Index: head/libexec/rc/rc.d/ipfilter =================================================================== --- head/libexec/rc/rc.d/ipfilter (revision 363451) +++ head/libexec/rc/rc.d/ipfilter (revision 363452) @@ -1,90 +1,90 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: ipfilter # REQUIRE: FILESYSTEMS -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr name="ipfilter" desc="IP packet filter" rcvar="ipfilter_enable" load_rc_config $name stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" start_precmd="$stop_precmd" start_cmd="ipfilter_start" stop_cmd="ipfilter_stop" reload_precmd="$stop_precmd" reload_cmd="ipfilter_reload" resync_precmd="$stop_precmd" resync_cmd="ipfilter_resync" status_precmd="$stop_precmd" status_cmd="ipfilter_status" extra_commands="reload resync" required_modules="ipl:ipfilter" ipfilter_start() { echo "Enabling ipfilter." if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then ${ipfilter_program:-/sbin/ipf} -E fi ${ipfilter_program:-/sbin/ipf} -Fa if [ -r "${ipfilter_rules}" ]; then ${ipfilter_program:-/sbin/ipf} \ -f "${ipfilter_rules}" ${ipfilter_flags} fi if [ -r "${ipv6_ipfilter_rules}" ]; then ${ipfilter_program:-/sbin/ipf} -6 \ -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} fi } ipfilter_stop() { if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then echo "Saving firewall state tables" ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} echo "Disabling ipfilter." ${ipfilter_program:-/sbin/ipf} -D fi } ipfilter_reload() { echo "Reloading ipfilter rules." ${ipfilter_program:-/sbin/ipf} -I -Fa if [ -r "${ipfilter_rules}" ]; then ${ipfilter_program:-/sbin/ipf} -I \ -f "${ipfilter_rules}" ${ipfilter_flags} if [ $? -ne 0 ]; then err 1 'Load of rules into alternate set failed; aborting reload' fi fi if [ -r "${ipv6_ipfilter_rules}" ]; then ${ipfilter_program:-/sbin/ipf} -I -6 \ -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} if [ $? -ne 0 ]; then err 1 'Load of IPv6 rules into alternate set failed; aborting reload' fi fi ${ipfilter_program:-/sbin/ipf} -s } ipfilter_resync() { ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} } ipfilter_status() { ${ipfilter_program:-/sbin/ipf} -V } run_rc_command "$1" Index: head/libexec/rc/rc.d/ipmon =================================================================== --- head/libexec/rc/rc.d/ipmon (revision 363451) +++ head/libexec/rc/rc.d/ipmon (revision 363452) @@ -1,34 +1,34 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: ipmon # REQUIRE: FILESYSTEMS hostname sysctl ipfilter # BEFORE: SERVERS -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr name="ipmon" desc="Monitors /dev/ipl for logged packets" rcvar="ipmon_enable" command="/sbin/${name}" start_precmd="ipmon_precmd" ipmon_precmd() { # Continue only if ipfilter or ipnat is enabled and the # ipfilter module is loaded. # if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable && ! checkyesno rc_force ; then err 1 "${name} requires either ipfilter or ipnat enabled" fi if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then err 1 "ipfilter module is not loaded" fi return 0 } load_rc_config $name run_rc_command "$1" Index: head/libexec/rc/rc.d/ipnat =================================================================== --- head/libexec/rc/rc.d/ipnat (revision 363451) +++ head/libexec/rc/rc.d/ipnat (revision 363452) @@ -1,29 +1,29 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: ipnat # REQUIRE: ipfilter -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr name="ipnat" desc="user interface to the NAT subsystem" rcvar="ipnat_enable" load_rc_config $name start_cmd="ipnat_start" stop_cmd="${ipnat_program} -F -C" reload_cmd="${ipnat_program} -F -C -f ${ipnat_rules}" extra_commands="reload" required_files="${ipnat_rules}" required_modules="ipl:ipfilter" ipnat_start() { echo "Installing NAT rules." ${ipnat_program} -CF -f ${ipnat_rules} ${ipnat_flags} } run_rc_command "$1" Index: head/libexec/rc/rc.d/ippool =================================================================== --- head/libexec/rc/rc.d/ippool (revision 363451) +++ head/libexec/rc/rc.d/ippool (revision 363452) @@ -1,37 +1,37 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: ippool # REQUIRE: FILESYSTEMS # BEFORE: ipfilter -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr name="ippool" desc="user interface to the IPFilter pools" rcvar="ippool_enable" load_rc_config $name start_precmd="ippool_start_precmd" stop_cmd="${ippool_program} -F" reload_cmd="ippool_reload" extra_commands="reload" required_files="${ippool_rules}" required_modules="ipl:ipfilter" ippool_start_precmd() { rc_flags="-f ${ippool_rules} ${rc_flags}" } ippool_reload() { echo "Reloading IP Pools." ${stop_cmd} ${start_cmd} } run_rc_command "$1"