ipfilter revision 302408 
1#!/bin/sh
2#
3# $FreeBSD: stable/11/etc/rc.d/ipfilter 298514 2016-04-23 16:10:54Z lme $
4#
5
6# PROVIDE: ipfilter
7# REQUIRE: FILESYSTEMS
8# KEYWORD: nojail
9
10. /etc/rc.subr
11
12name="ipfilter"
13desc="IP packet filter"
14rcvar="ipfilter_enable"
15load_rc_config $name
16stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
17
18start_precmd="$stop_precmd"
19start_cmd="ipfilter_start"
20stop_cmd="ipfilter_stop"
21reload_precmd="$stop_precmd"
22reload_cmd="ipfilter_reload"
23resync_precmd="$stop_precmd"
24resync_cmd="ipfilter_resync"
25status_precmd="$stop_precmd"
26status_cmd="ipfilter_status"
27extra_commands="reload resync"
28required_modules="ipl:ipfilter"
29
30ipfilter_start()
31{
32	echo "Enabling ipfilter."
33	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
34		${ipfilter_program:-/sbin/ipf} -E
35	fi
36	${ipfilter_program:-/sbin/ipf} -Fa
37	if [ -r "${ipfilter_rules}" ]; then
38		${ipfilter_program:-/sbin/ipf} \
39		    -f "${ipfilter_rules}" ${ipfilter_flags}
40	fi
41	if [ -r "${ipv6_ipfilter_rules}" ]; then
42		${ipfilter_program:-/sbin/ipf} -6 \
43		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
44	fi
45}
46
47ipfilter_stop()
48{
49	if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
50		echo "Saving firewall state tables"
51		${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
52		echo "Disabling ipfilter."
53		${ipfilter_program:-/sbin/ipf} -D
54	fi
55}
56
57ipfilter_reload()
58{
59	echo "Reloading ipfilter rules."
60
61	${ipfilter_program:-/sbin/ipf} -I -Fa
62	if [ -r "${ipfilter_rules}" ]; then
63		${ipfilter_program:-/sbin/ipf} -I \
64		    -f "${ipfilter_rules}" ${ipfilter_flags}
65		if [ $? -ne 0 ]; then
66			err 1 'Load of rules into alternate set failed; aborting reload'
67		fi
68	fi
69	if [ -r "${ipv6_ipfilter_rules}" ]; then
70		${ipfilter_program:-/sbin/ipf} -I -6 \
71		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
72		if [ $? -ne 0 ]; then
73			err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
74		fi
75	fi
76	${ipfilter_program:-/sbin/ipf} -s
77
78}
79
80ipfilter_resync()
81{
82	${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
83}
84
85ipfilter_status()
86{
87	${ipfilter_program:-/sbin/ipf} -V
88}
89
90run_rc_command "$1"
91