1#!/bin/sh 2# 3# 4 5# PROVIDE: ipfilter 6# REQUIRE: FILESYSTEMS 7# BEFORE: ipmon ipnat netif netwait securelevel 8# KEYWORD: nojailvnet 9 10. /etc/rc.subr 11 12name="ipfilter" 13desc="IP packet filter" 14rcvar="ipfilter_enable" 15load_rc_config $name 16stop_precmd="test -f ${ipfilter_rules}" 17 18# doesn't make sense to run in a svcj: config setting 19ipfilter_svcj="NO" 20 21start_precmd="$stop_precmd" 22start_cmd="ipfilter_start" 23stop_cmd="ipfilter_stop" 24reload_precmd="$stop_precmd" 25reload_cmd="ipfilter_reload" 26resync_precmd="$stop_precmd" 27resync_cmd="ipfilter_resync" 28status_precmd="$stop_precmd" 29status_cmd="ipfilter_status" 30extra_commands="reload resync" 31required_modules="ipl:ipfilter" 32 33ipfilter_start() 34{ 35 echo "Enabling ipfilter." 36 if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 37 ${ipfilter_program:-/sbin/ipf} -E 38 fi 39 ${ipfilter_program:-/sbin/ipf} -Fa 40 if [ -r "${ipfilter_rules}" ]; then 41 ${ipfilter_program:-/sbin/ipf} \ 42 -f "${ipfilter_rules}" ${ipfilter_flags} 43 fi 44} 45 46ipfilter_stop() 47{ 48 if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 49 echo "Saving firewall state tables" 50 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 51 echo "Disabling ipfilter." 52 ${ipfilter_program:-/sbin/ipf} -D 53 fi 54} 55 56ipfilter_reload() 57{ 58 echo "Reloading ipfilter rules." 59 60 ${ipfilter_program:-/sbin/ipf} -I -Fa 61 if [ -r "${ipfilter_rules}" ]; then 62 ${ipfilter_program:-/sbin/ipf} -I \ 63 -f "${ipfilter_rules}" ${ipfilter_flags} 64 if [ $? -ne 0 ]; then 65 err 1 'Load of rules into alternate set failed; aborting reload' 66 fi 67 fi 68 ${ipfilter_program:-/sbin/ipf} -s 69 70} 71 72ipfilter_resync() 73{ 74 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 75} 76 77ipfilter_status() 78{ 79 ${ipfilter_program:-/sbin/ipf} -V 80} 81 82run_rc_command "$1" 83