xref: /freebsd/libexec/rc/rc.d/ipfilter (revision 1f474190) 
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: ipfilter
7# REQUIRE: FILESYSTEMS
8# BEFORE: ipmon ipnat netif netwait securelevel
9# KEYWORD: nojailvnet
10
11. /etc/rc.subr
12
13name="ipfilter"
14desc="IP packet filter"
15rcvar="ipfilter_enable"
16load_rc_config $name
17stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
18
19start_precmd="$stop_precmd"
20start_cmd="ipfilter_start"
21stop_cmd="ipfilter_stop"
22reload_precmd="$stop_precmd"
23reload_cmd="ipfilter_reload"
24resync_precmd="$stop_precmd"
25resync_cmd="ipfilter_resync"
26status_precmd="$stop_precmd"
27status_cmd="ipfilter_status"
28extra_commands="reload resync"
29required_modules="ipl:ipfilter"
30
31ipfilter_start()
32{
33	echo "Enabling ipfilter."
34	if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
35		${ipfilter_program:-/sbin/ipf} -E
36	fi
37	${ipfilter_program:-/sbin/ipf} -Fa
38	if [ -r "${ipfilter_rules}" ]; then
39		${ipfilter_program:-/sbin/ipf} \
40		    -f "${ipfilter_rules}" ${ipfilter_flags}
41	fi
42	if [ -r "${ipv6_ipfilter_rules}" ]; then
43		${ipfilter_program:-/sbin/ipf} -6 \
44		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
45	fi
46}
47
48ipfilter_stop()
49{
50	if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
51		echo "Saving firewall state tables"
52		${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
53		echo "Disabling ipfilter."
54		${ipfilter_program:-/sbin/ipf} -D
55	fi
56}
57
58ipfilter_reload()
59{
60	echo "Reloading ipfilter rules."
61
62	${ipfilter_program:-/sbin/ipf} -I -Fa
63	if [ -r "${ipfilter_rules}" ]; then
64		${ipfilter_program:-/sbin/ipf} -I \
65		    -f "${ipfilter_rules}" ${ipfilter_flags}
66		if [ $? -ne 0 ]; then
67			err 1 'Load of rules into alternate set failed; aborting reload'
68		fi
69	fi
70	if [ -r "${ipv6_ipfilter_rules}" ]; then
71		${ipfilter_program:-/sbin/ipf} -I -6 \
72		    -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
73		if [ $? -ne 0 ]; then
74			err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
75		fi
76	fi
77	${ipfilter_program:-/sbin/ipf} -s
78
79}
80
81ipfilter_resync()
82{
83	${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
84}
85
86ipfilter_status()
87{
88	${ipfilter_program:-/sbin/ipf} -V
89}
90
91run_rc_command "$1"
92