ipfilter revision 168531
1#!/bin/sh 2# 3# $NetBSD: ipfilter,v 1.10 2001/02/28 17:03:50 lukem Exp $ 4# $FreeBSD: head/etc/rc.d/ipfilter 168531 2007-04-09 08:53:40Z des $ 5# 6 7# PROVIDE: ipfilter 8# REQUIRE: FILESYSTEMS 9# BEFORE: netif 10# KEYWORD: nojail 11 12. /etc/rc.subr 13 14name="ipfilter" 15rcvar=`set_rcvar` 16load_rc_config $name 17stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" 18 19start_precmd="$stop_precmd" 20start_cmd="ipfilter_start" 21stop_cmd="ipfilter_stop" 22reload_precmd="$stop_precmd" 23reload_cmd="ipfilter_reload" 24resync_precmd="$stop_precmd" 25resync_cmd="ipfilter_resync" 26status_precmd="$stop_precmd" 27status_cmd="ipfilter_status" 28extra_commands="reload resync status" 29required_modules="ipl:ipfilter" 30 31ipfilter_start() 32{ 33 echo "Enabling ipfilter." 34 if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then 35 ${ipfilter_program:-/sbin/ipf} -E 36 fi 37 ${ipfilter_program:-/sbin/ipf} -Fa 38 if [ -r "${ipfilter_rules}" ]; then 39 ${ipfilter_program:-/sbin/ipf} \ 40 -f "${ipfilter_rules}" ${ipfilter_flags} 41 fi 42 ${ipfilter_program:-/sbin/ipf} -6 -Fa 43 if [ -r "${ipv6_ipfilter_rules}" ]; then 44 ${ipfilter_program:-/sbin/ipf} -6 \ 45 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 46 fi 47} 48 49ipfilter_stop() 50{ 51 # XXX - The ipf -D command is not effective for 'lkm's 52 if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then 53 echo "Saving firewall state tables" 54 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 55 echo "Disabling ipfilter." 56 ${ipfilter_program:-/sbin/ipf} -D 57 fi 58} 59 60ipfilter_reload() 61{ 62 echo "Reloading ipfilter rules." 63 64 ${ipfilter_program:-/sbin/ipf} -I -Fa 65 if [ -r "${ipfilter_rules}" ]; then 66 ${ipfilter_program:-/sbin/ipf} -I \ 67 -f "${ipfilter_rules}" ${ipfilter_flags} 68 if [ $? -ne 0 ]; then 69 err 1 'Load of rules into alternate set failed; aborting reload' 70 fi 71 fi 72 ${ipfilter_program:-/sbin/ipf} -I -6 -Fa 73 if [ -r "${ipv6_ipfilter_rules}" ]; then 74 ${ipfilter_program:-/sbin/ipf} -I -6 \ 75 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 76 if [ $? -ne 0 ]; then 77 err 1 'Load of IPv6 rules into alternate set failed; aborting reload' 78 fi 79 fi 80 ${ipfilter_program:-/sbin/ipf} -s 81 82} 83 84ipfilter_resync() 85{ 86 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 87} 88 89ipfilter_status() 90{ 91 ${ipfilter_program:-/sbin/ipf} -V 92} 93 94run_rc_command "$1" 95