1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# PROVIDE: ipfilter 7# REQUIRE: FILESYSTEMS 8# KEYWORD: nojail 9 10. /etc/rc.subr 11 12name="ipfilter" 13desc="IP packet filter" 14rcvar="ipfilter_enable" 15load_rc_config $name 16stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" 17 18start_precmd="$stop_precmd" 19start_cmd="ipfilter_start" 20stop_cmd="ipfilter_stop" 21reload_precmd="$stop_precmd" 22reload_cmd="ipfilter_reload" 23resync_precmd="$stop_precmd" 24resync_cmd="ipfilter_resync" 25status_precmd="$stop_precmd" 26status_cmd="ipfilter_status" 27extra_commands="reload resync" 28required_modules="ipl:ipfilter" 29 30ipfilter_start() 31{ 32 echo "Enabling ipfilter." 33 if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 34 ${ipfilter_program:-/sbin/ipf} -E 35 fi 36 ${ipfilter_program:-/sbin/ipf} -Fa 37 if [ -r "${ipfilter_rules}" ]; then 38 ${ipfilter_program:-/sbin/ipf} \ 39 -f "${ipfilter_rules}" ${ipfilter_flags} 40 fi 41 if [ -r "${ipv6_ipfilter_rules}" ]; then 42 ${ipfilter_program:-/sbin/ipf} -6 \ 43 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 44 fi 45} 46 47ipfilter_stop() 48{ 49 if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 50 echo "Saving firewall state tables" 51 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 52 echo "Disabling ipfilter." 53 ${ipfilter_program:-/sbin/ipf} -D 54 fi 55} 56 57ipfilter_reload() 58{ 59 echo "Reloading ipfilter rules." 60 61 ${ipfilter_program:-/sbin/ipf} -I -Fa 62 if [ -r "${ipfilter_rules}" ]; then 63 ${ipfilter_program:-/sbin/ipf} -I \ 64 -f "${ipfilter_rules}" ${ipfilter_flags} 65 if [ $? -ne 0 ]; then 66 err 1 'Load of rules into alternate set failed; aborting reload' 67 fi 68 fi 69 if [ -r "${ipv6_ipfilter_rules}" ]; then 70 ${ipfilter_program:-/sbin/ipf} -I -6 \ 71 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} 72 if [ $? -ne 0 ]; then 73 err 1 'Load of IPv6 rules into alternate set failed; aborting reload' 74 fi 75 fi 76 ${ipfilter_program:-/sbin/ipf} -s 77 78} 79 80ipfilter_resync() 81{ 82 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 83} 84 85ipfilter_status() 86{ 87 ${ipfilter_program:-/sbin/ipf} -V 88} 89 90run_rc_command "$1" 91