ipfw revision 200028
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/ipfw 200028 2009-12-02 15:05:26Z ume $ 4# 5 6# PROVIDE: ipfw 7# REQUIRE: ppp 8# KEYWORD: nojail 9 10. /etc/rc.subr 11. /etc/network.subr 12 13name="ipfw" 14rcvar="firewall_enable" 15start_cmd="ipfw_start" 16start_precmd="ipfw_prestart" 17stop_cmd="ipfw_stop" 18required_modules="ipfw" 19 20set_rcvar_obsolete ipv6_firewall_enable 21 22ipfw_prestart() 23{ 24 if checkyesno dummynet_enable; then 25 required_modules="$required_modules dummynet" 26 fi 27 28 if checkyesno firewall_nat_enable; then 29 if ! checkyesno natd_enable; then 30 required_modules="$required_modules ipfw_nat" 31 fi 32 fi 33} 34 35ipfw_start() 36{ 37 local _firewall_type 38 39 _firewall_type=$1 40 41 # set the firewall rules script if none was specified 42 [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 43 44 if [ -r "${firewall_script}" ]; then 45 if [ -f /etc/rc.d/natd ] ; then 46 /etc/rc.d/natd quietstart 47 fi 48 /bin/sh "${firewall_script}" "${_firewall_type}" 49 echo 'Firewall rules loaded.' 50 elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then 51 echo 'Warning: kernel has firewall functionality, but' \ 52 ' firewall rules are not enabled.' 53 echo ' All ip services are disabled.' 54 fi 55 56 # Firewall logging 57 # 58 if checkyesno firewall_logging; then 59 echo 'Firewall logging enabled.' 60 sysctl net.inet.ip.fw.verbose=1 >/dev/null 61 fi 62 63 # Enable the firewall 64 # 65 if ! ${SYSCTL_W} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then 66 warn "failed to enable IPv4 firewall" 67 fi 68 if afexists inet6; then 69 if ! ${SYSCTL_W} net.inet6.ip6.fw.enable=1 1>/dev/null 2>&1 70 then 71 warn "failed to enable IPv6 firewall" 72 fi 73 fi 74} 75 76ipfw_stop() 77{ 78 # Disable the firewall 79 # 80 ${SYSCTL_W} net.inet.ip.fw.enable=0 81 if afexists inet6; then 82 ${SYSCTL_W} net.inet6.ip6.fw.enable=0 83 fi 84 if [ -f /etc/rc.d/natd ] ; then 85 /etc/rc.d/natd quietstop 86 fi 87} 88 89load_rc_config $name 90run_rc_command $* 91