ipfilter revision 165683
178344Sobrien#!/bin/sh 278344Sobrien# 398184Sgordon# $NetBSD: ipfilter,v 1.10 2001/02/28 17:03:50 lukem Exp $ 498184Sgordon# $FreeBSD: head/etc/rc.d/ipfilter 165683 2006-12-31 10:37:18Z yar $ 578344Sobrien# 678344Sobrien 778344Sobrien# PROVIDE: ipfilter 8128470Sdarrenr# REQUIRE: root mountcritlocal 9113959Smtm# BEFORE: netif 10136224Smtm# KEYWORD: nojail 1178344Sobrien 1278344Sobrien. /etc/rc.subr 1378344Sobrien 1478344Sobrienname="ipfilter" 1598184Sgordonrcvar=`set_rcvar` 1698184Sgordonload_rc_config $name 17124618Smtmstop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" 1898184Sgordon 19165683Syarstart_precmd="$stop_precmd" 2078344Sobrienstart_cmd="ipfilter_start" 2178344Sobrienstop_cmd="ipfilter_stop" 2278344Sobrienreload_precmd="$stop_precmd" 2378344Sobrienreload_cmd="ipfilter_reload" 2498184Sgordonresync_precmd="$stop_precmd" 2598184Sgordonresync_cmd="ipfilter_resync" 2678344Sobrienstatus_precmd="$stop_precmd" 2778344Sobrienstatus_cmd="ipfilter_status" 2898184Sgordonextra_commands="reload resync status" 29165683Syarrequired_modules="ipl:ipfilter" 3078344Sobrien 3178344Sobrienipfilter_start() 3278344Sobrien{ 3378344Sobrien echo "Enabling ipfilter." 34147808Sjkim if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then 35124618Smtm ${ipfilter_program:-/sbin/ipf} -E 36124618Smtm fi 37124618Smtm ${ipfilter_program:-/sbin/ipf} -Fa 38124618Smtm if [ -r "${ipfilter_rules}" ]; then 39124618Smtm ${ipfilter_program:-/sbin/ipf} \ 40124618Smtm -f "${ipfilter_rules}" ${ipfilter_flags} 41124618Smtm fi 42124618Smtm ${ipfilter_program:-/sbin/ipf} -6 -Fa 43124618Smtm if [ -r "${ipv6_ipfilter_rules}" ]; then 44124618Smtm ${ipfilter_program:-/sbin/ipf} -6 \ 45124618Smtm -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 46124618Smtm fi 4778344Sobrien} 4878344Sobrien 4978344Sobrienipfilter_stop() 5078344Sobrien{ 51120515Smux # XXX - The ipf -D command is not effective for 'lkm's 52120515Smux if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then 53124618Smtm echo "Saving firewall state tables" 54124618Smtm ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 55124618Smtm echo "Disabling ipfilter." 56124618Smtm ${ipfilter_program:-/sbin/ipf} -D 57120515Smux fi 5878344Sobrien} 5978344Sobrien 6078344Sobrienipfilter_reload() 6178344Sobrien{ 6278344Sobrien echo "Reloading ipfilter rules." 6378344Sobrien 64124618Smtm ${ipfilter_program:-/sbin/ipf} -I -Fa 65124618Smtm if [ -r "${ipfilter_rules}" ]; then 66124618Smtm ${ipfilter_program:-/sbin/ipf} -I \ 67124618Smtm -f "${ipfilter_rules}" ${ipfilter_flags} 68164175Sceri if [ $? -ne 0 ]; then 69164175Sceri err 1 'Load of rules into alternate set failed; aborting reload' 70164175Sceri fi 71124618Smtm fi 72124618Smtm ${ipfilter_program:-/sbin/ipf} -I -6 -Fa 73124618Smtm if [ -r "${ipv6_ipfilter_rules}" ]; then 74124618Smtm ${ipfilter_program:-/sbin/ipf} -I -6 \ 75124618Smtm -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 76164175Sceri if [ $? -ne 0 ]; then 77164175Sceri err 1 'Load of IPv6 rules into alternate set failed; aborting reload' 78164175Sceri fi 79124618Smtm fi 80124618Smtm ${ipfilter_program:-/sbin/ipf} -s 8198184Sgordon 8278344Sobrien} 8378344Sobrien 8498184Sgordonipfilter_resync() 8598184Sgordon{ 8698184Sgordon ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 8798184Sgordon} 8898184Sgordon 8978344Sobrienipfilter_status() 9078344Sobrien{ 9198184Sgordon ${ipfilter_program:-/sbin/ipf} -V 9278344Sobrien} 9378344Sobrien 9478344Sobrienrun_rc_command "$1" 95