ipfilter revision 98184
1#!/bin/sh 2# 3# $NetBSD: ipfilter,v 1.10 2001/02/28 17:03:50 lukem Exp $ 4# $FreeBSD: head/etc/rc.d/ipfilter 98184 2002-06-13 22:14:37Z gordon $ 5# 6 7# PROVIDE: ipfilter 8# REQUIRE: root beforenetlkm mountcritlocal tty 9# KEYWORD: FreeBSD NetBSD 10 11. /etc/rc.subr 12 13name="ipfilter" 14rcvar=`set_rcvar` 15load_rc_config $name 16 17case `${CMD_OSTYPE}` in 18FreeBSD) 19 stop_precmd="test -f ${ipfilter_rules}" 20 ;; 21NetBSD) 22 stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf" 23 ;; 24esac 25 26start_precmd="ipfilter_prestart" 27start_cmd="ipfilter_start" 28stop_cmd="ipfilter_stop" 29reload_precmd="$stop_precmd" 30reload_cmd="ipfilter_reload" 31resync_precmd="$stop_precmd" 32resync_cmd="ipfilter_resync" 33status_precmd="$stop_precmd" 34status_cmd="ipfilter_status" 35extra_commands="reload resync status" 36 37ipfilter_prestart() 38{ 39case `${CMD_OSTYPE}` in 40FreeBSD) 41 # load ipfilter kernel module if needed 42 if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then 43 if kldload ipl ; then 44 echo 'IP-filter module loaded.' 45 else 46 warn 'IP-filter module failed to load.' 47 return 1 48 fi 49 fi 50 51 # check for ipfilter rules 52 if [ ! -r "${ipfilter_rules}" ]; then 53 warn 'IP-filter: NO IPF RULES' 54 return 1 55 fi 56 ;; 57NetBSD) 58 if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then 59 warn "/etc/ipf*.conf not readable; ipfilter start aborted." 60 # 61 # If booting directly to multiuser, send SIGTERM to 62 # the parent (/etc/rc) to abort the boot 63 # 64 if [ "$autoboot" = yes ]; then 65 echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" 66 kill -TERM $$ 67 exit 1 68 fi 69 return 1 70 fi 71 ;; 72esac 73 return 0 74} 75 76ipfilter_start() 77{ 78 echo "Enabling ipfilter." 79 case `${CMD_OSTYPE}` in 80 FreeBSD) 81 ${ipfilter_program:-/sbin/ipf} -Fa -f \ 82 "${ipfilter_rules}" ${ipfilter_flags} 83 ;; 84 NetBSD) 85 /sbin/ipf -E -Fa 86 if [ -f /etc/ipf.conf ]; then 87 /sbin/ipf -f /etc/ipf.conf 88 fi 89 if [ -f /etc/ipf6.conf ]; then 90 /sbin/ipf -6 -f /etc/ipf6.conf 91 fi 92 ;; 93 esac 94} 95 96ipfilter_stop() 97{ 98 case `${CMD_OSTYPE}` in 99 FreeBSD) 100 echo "Saving firewall state tables" 101 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 102 ;; 103 NetBSD) 104 ;; 105 esac 106 # XXX - The following command is not effective for 'lkm's 107 echo "Disabling ipfilter." 108 /sbin/ipf -D 109} 110 111ipfilter_reload() 112{ 113 echo "Reloading ipfilter rules." 114 115 case `${CMD_OSTYPE}` in 116 FreeBSD) 117 ${ipfilter_program:-/sbin/ipf} -I -Fa -f \ 118 "${ipfilter_rules}" ${ipfilter_flags} 119 ;; 120 NetBSD) 121 /sbin/ipf -I -Fa 122 if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then 123 err 1 "reload of ipf.conf failed; not swapping to" \ 124 " new ruleset." 125 fi 126 if [ -f /etc/ipf6.conf ] && \ 127 ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then 128 err 1 "reload of ipf6.conf failed; not swapping to" \ 129 " new ruleset." 130 fi 131 /sbin/ipf -s 132 ;; 133 esac 134 135} 136 137ipfilter_resync() 138{ 139 case `${CMD_OSTYPE}` in 140 FreeBSD) 141 # Don't resync if ipfilter is not loaded 142 [ sysctl net.inet.ipf.fr_pass > /dev/null 2>&1 ] && return 143 ;; 144 esac 145 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 146} 147 148ipfilter_status() 149{ 150 ${ipfilter_program:-/sbin/ipf} -V 151} 152 153run_rc_command "$1" 154