ipfilter revision 136224
1#!/bin/sh 2# 3# $NetBSD: ipfilter,v 1.10 2001/02/28 17:03:50 lukem Exp $ 4# $FreeBSD: head/etc/rc.d/ipfilter 136224 2004-10-07 13:55:26Z mtm $ 5# 6 7# PROVIDE: ipfilter 8# REQUIRE: root mountcritlocal 9# BEFORE: netif 10# KEYWORD: nojail 11 12. /etc/rc.subr 13 14name="ipfilter" 15rcvar=`set_rcvar` 16load_rc_config $name 17stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" 18 19start_precmd="ipfilter_prestart" 20start_cmd="ipfilter_start" 21stop_cmd="ipfilter_stop" 22reload_precmd="$stop_precmd" 23reload_cmd="ipfilter_reload" 24resync_precmd="$stop_precmd" 25resync_cmd="ipfilter_resync" 26status_precmd="$stop_precmd" 27status_cmd="ipfilter_status" 28extra_commands="reload resync status" 29 30ipfilter_loaded() 31{ 32 if ! kldstat -v | grep "IP Filter" > /dev/null 2>&1; then 33 return 1 34 else 35 return 0 36 fi 37} 38 39ipfilter_prestart() 40{ 41 # load ipfilter kernel module if needed 42 if ! ipfilter_loaded; then 43 if kldload ipl; then 44 info 'IP-filter module loaded.' 45 else 46 err 1 'IP-filter module failed to load.' 47 fi 48 fi 49 50 # check for ipfilter rules 51 if [ ! -r "${ipfilter_rules}" ] && [ ! -r "${ipv6_ipfilter_rules}" ] 52 then 53 warn 'IP-filter: NO IPF RULES' 54 return 1 55 fi 56 return 0 57} 58 59ipfilter_start() 60{ 61 echo "Enabling ipfilter." 62 if [ `sysctl -n net.inet.ipf.fr_running` -eq 0 ]; then 63 ${ipfilter_program:-/sbin/ipf} -E 64 fi 65 ${ipfilter_program:-/sbin/ipf} -Fa 66 if [ -r "${ipfilter_rules}" ]; then 67 ${ipfilter_program:-/sbin/ipf} \ 68 -f "${ipfilter_rules}" ${ipfilter_flags} 69 fi 70 ${ipfilter_program:-/sbin/ipf} -6 -Fa 71 if [ -r "${ipv6_ipfilter_rules}" ]; then 72 ${ipfilter_program:-/sbin/ipf} -6 \ 73 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 74 fi 75} 76 77ipfilter_stop() 78{ 79 # XXX - The ipf -D command is not effective for 'lkm's 80 if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then 81 echo "Saving firewall state tables" 82 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 83 echo "Disabling ipfilter." 84 ${ipfilter_program:-/sbin/ipf} -D 85 fi 86} 87 88ipfilter_reload() 89{ 90 echo "Reloading ipfilter rules." 91 92 ${ipfilter_program:-/sbin/ipf} -I -Fa 93 if [ -r "${ipfilter_rules}" ]; then 94 ${ipfilter_program:-/sbin/ipf} -I \ 95 -f "${ipfilter_rules}" ${ipfilter_flags} 96 fi 97 ${ipfilter_program:-/sbin/ipf} -I -6 -Fa 98 if [ -r "${ipv6_ipfilter_rules}" ]; then 99 ${ipfilter_program:-/sbin/ipf} -I -6 \ 100 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 101 fi 102 ${ipfilter_program:-/sbin/ipf} -s 103 104} 105 106ipfilter_resync() 107{ 108 # Don't resync if ipfilter is not loaded 109 if ! ipfilter_loaded; then 110 return 111 fi 112 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 113} 114 115ipfilter_status() 116{ 117 ${ipfilter_program:-/sbin/ipf} -V 118} 119 120run_rc_command "$1" 121