ipfw revision 190575
198184Sgordon#!/bin/sh 298184Sgordon# 398184Sgordon# $FreeBSD: head/etc/rc.d/ipfw 190575 2009-03-30 21:31:52Z emax $ 498184Sgordon# 598184Sgordon 698184Sgordon# PROVIDE: ipfw 7151806Syar# REQUIRE: ppp 898184Sgordon# BEFORE: NETWORKING 9136224Smtm# KEYWORD: nojail 1098184Sgordon 1198184Sgordon. /etc/rc.subr 12118099Smbr. /etc/network.subr 1398184Sgordon 1498184Sgordonname="ipfw" 1598184Sgordonrcvar="firewall_enable" 1698184Sgordonstart_cmd="ipfw_start" 17175722Smtmstart_precmd="ipfw_prestart" 18112849Smtmstop_cmd="ipfw_stop" 19165683Syarrequired_modules="ipfw" 2098184Sgordon 21175722Smtmipfw_prestart() 22175722Smtm{ 23175722Smtm if checkyesno dummynet_enable; then 24175722Smtm required_modules="$required_modules dummynet" 25175722Smtm fi 26190575Semax 27190575Semax if checkyesno firewall_nat_enable; then 28190575Semax if ! checkyesno natd_enable; then 29190575Semax required_modules="$required_modules ipfw_nat" 30190575Semax fi 31190575Semax fi 32175722Smtm} 33175722Smtm 3498184Sgordonipfw_start() 3598184Sgordon{ 36190575Semax local _firewall_type 37190575Semax 38190575Semax _firewall_type=$1 39190575Semax 4098184Sgordon # set the firewall rules script if none was specified 4198184Sgordon [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 4298184Sgordon 4398184Sgordon if [ -r "${firewall_script}" ]; then 44128714Sphk if [ -f /etc/rc.d/natd ] ; then 45175686Smtm /etc/rc.d/natd quietstart 46128714Sphk fi 47190575Semax /bin/sh "${firewall_script}" "${_firewall_type}" 48160672Syar echo 'Firewall rules loaded.' 49156030Swkoszek elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then 5098184Sgordon echo 'Warning: kernel has firewall functionality, but' \ 5198184Sgordon ' firewall rules are not enabled.' 5298184Sgordon echo ' All ip services are disabled.' 5398184Sgordon fi 5498184Sgordon 5598184Sgordon # Firewall logging 5698184Sgordon # 57112849Smtm if checkyesno firewall_logging; then 58160672Syar echo 'Firewall logging enabled.' 59112849Smtm sysctl net.inet.ip.fw.verbose=1 >/dev/null 60112849Smtm fi 6198184Sgordon 62112849Smtm # Enable the firewall 63112849Smtm # 64180296Smtm if ! ${SYSCTL_W} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then 65180296Smtm warn "failed to enable firewall" 66180296Smtm fi 6798184Sgordon} 6898184Sgordon 69112849Smtmipfw_stop() 70112849Smtm{ 71112849Smtm # Disable the firewall 72112849Smtm # 73112849Smtm ${SYSCTL_W} net.inet.ip.fw.enable=0 74128714Sphk if [ -f /etc/rc.d/natd ] ; then 75175686Smtm /etc/rc.d/natd quietstop 76128714Sphk fi 77112849Smtm} 78112849Smtm 7998184Sgordonload_rc_config $name 80190575Semaxrun_rc_command $* 81