ipfilter revision 193198
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/ipfilter 193198 2009-06-01 05:35:03Z dougb $ 4# 5 6# PROVIDE: ipfilter 7# REQUIRE: FILESYSTEMS 8# KEYWORD: nojail 9 10. /etc/rc.subr 11 12name="ipfilter" 13rcvar=`set_rcvar` 14load_rc_config $name 15stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" 16 17start_precmd="$stop_precmd" 18start_cmd="ipfilter_start" 19stop_cmd="ipfilter_stop" 20reload_precmd="$stop_precmd" 21reload_cmd="ipfilter_reload" 22resync_precmd="$stop_precmd" 23resync_cmd="ipfilter_resync" 24status_precmd="$stop_precmd" 25status_cmd="ipfilter_status" 26extra_commands="reload resync status" 27required_modules="ipl:ipfilter" 28 29ipfilter_start() 30{ 31 echo "Enabling ipfilter." 32 if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then 33 ${ipfilter_program:-/sbin/ipf} -E 34 fi 35 ${ipfilter_program:-/sbin/ipf} -Fa 36 if [ -r "${ipfilter_rules}" ]; then 37 ${ipfilter_program:-/sbin/ipf} \ 38 -f "${ipfilter_rules}" ${ipfilter_flags} 39 fi 40 ${ipfilter_program:-/sbin/ipf} -6 -Fa 41 if [ -r "${ipv6_ipfilter_rules}" ]; then 42 ${ipfilter_program:-/sbin/ipf} -6 \ 43 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 44 fi 45} 46 47ipfilter_stop() 48{ 49 # XXX - The ipf -D command is not effective for 'lkm's 50 if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then 51 echo "Saving firewall state tables" 52 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 53 echo "Disabling ipfilter." 54 ${ipfilter_program:-/sbin/ipf} -D 55 fi 56} 57 58ipfilter_reload() 59{ 60 echo "Reloading ipfilter rules." 61 62 ${ipfilter_program:-/sbin/ipf} -I -Fa 63 if [ -r "${ipfilter_rules}" ]; then 64 ${ipfilter_program:-/sbin/ipf} -I \ 65 -f "${ipfilter_rules}" ${ipfilter_flags} 66 if [ $? -ne 0 ]; then 67 err 1 'Load of rules into alternate set failed; aborting reload' 68 fi 69 fi 70 ${ipfilter_program:-/sbin/ipf} -I -6 -Fa 71 if [ -r "${ipv6_ipfilter_rules}" ]; then 72 ${ipfilter_program:-/sbin/ipf} -I -6 \ 73 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 74 if [ $? -ne 0 ]; then 75 err 1 'Load of IPv6 rules into alternate set failed; aborting reload' 76 fi 77 fi 78 ${ipfilter_program:-/sbin/ipf} -s 79 80} 81 82ipfilter_resync() 83{ 84 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 85} 86 87ipfilter_status() 88{ 89 ${ipfilter_program:-/sbin/ipf} -V 90} 91 92run_rc_command "$1" 93