1#!/bin/sh 2# 3# $FreeBSD: src/etc/rc.d/ip6fw,v 1.3 2003/06/29 05:15:57 mtm Exp $ 4# $DragonFly: src/etc/rc.d/ip6fw,v 1.3 2005/11/19 21:47:32 swildner Exp $ 5# 6 7# PROVIDE: ip6fw 8# REQUIRE: routing 9# BEFORE: network_ipv6 10 11. /etc/rc.subr 12 13name="ip6fw" 14rcvar=`set_rcvar ipv6_firewall` 15start_cmd="ip6fw_start" 16start_precmd="ip6fw_prestart" 17stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0" 18 19ip6fw_prestart() 20{ 21 # Load IPv6 firewall module, if not already loaded 22 if ! ${SYSCTL} net.inet6.ip6.fw.enable > /dev/null 2>&1; then 23 kldload ip6fw && { 24 debug 'Kernel IPv6 firewall module loaded.' 25 return 0 26 } 27 warn 'IPv6 firewall kernel module failed to load.' 28 return 1 29 fi 30} 31 32ip6fw_start() 33{ 34 # Specify default rules file if none provided 35 if [ -z "${ipv6_firewall_script}" ]; then 36 ipv6_firewall_script=/etc/rc.firewall6 37 fi 38 39 # Load rules 40 # 41 if [ -r "${ipv6_firewall_script}" ]; then 42 . "${ipv6_firewall_script}" 43 echo 'IPv6 Firewall rules loaded.' 44 elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then 45 warn 'IPv6 firewall rules have not been loaded. Default' \ 46 ' to DENY all access.' 47 fi 48 49 # Enable firewall logging 50 # 51 if checkyesno ipv6_firewall_logging; then 52 echo 'IPv6 Firewall logging=YES' 53 sysctl net.inet6.ip6.fw.verbose=1 >/dev/null 54 fi 55} 56 57load_rc_config $name 58run_rc_command "$1" 59