Differential D28615 Diff 84493 libexec/rc/rc.d/ipfilter

Changeset View

Standalone View

libexec/rc/rc.d/ipfilter

	#!/bin/sh			#!/bin/sh
	#			#
	# $FreeBSD$			# $FreeBSD$
	#			#

	# PROVIDE: ipfilter			# PROVIDE: ipfilter
	# REQUIRE: FILESYSTEMS			# REQUIRE: FILESYSTEMS
	# BEFORE: ipmon ipnat netif netwait securelevel			# BEFORE: ipmon ipnat netif netwait securelevel
	# KEYWORD: nojailvnet			# KEYWORD: nojailvnet

	. /etc/rc.subr			. /etc/rc.subr

	name="ipfilter"			name="ipfilter"
	desc="IP packet filter"			desc="IP packet filter"
	rcvar="ipfilter_enable"			rcvar="ipfilter_enable"
	load_rc_config $name			load_rc_config $name
	stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"			stop_precmd="test -f ${ipfilter_rules}"

	start_precmd="$stop_precmd"			start_precmd="$stop_precmd"
	start_cmd="ipfilter_start"			start_cmd="ipfilter_start"
	stop_cmd="ipfilter_stop"			stop_cmd="ipfilter_stop"
	reload_precmd="$stop_precmd"			reload_precmd="$stop_precmd"
	reload_cmd="ipfilter_reload"			reload_cmd="ipfilter_reload"
	resync_precmd="$stop_precmd"			resync_precmd="$stop_precmd"
	resync_cmd="ipfilter_resync"			resync_cmd="ipfilter_resync"
	status_precmd="$stop_precmd"			status_precmd="$stop_precmd"
	status_cmd="ipfilter_status"			status_cmd="ipfilter_status"
	extra_commands="reload resync"			extra_commands="reload resync"
	required_modules="ipl:ipfilter"			required_modules="ipl:ipfilter"

	ipfilter_start()			ipfilter_start()
	{			{
	echo "Enabling ipfilter."			echo "Enabling ipfilter."
	if ! ${ipfilter_program:-/sbin/ipf} -V \| grep -q 'Running: yes'; then			if ! ${ipfilter_program:-/sbin/ipf} -V \| grep -q 'Running: yes'; then
	${ipfilter_program:-/sbin/ipf} -E			${ipfilter_program:-/sbin/ipf} -E
	fi			fi
	${ipfilter_program:-/sbin/ipf} -Fa			${ipfilter_program:-/sbin/ipf} -Fa
	if [ -r "${ipfilter_rules}" ]; then			if [ -r "${ipfilter_rules}" ]; then
	${ipfilter_program:-/sbin/ipf} \			${ipfilter_program:-/sbin/ipf} \
	-f "${ipfilter_rules}" ${ipfilter_flags}			-f "${ipfilter_rules}" ${ipfilter_flags}
	fi			fi
	if [ -r "${ipv6_ipfilter_rules}" ]; then
	${ipfilter_program:-/sbin/ipf} -6 \
	-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
	fi
	}			}

	ipfilter_stop()			ipfilter_stop()
	{			{
	if ${ipfilter_program:-/sbin/ipf} -V \| grep -q 'Running: yes'; then			if ${ipfilter_program:-/sbin/ipf} -V \| grep -q 'Running: yes'; then
	echo "Saving firewall state tables"			echo "Saving firewall state tables"
	${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}			${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
	echo "Disabling ipfilter."			echo "Disabling ipfilter."
	${ipfilter_program:-/sbin/ipf} -D			${ipfilter_program:-/sbin/ipf} -D
	fi			fi
	}			}

	ipfilter_reload()			ipfilter_reload()
	{			{
	echo "Reloading ipfilter rules."			echo "Reloading ipfilter rules."

	${ipfilter_program:-/sbin/ipf} -I -Fa			${ipfilter_program:-/sbin/ipf} -I -Fa
	if [ -r "${ipfilter_rules}" ]; then			if [ -r "${ipfilter_rules}" ]; then
	${ipfilter_program:-/sbin/ipf} -I \			${ipfilter_program:-/sbin/ipf} -I \
	-f "${ipfilter_rules}" ${ipfilter_flags}			-f "${ipfilter_rules}" ${ipfilter_flags}
	if [ $? -ne 0 ]; then			if [ $? -ne 0 ]; then
	err 1 'Load of rules into alternate set failed; aborting reload'			err 1 'Load of rules into alternate set failed; aborting reload'
	fi
	fi
	if [ -r "${ipv6_ipfilter_rules}" ]; then
	${ipfilter_program:-/sbin/ipf} -I -6 \
	-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
	if [ $? -ne 0 ]; then
	err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
	fi			fi
	fi			fi
	${ipfilter_program:-/sbin/ipf} -s			${ipfilter_program:-/sbin/ipf} -s

	}			}

	ipfilter_resync()			ipfilter_resync()
	{			{
	Show All 9 Lines