1#!/bin/sh 2# 3# $FreeBSD: src/etc/rc.d/ip6fw,v 1.3 2003/06/29 05:15:57 mtm Exp $ 4# $DragonFly: src/etc/rc.d/ip6fw,v 1.2 2004/01/26 17:21:15 rob Exp $ 5# 6 7# PROVIDE: ip6fw 8# REQUIRE: routing 9# BEFORE: network_ipv6 10# KEYWORD: DragonFly 11 12. /etc/rc.subr 13 14name="ip6fw" 15rcvar=`set_rcvar ipv6_firewall` 16start_cmd="ip6fw_start" 17start_precmd="ip6fw_prestart" 18stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0" 19 20ip6fw_prestart() 21{ 22 # Load IPv6 firewall module, if not already loaded 23 if ! ${SYSCTL} net.inet6.ip6.fw.enable > /dev/null 2>&1; then 24 kldload ip6fw && { 25 debug 'Kernel IPv6 firewall module loaded.' 26 return 0 27 } 28 warn 'IPv6 firewall kernel module failed to load.' 29 return 1 30 fi 31} 32 33ip6fw_start() 34{ 35 # Specify default rules file if none provided 36 if [ -z "${ipv6_firewall_script}" ]; then 37 ipv6_firewall_script=/etc/rc.firewall6 38 fi 39 40 # Load rules 41 # 42 if [ -r "${ipv6_firewall_script}" ]; then 43 . "${ipv6_firewall_script}" 44 echo 'IPv6 Firewall rules loaded.' 45 elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then 46 warn 'IPv6 firewall rules have not been loaded. Default' \ 47 ' to DENY all access.' 48 fi 49 50 # Enable firewall logging 51 # 52 if checkyesno ipv6_firewall_logging; then 53 echo 'IPv6 Firewall logging=YES' 54 sysctl net.inet6.ip6.fw.verbose=1 >/dev/null 55 fi 56} 57 58load_rc_config $name 59run_rc_command "$1" 60