1#!/bin/sh 2# 3# $FreeBSD: src/etc/rc.d/ip6fw,v 1.3 2003/06/29 05:15:57 mtm Exp $ 4# 5 6# PROVIDE: ip6fw 7# REQUIRE: routing 8# BEFORE: network_ipv6 9 10. /etc/rc.subr 11 12name="ip6fw" 13rcvar=`set_rcvar ipv6_firewall` 14start_cmd="ip6fw_start" 15start_precmd="ip6fw_prestart" 16stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0" 17 18ip6fw_prestart() 19{ 20 # Load IPv6 firewall module, if not already loaded 21 if ! ${SYSCTL} net.inet6.ip6.fw.enable > /dev/null 2>&1; then 22 kldstat -qm ip6fw || kldload -n ip6fw || return 1 23 fi 24 return 0 25} 26 27ip6fw_start() 28{ 29 # Specify default rules file if none provided 30 if [ -z "${ipv6_firewall_script}" ]; then 31 ipv6_firewall_script=/etc/rc.firewall6 32 fi 33 34 # Load rules 35 # 36 if [ -r "${ipv6_firewall_script}" ]; then 37 . "${ipv6_firewall_script}" 38 echo 'IPv6 Firewall rules loaded.' 39 elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then 40 warn 'IPv6 firewall rules have not been loaded. Default' \ 41 ' to DENY all access.' 42 fi 43 44 # Enable firewall logging 45 # 46 if checkyesno ipv6_firewall_logging; then 47 echo 'IPv6 Firewall logging=YES' 48 sysctl net.inet6.ip6.fw.verbose=1 >/dev/null 49 fi 50} 51 52load_rc_config $name 53run_rc_command "$1" 54