1135912Strhodes#!/bin/sh 2135912Strhodes# 3135912Strhodes# $FreeBSD$ 4135912Strhodes 5135912Strhodes# PROVIDE: ugidfw 6289249Sbdrewery# REQUIRE: FILESYSTEMS 7135912Strhodes# BEFORE: LOGIN 8180564Sdougb# KEYWORD: nojail shutdown 9135912Strhodes 10135912Strhodes. /etc/rc.subr 11135912Strhodes 12135912Strhodesname="ugidfw" 13135912Strhodesrcvar="ugidfw_enable" 14135912Strhodesstart_cmd="ugidfw_start" 15135912Strhodesstop_cmd="ugidfw_stop" 16165683Syarrequired_modules="mac_bsdextended" 17135912Strhodes 18144515Strhodesugidfw_load() 19144515Strhodes{ 20144515Strhodes if [ -r "${bsdextended_script}" ]; then 21144515Strhodes . "${bsdextended_script}" 22144515Strhodes fi 23144515Strhodes} 24144515Strhodes 25135912Strhodesugidfw_start() 26135912Strhodes{ 27150800Smaxim [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended 28135912Strhodes 29150800Smaxim if [ -r "${bsdextended_script}" ]; then 30150800Smaxim ugidfw_load 31150800Smaxim echo "MAC bsdextended rules loaded." 32150800Smaxim fi 33135912Strhodes} 34135912Strhodes 35135912Strhodesugidfw_stop() 36135912Strhodes{ 37289249Sbdrewery local rulecount 38289249Sbdrewery 39135912Strhodes # Disable the policy 40135912Strhodes # 41289249Sbdrewery # Check for the existence of rules and flush them if needed. 42289249Sbdrewery rulecount=$(sysctl -in security.mac.bsdextended.rule_count) 43289249Sbdrewery if [ ${rulecount:-0} -gt 0 ]; then 44289249Sbdrewery ugidfw list | sed -n '2,$p' | cut -d ' ' -f 1 | sort -r -n | 45289249Sbdrewery xargs -n 1 ugidfw remove 46289249Sbdrewery echo "MAC bsdextended rules flushed." 47289249Sbdrewery fi 48135912Strhodes} 49135912Strhodes 50135912Strhodesload_rc_config $name 51135912Strhodesrun_rc_command "$1" 52