xref: /dragonfly/etc/rc.d/ipfw3 (revision 35e996c9) 
1#!/bin/sh
2#
3# Copyright (c) 2018 The DragonFly Project.  All rights reserved.
4#
5# This code is derived from software contributed to The DragonFly Project
6# by Aaron LI <aly@dragonflybsd.org>
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13#    notice, this list of conditions and the following disclaimer.
14# 2. Redistributions in binary form must reproduce the above copyright
15#    notice, this list of conditions and the following disclaimer in
16#    the documentation and/or other materials provided with the
17#    distribution.
18# 3. Neither the name of The DragonFly Project nor the names of its
19#    contributors may be used to endorse or promote products derived
20#    from this software without specific, prior written permission.
21#
22# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25# FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
26# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27# INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
28# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
30# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
31# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
32# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33# SUCH DAMAGE.
34#
35
36# PROVIDE: ipfw3
37# REQUIRE: netif
38# BEFORE:  NETWORKING
39
40. /etc/rc.subr
41
42name="ipfw3"
43rcvar=`set_rcvar`
44start_cmd="${name}_start"
45start_precmd="${name}_precmd"
46stop_cmd="${name}_stop"
47
48ipfw3_precmd()
49{
50	# Load firewall modules, if not already loaded
51	if ! ${SYSCTL} -q net.inet.ip.fw3.enable >/dev/null; then
52		for _module in ${ipfw3_modules}; do
53			kldload -n ${_module} || return 1
54		done
55	fi
56	return 0
57}
58
59ipfw3_start()
60{
61	# Load firewall rules
62	if [ -r "${ipfw3_script}" ]; then
63		. "${ipfw3_script}"
64		echo "Firewall ${name} rules loaded."
65	elif [ "`${ipfw3_program} list`" = "65535  deny" ]; then
66		echo 'Warning: kernel has firewall functionality, but' \
67		     'firewall rules are not enabled.'
68		echo '           All ip services are disabled.'
69	fi
70
71	# Enable the firewall
72	${SYSCTL_W} net.inet.ip.fw3.enable=1
73	echo "Firewall ${name} enabled"
74}
75
76ipfw3_stop()
77{
78	${ipfw3_program} -f flush
79	echo "Firewall ${name} rules flushed."
80
81	# XXX/TODO: also flush/delete lookup tables
82
83	# Disable the firewall
84	#
85	${SYSCTL_W} net.inet.ip.fw3.enable=0
86	echo "Firewall ${name} disabled"
87}
88
89load_rc_config ${name}
90run_rc_command "$1"
91