1130803Smarcel#!/bin/sh
2130803Smarcel#
3130803Smarcel# Copyright (C) 2006 by Darren Reed.
4130803Smarcel#
5130803Smarcel# See the IPFILTER.LICENCE file for details on licencing.
6130803Smarcel#
7130803Smarcelprog=$0
8130803Smarcel
9130803SmarcelRCD=/etc/rc.conf.d
10130803Smarcel
11130803Smarcel# This script is an interface to the following rc.d scripts:
12130803Smarcel# /etc/rc.d/ipfilter
13130803Smarcel# /etc/rc.d/ipfs
14130803Smarcel# /etc/rc.d/ipnat
15130803Smarcel# /etc/rc.d/ipmon
16130803Smarcel
17130803Smarcelrunning=`ipf -V 2>/dev/null|sed -ne 's/Running: \(.*\)/\1/p'`
18130803Smarcel
19130803Smarcelusage() {
20130803Smarcel	echo "$prog status"
21130803Smarcel	echo "$prog ipfilter <enable|disable|reload|resync|start|status|stop>"
22130803Smarcel	echo "$prog ipfs <enable|disable|status|start|stop>"
23130803Smarcel	echo "$prog ipmon <enable|disable|restart|start|status|stop>"
24130803Smarcel	echo "$prog ipnat <enable|disable|reload|start|status|stop>"
25130803Smarcel	exit 1
26130803Smarcel}
27130803Smarcel
28130803Smarcelenable() {
29130803Smarcel	old=${RCD}/$1.old
30130803Smarcel	new=${RCD}/$1
31130803Smarcel	mkdir ${RCD}/$1.d
32130803Smarcel	if [ $? -eq 0 ] ; then
33130803Smarcel		if [ -f ${RCD}/$1 ] ; then
34130803Smarcel			cp ${RCD}/$1 ${RCD}/$1.old
35130803Smarcel			sed -e "s/^${1} *\=.*/${1}\=YES/" ${old} > ${new}
36130803Smarcel			/bin/rm ${old}
37130803Smarcel		else
38130803Smarcel			echo "$1=YES" > ${RCD}/$1
39130803Smarcel			chmod go-wx ${RCD}/$1
40130803Smarcel		fi
41130803Smarcel		rmdir ${RCD}/$1.d
42130803Smarcel	fi
43130803Smarcel}
44130803Smarcel
45130803Smarceldisable() {
46130803Smarcel	old=${RCD}/$1.old
47130803Smarcel	new=${RCD}/$1
48130803Smarcel	mkdir ${RCD}/$1.d
49130803Smarcel	if [ $? -eq 0 ] ; then
50130803Smarcel		if [ -f ${RCD}/$1 ] ; then
51130803Smarcel			cp ${RCD}/$1 ${RCD}/$1.old
52130803Smarcel			sed -e "s/^${1} *\=.*/${1}\=NO/" ${old} > ${new}
53130803Smarcel			/bin/rm ${old}
54130803Smarcel		else
55130803Smarcel			echo "$1=NO" > ${RCD}/$1
56130803Smarcel			chmod go-wx ${RCD}/$1
57130803Smarcel		fi
58130803Smarcel		rmdir ${RCD}/$1.d
59130803Smarcel	fi
60130803Smarcel}
61130803Smarcel
62130803Smarcelstatus() {
63130803Smarcel	active=`/etc/rc.d/$1 rcvar|sed -ne "s/^$""${1}\=\(.*\)$/\1/p"`
64130803Smarcel	case $active in
65130803Smarcel	NO)
66130803Smarcel		return 0
67130803Smarcel		;;
68130803Smarcel	YES)
69130803Smarcel		return 1
70130803Smarcel		;;
71130803Smarcel	esac
72130803Smarcel	return 2
73130803Smarcel}
74130803Smarcel
75130803Smarcelstatus_ipmon() {
76130803Smarcel	echo -n "ipmon "
77130803Smarcel	pid=`pgrep ipmon`
78130803Smarcel	status ipmon
79130803Smarcel	case $? in
80130803Smarcel	0)
81130803Smarcel		if [ -n "$pid" ] ; then
82130803Smarcel			echo "disabled-but-running"
83130803Smarcel		else
84130803Smarcel			echo "disabled"
85130803Smarcel		fi
86130803Smarcel		;;
87130803Smarcel	1)
88130803Smarcel		if [ -n "$pid" ] ; then
89130803Smarcel			echo "enabled"
90130803Smarcel		else
91130803Smarcel			echo "enabled-not-running"
92130803Smarcel		fi
93130803Smarcel		;;
94130803Smarcel	2)
95130803Smarcel		if [ -n "$pid" ] ; then
96130803Smarcel			echo "unknown-state-running"
97130803Smarcel		else
98130803Smarcel			echo "unknown-state"
99130803Smarcel		fi
100130803Smarcel		;;
101130803Smarcel	esac
102130803Smarcel}
103130803Smarcel
104130803Smarcelstatus_ipfilter() {
105130803Smarcel	if [ -z "$running" ] ; then
106130803Smarcel		rules=
107130803Smarcel		emsg="-not-in-kernel"
108130803Smarcel		dmsg=
109130803Smarcel	else
110130803Smarcel		case $running in
111130803Smarcel		yes)
112130803Smarcel			emsg=
113130803Smarcel			dmsg="-rules-loaded"
114130803Smarcel			rules=`ipfstat -io 2>/dev/null`
115130803Smarcel			if [ -z "$rules" ] ; then
116130803Smarcel				rules=`ipfstat -aio 2>/dev/null`
117130803Smarcel				if [ -z "$rules" ] ; then
118130803Smarcel					emsg="-no-rules"
119130803Smarcel					dmsg=
120130803Smarcel				fi
121130803Smarcel			fi
122130803Smarcel			;;
123130803Smarcel		no)
124130803Smarcel			rules=
125130803Smarcel			emsg="-not-running"
126130803Smarcel			dmsg=
127130803Smarcel			;;
128130803Smarcel		esac
129130803Smarcel	fi
130130803Smarcel
131130803Smarcel	echo -n "ipfilter "
132130803Smarcel	status ipfilter
133130803Smarcel	case $? in
134130803Smarcel	0)
135130803Smarcel		echo "disabled${dmsg}"
136130803Smarcel		;;
137130803Smarcel	1)
138130803Smarcel		echo "enabled${emsg}"
139130803Smarcel		;;
140130803Smarcel	2)
141130803Smarcel		if [ -n "$rules" ] ; then
142130803Smarcel			echo "unknown${dmsg}"
143130803Smarcel		else
144130803Smarcel			echo "unknown-state"
145130803Smarcel		fi
146130803Smarcel		;;
147130803Smarcel	esac
148130803Smarcel}
149130803Smarcel
150130803Smarcelstatus_ipnat() {
151130803Smarcel	if [ -z "$running" ] ; then
152130803Smarcel		rules=
153130803Smarcel		emsg="-not-in-kernel"
154130803Smarcel		dmsg=
155130803Smarcel	else
156130803Smarcel		case $running in
157130803Smarcel		yes)
158130803Smarcel			emsg=
159130803Smarcel			dmsg="-rules-loaded"
160130803Smarcel			rules=`ipnat -l 2>/dev/null | egrep '^map|rdr' 2>/dev/null`
161130803Smarcel			if [ -z "$rules" ] ; then
162130803Smarcel				emsg="-no-rules"
163130803Smarcel				dmsg=
164130803Smarcel			fi
165130803Smarcel			;;
166130803Smarcel		no)
167130803Smarcel			rules=
168130803Smarcel			emsg="-not-running"
169130803Smarcel			dmsg=
170130803Smarcel			;;
171130803Smarcel		esac
172130803Smarcel	fi
173130803Smarcel
174130803Smarcel	echo -n "ipnat "
175130803Smarcel	status ipnat
176130803Smarcel	case $? in
177130803Smarcel	0)
178130803Smarcel		echo "disabled${dmsg}"
179130803Smarcel		;;
180130803Smarcel	1)
181130803Smarcel		echo "enabled${dmsg}"
182130803Smarcel		;;
183130803Smarcel	2)
184130803Smarcel		if [ -n "$rules" ] ; then
185130803Smarcel			echo "unknown${dmsg}"
186130803Smarcel		else
187130803Smarcel			echo "unknown-state"
188130803Smarcel		fi
189130803Smarcel		;;
190130803Smarcel	esac
191130803Smarcel}
192130803Smarcel
193130803Smarcelstatus_ipfs() {
194130803Smarcel	status ipfs
195130803Smarcel	report ipfs $?
196130803Smarcel}
197130803Smarcel
198130803Smarcelreport() {
199130803Smarcel	echo -n "$1 "
200130803Smarcel	case $2 in
201130803Smarcel	0)
202130803Smarcel		echo "disabled"
203130803Smarcel		;;
204130803Smarcel	1)
205130803Smarcel		echo "enabled"
206130803Smarcel		;;
207130803Smarcel	2)
208130803Smarcel		echo "unknown-status"
209130803Smarcel		;;
210130803Smarcel	*)
211130803Smarcel		echo "$2"
212130803Smarcel		;;
213130803Smarcel	esac
214130803Smarcel}
215130803Smarcel
216130803Smarceldo_ipfilter() {
217130803Smarcel	case $1 in
218130803Smarcel	enable)
219130803Smarcel		enable ipfilter
220130803Smarcel		;;
221130803Smarcel	disable)
222130803Smarcel		disable ipfilter
223130803Smarcel		;;
224130803Smarcel	reload)
225130803Smarcel		/etc/rc.d/ipfilter reload
226130803Smarcel		;;
227130803Smarcel	resync)
228130803Smarcel		/etc/rc.d/ipfilter resync
229130803Smarcel		;;
230130803Smarcel	start)
231130803Smarcel		/etc/rc.d/ipfilter start
232130803Smarcel		;;
233130803Smarcel	status)
234130803Smarcel		status_ipfilter
235130803Smarcel		;;
236130803Smarcel	stop)
237130803Smarcel		/etc/rc.d/ipfilter stop
238130803Smarcel		;;
239130803Smarcel	*)
240130803Smarcel		usage
241130803Smarcel		;;
242130803Smarcel	esac
243130803Smarcel}
244130803Smarcel
245130803Smarceldo_ipfs() {
246130803Smarcel	case $1 in
247130803Smarcel	enable)
248130803Smarcel		enable ipfs
249130803Smarcel		;;
250130803Smarcel	disable)
251130803Smarcel		disble ipfs
252130803Smarcel		;;
253130803Smarcel	start)
254130803Smarcel		/etc/rc.d/ipfs start
255130803Smarcel		;;
256130803Smarcel	status)
257130803Smarcel		status_ipfs
258130803Smarcel		;;
259130803Smarcel	stop)
260130803Smarcel		/etc/rc.d/ipfs stop
261130803Smarcel		;;
262130803Smarcel	*)
263130803Smarcel		usage
264130803Smarcel		;;
265130803Smarcel	esac
266130803Smarcel}
267130803Smarcel
268130803Smarceldo_ipmon() {
269130803Smarcel	case $1 in
270130803Smarcel	enable)
271130803Smarcel		enable ipmon
272130803Smarcel		;;
273130803Smarcel	disable)
274130803Smarcel		disble ipmon
275130803Smarcel		;;
276130803Smarcel	restart)
277130803Smarcel		/etc/rc.d/ipmon restart
278130803Smarcel		;;
279130803Smarcel	start)
280130803Smarcel		/etc/rc.d/ipmon start
281130803Smarcel		;;
282130803Smarcel	status)
283130803Smarcel		status_ipmon
284130803Smarcel		;;
285130803Smarcel	stop)
286130803Smarcel		/etc/rc.d/ipmon stop
287130803Smarcel		;;
288130803Smarcel	*)
289130803Smarcel		usage
290130803Smarcel		;;
291130803Smarcel	esac
292130803Smarcel}
293130803Smarcel
294130803Smarceldo_ipnat() {
295130803Smarcel	case $1 in
296130803Smarcel	enable)
297130803Smarcel		enable ipnat
298130803Smarcel		;;
299130803Smarcel	disable)
300130803Smarcel		disable ipnat
301130803Smarcel		;;
302130803Smarcel	reload)
303130803Smarcel		/etc/rc.d/ipnat reload
304130803Smarcel		;;
305130803Smarcel	restart)
306130803Smarcel		/etc/rc.d/ipnat restart
307130803Smarcel		;;
308130803Smarcel	start)
309130803Smarcel		/etc/rc.d/ipnat start
310130803Smarcel		;;
311130803Smarcel	status)
312130803Smarcel		status_ipnat
313130803Smarcel		;;
314130803Smarcel	stop)
315130803Smarcel		/etc/rc.d/ipnat stop
316130803Smarcel		;;
317130803Smarcel	*)
318130803Smarcel		usage
319130803Smarcel		;;
320130803Smarcel	esac
321130803Smarcel}
322130803Smarcel
323130803Smarceldo_status_all() {
324130803Smarcel	status_ipfilter
325130803Smarcel	status_ipfs
326130803Smarcel	status_ipmon
327130803Smarcel	status_ipnat
328130803Smarcel}
329130803Smarcel
330130803Smarcelcase $1 in
331130803Smarcelstatus)
332130803Smarcel	do_status_all
333130803Smarcel	;;
334130803Smarcelipfilter)
335130803Smarcel	do_ipfilter $2
336130803Smarcel	;;
337130803Smarcelipfs)
338130803Smarcel	do_ipfs $2
339130803Smarcel	;;
340130803Smarcelipmon)
341130803Smarcel	do_ipmon $2
342130803Smarcel	;;
343130803Smarcelipnat)
344130803Smarcel	do_ipnat $2
345130803Smarcel	;;
346130803Smarcel*)
347130803Smarcel	usage
348130803Smarcel	;;
349130803Smarcelesac
350130803Smarcelexit 0
351130803Smarcel