1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: ipfilter
7# REQUIRE: FILESYSTEMS
8# KEYWORD: nojail
9
10. /etc/rc.subr
11
12name="ipfilter"
13rcvar="ipfilter_enable"
14load_rc_config $name
15stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
16
17start_precmd="$stop_precmd"
18start_cmd="ipfilter_start"
19stop_cmd="ipfilter_stop"
20reload_precmd="$stop_precmd"
21reload_cmd="ipfilter_reload"
22resync_precmd="$stop_precmd"
23resync_cmd="ipfilter_resync"
24status_precmd="$stop_precmd"
25status_cmd="ipfilter_status"
26extra_commands="reload resync"
27required_modules="ipl:ipfilter"
28
29ipfilter_start()
30{
31	echo "Enabling ipfilter."
32	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
33		${ipfilter_program:-/sbin/ipf} -E
34	fi
35	${ipfilter_program:-/sbin/ipf} -Fa
36	if [ -r "${ipfilter_rules}" ]; then
37		${ipfilter_program:-/sbin/ipf} \
38		    -f "${ipfilter_rules}" ${ipfilter_flags}
39	fi
40	if [ -r "${ipv6_ipfilter_rules}" ]; then
41		${ipfilter_program:-/sbin/ipf} -6 \
42		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
43	fi
44}
45
46ipfilter_stop()
47{
48	if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
49		echo "Saving firewall state tables"
50		${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
51		echo "Disabling ipfilter."
52		${ipfilter_program:-/sbin/ipf} -D
53	fi
54}
55
56ipfilter_reload()
57{
58	echo "Reloading ipfilter rules."
59
60	${ipfilter_program:-/sbin/ipf} -I -Fa
61	if [ -r "${ipfilter_rules}" ]; then
62		${ipfilter_program:-/sbin/ipf} -I \
63		    -f "${ipfilter_rules}" ${ipfilter_flags}
64		if [ $? -ne 0 ]; then
65			err 1 'Load of rules into alternate set failed; aborting reload'
66		fi
67	fi
68	${ipfilter_program:-/sbin/ipf} -I -6 -Fa
69	if [ -r "${ipv6_ipfilter_rules}" ]; then
70		${ipfilter_program:-/sbin/ipf} -I -6 \
71		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
72		if [ $? -ne 0 ]; then
73			err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
74		fi
75	fi
76	${ipfilter_program:-/sbin/ipf} -s
77
78}
79
80ipfilter_resync()
81{
82	${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
83}
84
85ipfilter_status()
86{
87	${ipfilter_program:-/sbin/ipf} -V
88}
89
90run_rc_command "$1"
91