ipfw revision 151806
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/ipfw 151806 2005-10-28 16:07:52Z yar $ 4# 5 6# PROVIDE: ipfw 7# REQUIRE: ppp 8# BEFORE: NETWORKING 9# KEYWORD: nojail 10 11. /etc/rc.subr 12. /etc/network.subr 13 14name="ipfw" 15rcvar="firewall_enable" 16start_cmd="ipfw_start" 17start_precmd="ipfw_precmd" 18stop_cmd="ipfw_stop" 19 20ipfw_precmd() 21{ 22 if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then 23 if ! kldload ipfw; then 24 warn unable to load firewall module. 25 return 1 26 fi 27 fi 28 29 return 0 30} 31 32ipfw_start() 33{ 34 # set the firewall rules script if none was specified 35 [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 36 37 if [ -r "${firewall_script}" ]; then 38 echo -n 'Starting divert daemons:' 39 if [ -f /etc/rc.d/natd ] ; then 40 /etc/rc.d/natd start 41 fi 42 . "${firewall_script}" 43 echo -n 'Firewall rules loaded' 44 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 45 echo 'Warning: kernel has firewall functionality, but' \ 46 ' firewall rules are not enabled.' 47 echo ' All ip services are disabled.' 48 fi 49 echo '.' 50 51 # Firewall logging 52 # 53 if checkyesno firewall_logging; then 54 echo 'Firewall logging enabled' 55 sysctl net.inet.ip.fw.verbose=1 >/dev/null 56 fi 57 58 # Enable the firewall 59 # 60 ${SYSCTL_W} net.inet.ip.fw.enable=1 61} 62 63ipfw_stop() 64{ 65 # Disable the firewall 66 # 67 ${SYSCTL_W} net.inet.ip.fw.enable=0 68 if [ -f /etc/rc.d/natd ] ; then 69 /etc/rc.d/natd stop 70 fi 71} 72 73load_rc_config $name 74run_rc_command "$1" 75