ipfilter revision 222007 
1#!/bin/sh
2#
3# $FreeBSD: head/etc/rc.d/ipfilter 222007 2011-05-17 07:40:13Z hrs $
4#
5
6# PROVIDE: ipfilter
7# REQUIRE: FILESYSTEMS
8# KEYWORD: nojail
9
10. /etc/rc.subr
11
12name="ipfilter"
13rcvar=`set_rcvar`
14load_rc_config $name
15stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
16
17start_precmd="$stop_precmd"
18start_cmd="ipfilter_start"
19stop_cmd="ipfilter_stop"
20reload_precmd="$stop_precmd"
21reload_cmd="ipfilter_reload"
22resync_precmd="$stop_precmd"
23resync_cmd="ipfilter_resync"
24status_precmd="$stop_precmd"
25status_cmd="ipfilter_status"
26extra_commands="reload resync"
27required_modules="ipl:ipfilter"
28
29ipfilter_start()
30{
31	echo "Enabling ipfilter."
32	if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
33		${ipfilter_program:-/sbin/ipf} -E
34	fi
35	${ipfilter_program:-/sbin/ipf} -Fa
36	if [ -r "${ipfilter_rules}" ]; then
37		${ipfilter_program:-/sbin/ipf} \
38		    -f "${ipfilter_rules}" ${ipfilter_flags}
39	fi
40	${ipfilter_program:-/sbin/ipf} -6 -Fa
41	if [ -r "${ipv6_ipfilter_rules}" ]; then
42		${ipfilter_program:-/sbin/ipf} -6 \
43		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
44	fi
45}
46
47ipfilter_stop()
48{
49	# XXX - The ipf -D command is not effective for 'lkm's
50	if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
51		echo "Saving firewall state tables"
52		${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
53		echo "Disabling ipfilter."
54		${ipfilter_program:-/sbin/ipf} -D
55	fi
56}
57
58ipfilter_reload()
59{
60	echo "Reloading ipfilter rules."
61
62	${ipfilter_program:-/sbin/ipf} -I -Fa
63	if [ -r "${ipfilter_rules}" ]; then
64		${ipfilter_program:-/sbin/ipf} -I \
65		    -f "${ipfilter_rules}" ${ipfilter_flags}
66		if [ $? -ne 0 ]; then
67			err 1 'Load of rules into alternate set failed; aborting reload'
68		fi
69	fi
70	${ipfilter_program:-/sbin/ipf} -I -6 -Fa
71	if [ -r "${ipv6_ipfilter_rules}" ]; then
72		${ipfilter_program:-/sbin/ipf} -I -6 \
73		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
74		if [ $? -ne 0 ]; then
75			err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
76		fi
77	fi
78	${ipfilter_program:-/sbin/ipf} -s
79
80}
81
82ipfilter_resync()
83{
84	${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
85}
86
87ipfilter_status()
88{
89	${ipfilter_program:-/sbin/ipf} -V
90}
91
92run_rc_command "$1"
93