1#!/bin/sh 2# 3# Copyright (C) 2006 by Darren Reed. 4# 5# See the IPFILTER.LICENCE file for details on licencing. 6# 7prog=$0 8 9RCD=/etc/rc.conf.d 10 11# This script is an interface to the following rc.d scripts: 12# /etc/rc.d/ipfilter 13# /etc/rc.d/ipfs 14# /etc/rc.d/ipnat 15# /etc/rc.d/ipmon 16 17running=`ipf -V 2>/dev/null|sed -ne 's/Running: \(.*\)/\1/p'` 18 19usage() { 20 echo "$prog status" 21 echo "$prog ipfilter <enable|disable|reload|resync|start|status|stop>" 22 echo "$prog ipfs <enable|disable|status|start|stop>" 23 echo "$prog ipmon <enable|disable|restart|start|status|stop>" 24 echo "$prog ipnat <enable|disable|reload|start|status|stop>" 25 exit 1 26} 27 28enable() { 29 old=${RCD}/$1.old 30 new=${RCD}/$1 31 mkdir ${RCD}/$1.d 32 if [ $? -eq 0 ] ; then 33 if [ -f ${RCD}/$1 ] ; then 34 cp ${RCD}/$1 ${RCD}/$1.old 35 sed -e "s/^${1} *\=.*/${1}\=YES/" ${old} > ${new} 36 /bin/rm ${old} 37 else 38 echo "$1=YES" > ${RCD}/$1 39 chmod go-wx ${RCD}/$1 40 fi 41 rmdir ${RCD}/$1.d 42 fi 43} 44 45disable() { 46 old=${RCD}/$1.old 47 new=${RCD}/$1 48 mkdir ${RCD}/$1.d 49 if [ $? -eq 0 ] ; then 50 if [ -f ${RCD}/$1 ] ; then 51 cp ${RCD}/$1 ${RCD}/$1.old 52 sed -e "s/^${1} *\=.*/${1}\=NO/" ${old} > ${new} 53 /bin/rm ${old} 54 else 55 echo "$1=NO" > ${RCD}/$1 56 chmod go-wx ${RCD}/$1 57 fi 58 rmdir ${RCD}/$1.d 59 fi 60} 61 62status() { 63 active=`/etc/rc.d/$1 rcvar|sed -ne "s/^$""${1}\=\(.*\)$/\1/p"` 64 case $active in 65 NO) 66 return 0 67 ;; 68 YES) 69 return 1 70 ;; 71 esac 72 return 2 73} 74 75status_ipmon() { 76 echo -n "ipmon " 77 pid=`pgrep ipmon` 78 status ipmon 79 case $? in 80 0) 81 if [ -n "$pid" ] ; then 82 echo "disabled-but-running" 83 else 84 echo "disabled" 85 fi 86 ;; 87 1) 88 if [ -n "$pid" ] ; then 89 echo "enabled" 90 else 91 echo "enabled-not-running" 92 fi 93 ;; 94 2) 95 if [ -n "$pid" ] ; then 96 echo "unknown-state-running" 97 else 98 echo "unknown-state" 99 fi 100 ;; 101 esac 102} 103 104status_ipfilter() { 105 if [ -z "$running" ] ; then 106 rules= 107 emsg="-not-in-kernel" 108 dmsg= 109 else 110 case $running in 111 yes) 112 emsg= 113 dmsg="-rules-loaded" 114 rules=`ipfstat -io 2>/dev/null` 115 if [ -z "$rules" ] ; then 116 rules=`ipfstat -aio 2>/dev/null` 117 if [ -z "$rules" ] ; then 118 emsg="-no-rules" 119 dmsg= 120 fi 121 fi 122 ;; 123 no) 124 rules= 125 emsg="-not-running" 126 dmsg= 127 ;; 128 esac 129 fi 130 131 echo -n "ipfilter " 132 status ipfilter 133 case $? in 134 0) 135 echo "disabled${dmsg}" 136 ;; 137 1) 138 echo "enabled${emsg}" 139 ;; 140 2) 141 if [ -n "$rules" ] ; then 142 echo "unknown${dmsg}" 143 else 144 echo "unknown-state" 145 fi 146 ;; 147 esac 148} 149 150status_ipnat() { 151 if [ -z "$running" ] ; then 152 rules= 153 emsg="-not-in-kernel" 154 dmsg= 155 else 156 case $running in 157 yes) 158 emsg= 159 dmsg="-rules-loaded" 160 rules=`ipnat -l 2>/dev/null | egrep '^map|rdr' 2>/dev/null` 161 if [ -z "$rules" ] ; then 162 emsg="-no-rules" 163 dmsg= 164 fi 165 ;; 166 no) 167 rules= 168 emsg="-not-running" 169 dmsg= 170 ;; 171 esac 172 fi 173 174 echo -n "ipnat " 175 status ipnat 176 case $? in 177 0) 178 echo "disabled${dmsg}" 179 ;; 180 1) 181 echo "enabled${dmsg}" 182 ;; 183 2) 184 if [ -n "$rules" ] ; then 185 echo "unknown${dmsg}" 186 else 187 echo "unknown-state" 188 fi 189 ;; 190 esac 191} 192 193status_ipfs() { 194 status ipfs 195 report ipfs $? 196} 197 198report() { 199 echo -n "$1 " 200 case $2 in 201 0) 202 echo "disabled" 203 ;; 204 1) 205 echo "enabled" 206 ;; 207 2) 208 echo "unknown-status" 209 ;; 210 *) 211 echo "$2" 212 ;; 213 esac 214} 215 216do_ipfilter() { 217 case $1 in 218 enable) 219 enable ipfilter 220 ;; 221 disable) 222 disable ipfilter 223 ;; 224 reload) 225 /etc/rc.d/ipfilter reload 226 ;; 227 resync) 228 /etc/rc.d/ipfilter resync 229 ;; 230 start) 231 /etc/rc.d/ipfilter start 232 ;; 233 status) 234 status_ipfilter 235 ;; 236 stop) 237 /etc/rc.d/ipfilter stop 238 ;; 239 *) 240 usage 241 ;; 242 esac 243} 244 245do_ipfs() { 246 case $1 in 247 enable) 248 enable ipfs 249 ;; 250 disable) 251 disble ipfs 252 ;; 253 start) 254 /etc/rc.d/ipfs start 255 ;; 256 status) 257 status_ipfs 258 ;; 259 stop) 260 /etc/rc.d/ipfs stop 261 ;; 262 *) 263 usage 264 ;; 265 esac 266} 267 268do_ipmon() { 269 case $1 in 270 enable) 271 enable ipmon 272 ;; 273 disable) 274 disble ipmon 275 ;; 276 restart) 277 /etc/rc.d/ipmon restart 278 ;; 279 start) 280 /etc/rc.d/ipmon start 281 ;; 282 status) 283 status_ipmon 284 ;; 285 stop) 286 /etc/rc.d/ipmon stop 287 ;; 288 *) 289 usage 290 ;; 291 esac 292} 293 294do_ipnat() { 295 case $1 in 296 enable) 297 enable ipnat 298 ;; 299 disable) 300 disable ipnat 301 ;; 302 reload) 303 /etc/rc.d/ipnat reload 304 ;; 305 restart) 306 /etc/rc.d/ipnat restart 307 ;; 308 start) 309 /etc/rc.d/ipnat start 310 ;; 311 status) 312 status_ipnat 313 ;; 314 stop) 315 /etc/rc.d/ipnat stop 316 ;; 317 *) 318 usage 319 ;; 320 esac 321} 322 323do_status_all() { 324 status_ipfilter 325 status_ipfs 326 status_ipmon 327 status_ipnat 328} 329 330case $1 in 331status) 332 do_status_all 333 ;; 334ipfilter) 335 do_ipfilter $2 336 ;; 337ipfs) 338 do_ipfs $2 339 ;; 340ipmon) 341 do_ipmon $2 342 ;; 343ipnat) 344 do_ipnat $2 345 ;; 346*) 347 usage 348 ;; 349esac 350exit 0 351