1#!/bin/sh 2# 3# $FreeBSD: src/etc/rc.d/ipfw,v 1.4 2003/03/30 15:52:18 mtm Exp $ 4# $DragonFly: src/etc/rc.d/ipfw,v 1.1 2003/07/24 06:35:37 dillon Exp $ 5# 6 7# PROVIDE: ipfw 8# REQUIRE: ppp-user 9# BEFORE: NETWORKING 10# KEYWORD: DragonFly FreeBSD 11 12. /etc/rc.subr 13 14name="ipfw" 15rcvar="firewall_enable" 16start_cmd="ipfw_start" 17start_precmd="ipfw_precmd" 18stop_cmd="ipfw_stop" 19 20ipfw_precmd() 21{ 22 if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then 23 if ! kldload ipfw; then 24 warn unable to load firewall module. 25 return 1 26 fi 27 fi 28 29 return 0 30} 31 32ipfw_start() 33{ 34 # set the firewall rules script if none was specified 35 [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 36 37 if [ -r "${firewall_script}" ]; then 38 . "${firewall_script}" 39 echo -n 'Firewall rules loaded, starting divert daemons:' 40 41 # Network Address Translation daemon 42 # 43 if checkyesno natd_enable; then 44 if [ -n "${natd_interface}" ]; then 45 if echo ${natd_interface} | \ 46 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then 47 natd_flags="$natd_flags -a ${natd_interface}" 48 else 49 natd_flags="$natd_flags -n ${natd_interface}" 50 fi 51 fi 52 echo -n ' natd' 53 ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 54 fi 55 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 56 echo 'Warning: kernel has firewall functionality, but' \ 57 ' firewall rules are not enabled.' 58 echo ' All ip services are disabled.' 59 fi 60 echo '.' 61 62 # Firewall logging 63 # 64 if checkyesno firewall_logging; then 65 echo 'Firewall logging enabled' 66 sysctl net.inet.ip.fw.verbose=1 >/dev/null 67 fi 68 69 # Enable the firewall 70 # 71 ${SYSCTL_W} net.inet.ip.fw.enable=1 72} 73 74ipfw_stop() 75{ 76 # Disable the firewall 77 # 78 ${SYSCTL_W} net.inet.ip.fw.enable=0 79} 80 81load_rc_config $name 82run_rc_command "$1" 83