178344Sobrien#!/bin/sh 278344Sobrien# 398184Sgordon# $FreeBSD$ 478344Sobrien# 578344Sobrien 678344Sobrien# PROVIDE: ipfilter 7168531Sdes# REQUIRE: FILESYSTEMS 8136224Smtm# KEYWORD: nojail 978344Sobrien 1078344Sobrien. /etc/rc.subr 1178344Sobrien 1278344Sobrienname="ipfilter" 13230099Sdougbrcvar="ipfilter_enable" 1498184Sgordonload_rc_config $name 15124618Smtmstop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" 1698184Sgordon 17165683Syarstart_precmd="$stop_precmd" 1878344Sobrienstart_cmd="ipfilter_start" 1978344Sobrienstop_cmd="ipfilter_stop" 2078344Sobrienreload_precmd="$stop_precmd" 2178344Sobrienreload_cmd="ipfilter_reload" 2298184Sgordonresync_precmd="$stop_precmd" 2398184Sgordonresync_cmd="ipfilter_resync" 2478344Sobrienstatus_precmd="$stop_precmd" 2578344Sobrienstatus_cmd="ipfilter_status" 26222007Shrsextra_commands="reload resync" 27165683Syarrequired_modules="ipl:ipfilter" 2878344Sobrien 2978344Sobrienipfilter_start() 3078344Sobrien{ 3178344Sobrien echo "Enabling ipfilter." 32255450Scy if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 33124618Smtm ${ipfilter_program:-/sbin/ipf} -E 34124618Smtm fi 35124618Smtm ${ipfilter_program:-/sbin/ipf} -Fa 36124618Smtm if [ -r "${ipfilter_rules}" ]; then 37124618Smtm ${ipfilter_program:-/sbin/ipf} \ 38124618Smtm -f "${ipfilter_rules}" ${ipfilter_flags} 39124618Smtm fi 40124618Smtm if [ -r "${ipv6_ipfilter_rules}" ]; then 41124618Smtm ${ipfilter_program:-/sbin/ipf} -6 \ 42124618Smtm -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 43124618Smtm fi 4478344Sobrien} 4578344Sobrien 4678344Sobrienipfilter_stop() 4778344Sobrien{ 48255450Scy if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 49124618Smtm echo "Saving firewall state tables" 50124618Smtm ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 51124618Smtm echo "Disabling ipfilter." 52124618Smtm ${ipfilter_program:-/sbin/ipf} -D 53120515Smux fi 5478344Sobrien} 5578344Sobrien 5678344Sobrienipfilter_reload() 5778344Sobrien{ 5878344Sobrien echo "Reloading ipfilter rules." 5978344Sobrien 60124618Smtm ${ipfilter_program:-/sbin/ipf} -I -Fa 61124618Smtm if [ -r "${ipfilter_rules}" ]; then 62124618Smtm ${ipfilter_program:-/sbin/ipf} -I \ 63124618Smtm -f "${ipfilter_rules}" ${ipfilter_flags} 64164175Sceri if [ $? -ne 0 ]; then 65164175Sceri err 1 'Load of rules into alternate set failed; aborting reload' 66164175Sceri fi 67124618Smtm fi 68124618Smtm if [ -r "${ipv6_ipfilter_rules}" ]; then 69124618Smtm ${ipfilter_program:-/sbin/ipf} -I -6 \ 70124618Smtm -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 71164175Sceri if [ $? -ne 0 ]; then 72164175Sceri err 1 'Load of IPv6 rules into alternate set failed; aborting reload' 73164175Sceri fi 74124618Smtm fi 75124618Smtm ${ipfilter_program:-/sbin/ipf} -s 7698184Sgordon 7778344Sobrien} 7878344Sobrien 7998184Sgordonipfilter_resync() 8098184Sgordon{ 8198184Sgordon ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 8298184Sgordon} 8398184Sgordon 8478344Sobrienipfilter_status() 8578344Sobrien{ 8698184Sgordon ${ipfilter_program:-/sbin/ipf} -V 8778344Sobrien} 8878344Sobrien 8978344Sobrienrun_rc_command "$1" 90