ipfw revision 112849
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/ipfw 112849 2003-03-30 15:52:18Z mtm $ 4# 5 6# PROVIDE: ipfw 7# REQUIRE: ppp-user 8# BEFORE: NETWORKING 9# KEYWORD: FreeBSD 10 11. /etc/rc.subr 12 13name="ipfw" 14rcvar="firewall_enable" 15start_cmd="ipfw_start" 16start_precmd="ipfw_precmd" 17stop_cmd="ipfw_stop" 18 19ipfw_precmd() 20{ 21 if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then 22 if ! kldload ipfw; then 23 warn unable to load firewall module. 24 return 1 25 fi 26 fi 27 28 return 0 29} 30 31ipfw_start() 32{ 33 # set the firewall rules script if none was specified 34 [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 35 36 if [ -r "${firewall_script}" ]; then 37 . "${firewall_script}" 38 echo -n 'Firewall rules loaded, starting divert daemons:' 39 40 # Network Address Translation daemon 41 # 42 if checkyesno natd_enable; then 43 if [ -n "${natd_interface}" ]; then 44 if echo ${natd_interface} | \ 45 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then 46 natd_flags="$natd_flags -a ${natd_interface}" 47 else 48 natd_flags="$natd_flags -n ${natd_interface}" 49 fi 50 fi 51 echo -n ' natd' 52 ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 53 fi 54 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 55 echo 'Warning: kernel has firewall functionality, but' \ 56 ' firewall rules are not enabled.' 57 echo ' All ip services are disabled.' 58 fi 59 echo '.' 60 61 # Firewall logging 62 # 63 if checkyesno firewall_logging; then 64 echo 'Firewall logging enabled' 65 sysctl net.inet.ip.fw.verbose=1 >/dev/null 66 fi 67 68 # Enable the firewall 69 # 70 ${SYSCTL_W} net.inet.ip.fw.enable=1 71} 72 73ipfw_stop() 74{ 75 # Disable the firewall 76 # 77 ${SYSCTL_W} net.inet.ip.fw.enable=0 78} 79 80load_rc_config $name 81run_rc_command "$1" 82