ipfw revision 180296
198184Sgordon#!/bin/sh 298184Sgordon# 398184Sgordon# $FreeBSD: head/etc/rc.d/ipfw 180296 2008-07-05 15:27:39Z mtm $ 498184Sgordon# 598184Sgordon 698184Sgordon# PROVIDE: ipfw 7151806Syar# REQUIRE: ppp 898184Sgordon# BEFORE: NETWORKING 9136224Smtm# KEYWORD: nojail 1098184Sgordon 1198184Sgordon. /etc/rc.subr 12118099Smbr. /etc/network.subr 1398184Sgordon 1498184Sgordonname="ipfw" 1598184Sgordonrcvar="firewall_enable" 1698184Sgordonstart_cmd="ipfw_start" 17175722Smtmstart_precmd="ipfw_prestart" 18112849Smtmstop_cmd="ipfw_stop" 19165683Syarrequired_modules="ipfw" 2098184Sgordon 21175722Smtmipfw_prestart() 22175722Smtm{ 23175722Smtm if checkyesno dummynet_enable; then 24175722Smtm required_modules="$required_modules dummynet" 25175722Smtm fi 26175722Smtm} 27175722Smtm 2898184Sgordonipfw_start() 2998184Sgordon{ 3098184Sgordon # set the firewall rules script if none was specified 3198184Sgordon [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 3298184Sgordon 3398184Sgordon if [ -r "${firewall_script}" ]; then 34128714Sphk if [ -f /etc/rc.d/natd ] ; then 35175686Smtm /etc/rc.d/natd quietstart 36128714Sphk fi 37168272Smtm /bin/sh "${firewall_script}" 38160672Syar echo 'Firewall rules loaded.' 39156030Swkoszek elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then 4098184Sgordon echo 'Warning: kernel has firewall functionality, but' \ 4198184Sgordon ' firewall rules are not enabled.' 4298184Sgordon echo ' All ip services are disabled.' 4398184Sgordon fi 4498184Sgordon 4598184Sgordon # Firewall logging 4698184Sgordon # 47112849Smtm if checkyesno firewall_logging; then 48160672Syar echo 'Firewall logging enabled.' 49112849Smtm sysctl net.inet.ip.fw.verbose=1 >/dev/null 50112849Smtm fi 5198184Sgordon 52112849Smtm # Enable the firewall 53112849Smtm # 54180296Smtm if ! ${SYSCTL_W} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then 55180296Smtm warn "failed to enable firewall" 56180296Smtm fi 5798184Sgordon} 5898184Sgordon 59112849Smtmipfw_stop() 60112849Smtm{ 61112849Smtm # Disable the firewall 62112849Smtm # 63112849Smtm ${SYSCTL_W} net.inet.ip.fw.enable=0 64128714Sphk if [ -f /etc/rc.d/natd ] ; then 65175686Smtm /etc/rc.d/natd quietstop 66128714Sphk fi 67112849Smtm} 68112849Smtm 6998184Sgordonload_rc_config $name 7098184Sgordonrun_rc_command "$1" 71