ipfw revision 126744
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/ipfw 126744 2004-03-08 12:25:05Z pjd $ 4# 5 6# PROVIDE: ipfw 7# REQUIRE: ppp-user 8# BEFORE: NETWORKING 9# KEYWORD: FreeBSD nojail 10 11. /etc/rc.subr 12. /etc/network.subr 13 14name="ipfw" 15rcvar="firewall_enable" 16start_cmd="ipfw_start" 17start_precmd="ipfw_precmd" 18stop_cmd="ipfw_stop" 19 20ipfw_precmd() 21{ 22 if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then 23 if ! kldload ipfw; then 24 warn unable to load firewall module. 25 return 1 26 fi 27 fi 28 29 return 0 30} 31 32ipfw_start() 33{ 34 # set the firewall rules script if none was specified 35 [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 36 37 if [ -r "${firewall_script}" ]; then 38 . "${firewall_script}" 39 echo -n 'Firewall rules loaded, starting divert daemons:' 40 41 # Network Address Translation daemon 42 # 43 if checkyesno natd_enable; then 44 dhcp_list="`list_net_interfaces dhcp`" 45 for ifn in ${dhcp_list}; do 46 case ${natd_interface} in 47 ${ifn}) 48 natd_flags="$natd_flags -dynamic" 49 ;; 50 *) 51 ;; 52 esac 53 done 54 if [ -n "${natd_interface}" ]; then 55 if echo ${natd_interface} | \ 56 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then 57 natd_flags="$natd_flags -a ${natd_interface}" 58 else 59 natd_flags="$natd_flags -n ${natd_interface}" 60 fi 61 fi 62 echo -n ' natd' 63 ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 64 fi 65 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 66 echo 'Warning: kernel has firewall functionality, but' \ 67 ' firewall rules are not enabled.' 68 echo ' All ip services are disabled.' 69 fi 70 echo '.' 71 72 # Firewall logging 73 # 74 if checkyesno firewall_logging; then 75 echo 'Firewall logging enabled' 76 sysctl net.inet.ip.fw.verbose=1 >/dev/null 77 fi 78 79 # Enable the firewall 80 # 81 ${SYSCTL_W} net.inet.ip.fw.enable=1 82} 83 84ipfw_stop() 85{ 86 # Disable the firewall 87 # 88 ${SYSCTL_W} net.inet.ip.fw.enable=0 89 killall natd; 90 sleep 2; 91} 92 93load_rc_config $name 94run_rc_command "$1" 95