xref: /dragonfly/etc/rc.d/ipfw3 (revision ec21d9fb) 
1#!/bin/sh
2#
3# Copyright (c) 2018 The DragonFly Project.  All rights reserved.
4#
5# This code is derived from software contributed to The DragonFly Project
6# by Aaron LI <aly@dragonflybsd.org>
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13#    notice, this list of conditions and the following disclaimer.
14# 2. Redistributions in binary form must reproduce the above copyright
15#    notice, this list of conditions and the following disclaimer in
16#    the documentation and/or other materials provided with the
17#    distribution.
18# 3. Neither the name of The DragonFly Project nor the names of its
19#    contributors may be used to endorse or promote products derived
20#    from this software without specific, prior written permission.
21#
22# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25# FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
26# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27# INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
28# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
30# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
31# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
32# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33# SUCH DAMAGE.
34#
35
36# PROVIDE: ipfw3
37# BEFORE: NETWORKING
38
39. /etc/rc.subr
40
41name="ipfw3"
42rcvar=`set_rcvar`
43start_cmd="${name}_start"
44start_precmd="${name}_precmd"
45stop_cmd="${name}_stop"
46
47ipfw3_precmd()
48{
49	# Load firewall modules, if not already loaded
50	if ! ${SYSCTL} -q net.inet.ip.fw3.enable >/dev/null; then
51		for _module in ${ipfw3_modules}; do
52			kldload -n ${_module} || return 1
53		done
54	fi
55	return 0
56}
57
58ipfw3_start()
59{
60	# Load firewall rules
61	if [ -r "${ipfw3_script}" ]; then
62		. "${ipfw3_script}"
63		echo "Firewall ${name} rules loaded."
64	elif [ "`${ipfw3_program} list`" = "65535  deny" ]; then
65		echo 'Warning: kernel has firewall functionality, but' \
66		     'firewall rules are not enabled.'
67		echo '           All ip services are disabled.'
68	fi
69
70	# Enable the firewall
71	${SYSCTL_W} net.inet.ip.fw3.enable=1
72	echo "Firewall ${name} enabled"
73}
74
75ipfw3_stop()
76{
77	${ipfw3_program} -f flush
78	echo "Firewall ${name} rules flushed."
79
80	# XXX/TODO: also flush/delete lookup tables
81
82	# Disable the firewall
83	#
84	${SYSCTL_W} net.inet.ip.fw3.enable=0
85	echo "Firewall ${name} disabled"
86}
87
88load_rc_config ${name}
89run_rc_command "$1"
90