1#!/bin/sh 2# 3# $FreeBSD: src/etc/rc.d/ipfw,v 1.4 2003/03/30 15:52:18 mtm Exp $ 4# 5 6# PROVIDE: ipfw 7# REQUIRE: ppp 8# BEFORE: NETWORKING 9 10. /etc/rc.subr 11 12name="ipfw" 13rcvar="firewall_enable" 14start_cmd="ipfw_start" 15start_precmd="ipfw_precmd" 16stop_cmd="ipfw_stop" 17 18ipfw_precmd() 19{ 20 # Load IPv4 firewall module, if not already loaded 21 if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then 22 kldstat -qm ipfw || kldload -n ipfw || return 1 23 fi 24 return 0 25} 26 27ipfw_start() 28{ 29 # set the firewall rules script if none was specified 30 [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall 31 32 if [ -r "${firewall_script}" ]; then 33 . "${firewall_script}" 34 echo -n 'Firewall rules loaded, starting divert daemons:' 35 36 # Network Address Translation daemon 37 # 38 if checkyesno natd_enable; then 39 if [ -n "${natd_interface}" ]; then 40 if echo ${natd_interface} | \ 41 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then 42 natd_flags="$natd_flags -a ${natd_interface}" 43 else 44 natd_flags="$natd_flags -n ${natd_interface}" 45 fi 46 fi 47 echo -n ' natd' 48 ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 49 fi 50 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 51 echo 'Warning: kernel has firewall functionality, but' \ 52 ' firewall rules are not enabled.' 53 echo ' All ip services are disabled.' 54 fi 55 echo '.' 56 57 # Firewall logging 58 # 59 if checkyesno firewall_logging; then 60 echo 'Firewall logging enabled' 61 sysctl net.inet.ip.fw.verbose=1 >/dev/null 62 fi 63 64 # Enable the firewall 65 # 66 ${SYSCTL_W} net.inet.ip.fw.enable=1 67} 68 69ipfw_stop() 70{ 71 # Disable the firewall 72 # 73 ${SYSCTL_W} net.inet.ip.fw.enable=0 74} 75 76load_rc_config $name 77run_rc_command "$1" 78