ipfw revision 193198
198184Sgordon#!/bin/sh 298184Sgordon# 398184Sgordon# $FreeBSD: head/etc/rc.d/ipfw 193198 2009-06-01 05:35:03Z dougb $ 498184Sgordon# 598184Sgordon 698184Sgordon# PROVIDE: ipfw 7195026Sdougb# REQUIRE: FILESYSTEMS 8136224Smtm# KEYWORD: nojail 998184Sgordon 1098184Sgordon. /etc/rc.subr 11118099Smbr. /etc/network.subr 1298184Sgordon 1398184Sgordonname="ipfw" 1498184Sgordonrcvar="firewall_enable" 1598184Sgordonstart_cmd="ipfw_start" 16175722Smtmstart_precmd="ipfw_prestart" 17112849Smtmstop_cmd="ipfw_stop" 18165683Syarrequired_modules="ipfw" 1998184Sgordon 20200028Sumeipfw_prestart() 21200028Sume{ 22175722Smtm if checkyesno dummynet_enable; then 23175722Smtm required_modules="$required_modules dummynet" 24175722Smtm fi 25175722Smtm 26175722Smtm if checkyesno firewall_nat_enable; then 27190575Semax if ! checkyesno natd_enable; then 28190575Semax required_modules="$required_modules ipfw_nat" 29190575Semax fi 30190575Semax fi 31190575Semax} 32190575Semax 33175722Smtmipfw_start() 34175722Smtm{ 3598184Sgordon local _firewall_type 3698184Sgordon 37190575Semax _firewall_type=$1 38190575Semax 39190575Semax # set the firewall rules script if none was specified 40190575Semax [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 4198184Sgordon 4298184Sgordon if [ -r "${firewall_script}" ]; then 4398184Sgordon if [ -f /etc/rc.d/natd ] ; then 4498184Sgordon /etc/rc.d/natd quietstart 45128714Sphk fi 46175686Smtm /bin/sh "${firewall_script}" "${_firewall_type}" 47128714Sphk echo 'Firewall rules loaded.' 48190575Semax elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then 49160672Syar echo 'Warning: kernel has firewall functionality, but' \ 50156030Swkoszek ' firewall rules are not enabled.' 5198184Sgordon echo ' All ip services are disabled.' 5298184Sgordon fi 5398184Sgordon 5498184Sgordon # Firewall logging 5598184Sgordon # 5698184Sgordon if checkyesno firewall_logging; then 5798184Sgordon echo 'Firewall logging enabled.' 58112849Smtm sysctl net.inet.ip.fw.verbose=1 >/dev/null 59160672Syar fi 60112849Smtm 61112849Smtm # Enable the firewall 6298184Sgordon # 63112849Smtm if ! ${SYSCTL_W} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then 64112849Smtm warn "failed to enable firewall" 65180296Smtm fi 66200028Sume} 67180296Smtm 68200028Sumeipfw_stop() 69200028Sume{ 70200028Sume # Disable the firewall 71200028Sume # 72200028Sume ${SYSCTL_W} net.inet.ip.fw.enable=0 73200028Sume if [ -f /etc/rc.d/natd ] ; then 7498184Sgordon /etc/rc.d/natd quietstop 7598184Sgordon fi 76112849Smtm} 77112849Smtm 78112849Smtmload_rc_config $name 79112849Smtmrun_rc_command $* 80112849Smtm