ipfw revision 190575
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/ipfw 190575 2009-03-30 21:31:52Z emax $ 4# 5 6# PROVIDE: ipfw 7# REQUIRE: ppp 8# BEFORE: NETWORKING 9# KEYWORD: nojail 10 11. /etc/rc.subr 12. /etc/network.subr 13 14name="ipfw" 15rcvar="firewall_enable" 16start_cmd="ipfw_start" 17start_precmd="ipfw_prestart" 18stop_cmd="ipfw_stop" 19required_modules="ipfw" 20 21ipfw_prestart() 22{ 23 if checkyesno dummynet_enable; then 24 required_modules="$required_modules dummynet" 25 fi 26 27 if checkyesno firewall_nat_enable; then 28 if ! checkyesno natd_enable; then 29 required_modules="$required_modules ipfw_nat" 30 fi 31 fi 32} 33 34ipfw_start() 35{ 36 local _firewall_type 37 38 _firewall_type=$1 39 40 # set the firewall rules script if none was specified 41 [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 42 43 if [ -r "${firewall_script}" ]; then 44 if [ -f /etc/rc.d/natd ] ; then 45 /etc/rc.d/natd quietstart 46 fi 47 /bin/sh "${firewall_script}" "${_firewall_type}" 48 echo 'Firewall rules loaded.' 49 elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then 50 echo 'Warning: kernel has firewall functionality, but' \ 51 ' firewall rules are not enabled.' 52 echo ' All ip services are disabled.' 53 fi 54 55 # Firewall logging 56 # 57 if checkyesno firewall_logging; then 58 echo 'Firewall logging enabled.' 59 sysctl net.inet.ip.fw.verbose=1 >/dev/null 60 fi 61 62 # Enable the firewall 63 # 64 if ! ${SYSCTL_W} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then 65 warn "failed to enable firewall" 66 fi 67} 68 69ipfw_stop() 70{ 71 # Disable the firewall 72 # 73 ${SYSCTL_W} net.inet.ip.fw.enable=0 74 if [ -f /etc/rc.d/natd ] ; then 75 /etc/rc.d/natd quietstop 76 fi 77} 78 79load_rc_config $name 80run_rc_command $* 81