ipfw revision 195026
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/ipfw 195026 2009-06-26 01:04:50Z dougb $ 4# 5 6# PROVIDE: ipfw 7# REQUIRE: ppp 8# KEYWORD: nojail 9 10. /etc/rc.subr 11. /etc/network.subr 12 13name="ipfw" 14rcvar="firewall_enable" 15start_cmd="ipfw_start" 16start_precmd="ipfw_prestart" 17stop_cmd="ipfw_stop" 18required_modules="ipfw" 19 20ipfw_prestart() 21{ 22 if checkyesno dummynet_enable; then 23 required_modules="$required_modules dummynet" 24 fi 25 26 if checkyesno firewall_nat_enable; then 27 if ! checkyesno natd_enable; then 28 required_modules="$required_modules ipfw_nat" 29 fi 30 fi 31} 32 33ipfw_start() 34{ 35 local _firewall_type 36 37 _firewall_type=$1 38 39 # set the firewall rules script if none was specified 40 [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 41 42 if [ -r "${firewall_script}" ]; then 43 if [ -f /etc/rc.d/natd ] ; then 44 /etc/rc.d/natd quietstart 45 fi 46 /bin/sh "${firewall_script}" "${_firewall_type}" 47 echo 'Firewall rules loaded.' 48 elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then 49 echo 'Warning: kernel has firewall functionality, but' \ 50 ' firewall rules are not enabled.' 51 echo ' All ip services are disabled.' 52 fi 53 54 # Firewall logging 55 # 56 if checkyesno firewall_logging; then 57 echo 'Firewall logging enabled.' 58 sysctl net.inet.ip.fw.verbose=1 >/dev/null 59 fi 60 61 # Enable the firewall 62 # 63 if ! ${SYSCTL_W} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then 64 warn "failed to enable firewall" 65 fi 66} 67 68ipfw_stop() 69{ 70 # Disable the firewall 71 # 72 ${SYSCTL_W} net.inet.ip.fw.enable=0 73 if [ -f /etc/rc.d/natd ] ; then 74 /etc/rc.d/natd quietstop 75 fi 76} 77 78load_rc_config $name 79run_rc_command $* 80