1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# PROVIDE: ipfilter 7# REQUIRE: FILESYSTEMS 8# KEYWORD: nojail 9 10. /etc/rc.subr 11 12name="ipfilter" 13rcvar="ipfilter_enable" 14load_rc_config $name 15stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" 16 17start_precmd="$stop_precmd" 18start_cmd="ipfilter_start" 19stop_cmd="ipfilter_stop" 20reload_precmd="$stop_precmd" 21reload_cmd="ipfilter_reload" 22resync_precmd="$stop_precmd" 23resync_cmd="ipfilter_resync" 24status_precmd="$stop_precmd" 25status_cmd="ipfilter_status" 26extra_commands="reload resync" 27required_modules="ipl:ipfilter" 28 29ipfilter_start() 30{ 31 echo "Enabling ipfilter." 32 if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 33 ${ipfilter_program:-/sbin/ipf} -E 34 fi 35 ${ipfilter_program:-/sbin/ipf} -Fa 36 if [ -r "${ipfilter_rules}" ]; then 37 ${ipfilter_program:-/sbin/ipf} \ 38 -f "${ipfilter_rules}" ${ipfilter_flags} 39 fi 40 if [ -r "${ipv6_ipfilter_rules}" ]; then 41 ${ipfilter_program:-/sbin/ipf} -6 \ 42 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 43 fi 44} 45 46ipfilter_stop() 47{ 48 if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 49 echo "Saving firewall state tables" 50 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 51 echo "Disabling ipfilter." 52 ${ipfilter_program:-/sbin/ipf} -D 53 fi 54} 55 56ipfilter_reload() 57{ 58 echo "Reloading ipfilter rules." 59 60 ${ipfilter_program:-/sbin/ipf} -I -Fa 61 if [ -r "${ipfilter_rules}" ]; then 62 ${ipfilter_program:-/sbin/ipf} -I \ 63 -f "${ipfilter_rules}" ${ipfilter_flags} 64 if [ $? -ne 0 ]; then 65 err 1 'Load of rules into alternate set failed; aborting reload' 66 fi 67 fi 68 if [ -r "${ipv6_ipfilter_rules}" ]; then 69 ${ipfilter_program:-/sbin/ipf} -I -6 \ 70 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 71 if [ $? -ne 0 ]; then 72 err 1 'Load of IPv6 rules into alternate set failed; aborting reload' 73 fi 74 fi 75 ${ipfilter_program:-/sbin/ipf} -s 76 77} 78 79ipfilter_resync() 80{ 81 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 82} 83 84ipfilter_status() 85{ 86 ${ipfilter_program:-/sbin/ipf} -V 87} 88 89run_rc_command "$1" 90