xref: /dragonfly/etc/rc.d/ip6fw (revision 71126e33) 
1#!/bin/sh
2#
3# $FreeBSD: src/etc/rc.d/ip6fw,v 1.3 2003/06/29 05:15:57 mtm Exp $
4# $DragonFly: src/etc/rc.d/ip6fw,v 1.2 2004/01/26 17:21:15 rob Exp $
5#
6
7# PROVIDE: ip6fw
8# REQUIRE: routing
9# BEFORE: network_ipv6
10# KEYWORD: DragonFly
11
12. /etc/rc.subr
13
14name="ip6fw"
15rcvar=`set_rcvar ipv6_firewall`
16start_cmd="ip6fw_start"
17start_precmd="ip6fw_prestart"
18stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0"
19
20ip6fw_prestart()
21{
22	# Load IPv6 firewall module, if not already loaded
23	if ! ${SYSCTL} net.inet6.ip6.fw.enable > /dev/null 2>&1; then
24		kldload ip6fw && {
25			debug 'Kernel IPv6 firewall module loaded.'
26			return 0
27		}
28		warn 'IPv6 firewall kernel module failed to load.'
29		return 1
30	fi
31}
32
33ip6fw_start()
34{
35	# Specify default rules file if none provided
36	if [ -z "${ipv6_firewall_script}" ]; then
37		ipv6_firewall_script=/etc/rc.firewall6
38	fi
39
40	# Load rules
41	#
42	if [ -r "${ipv6_firewall_script}" ]; then
43		. "${ipv6_firewall_script}"
44		echo 'IPv6 Firewall rules loaded.'
45	elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then
46		warn 'IPv6 firewall rules have not been loaded. Default' \
47		    ' to DENY all access.'
48	fi
49
50	# Enable firewall logging
51	#
52	if checkyesno ipv6_firewall_logging; then
53		echo 'IPv6 Firewall logging=YES'
54		sysctl net.inet6.ip6.fw.verbose=1 >/dev/null
55	fi
56}
57
58load_rc_config $name
59run_rc_command "$1"
60