstart
		fi
		/bin/sh "${firewall_script}"
		echo 'Firewall rules loaded.'
	elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then
		echo 'Warning: kernel has firewall functionality, but' \
		    ' firewall rules are not enabled.'
		echo '           All ip services are disabled.'
	fi

	# Firewall logging
	#
	if checkyesno firewall_logging; then
		echo 'Firewall logging enabled.'
		sysctl net.inet.ip.fw.verbose=1 >/dev/null
	fi

	# Enable the firewall
	#
	${SYSCTL_W} net.inet.ip.fw.enable=1
}

ipfw_stop()
{
	# Disable the firewall
	#
	${SYSCTL_W} net.inet.ip.fw.enable=0
	if [ -f /etc/rc.d/natd ] ; then
		/etc/rc.d/natd quietstop
	fi
}

load_rc_config $name
run_rc_command "$1"