1#!/bin/sh 2# 3# $FreeBSD$ 4# 5 6# PROVIDE: ipfilter 7# REQUIRE: FILESYSTEMS 8# BEFORE: ipmon ipnat netif netwait securelevel 9# KEYWORD: nojailvnet 10 11. /etc/rc.subr 12 13name="ipfilter" 14desc="IP packet filter" 15rcvar="ipfilter_enable" 16load_rc_config $name 17stop_precmd="test -f ${ipfilter_rules}" 18 19start_precmd="$stop_precmd" 20start_cmd="ipfilter_start" 21stop_cmd="ipfilter_stop" 22reload_precmd="$stop_precmd" 23reload_cmd="ipfilter_reload" 24resync_precmd="$stop_precmd" 25resync_cmd="ipfilter_resync" 26status_precmd="$stop_precmd" 27status_cmd="ipfilter_status" 28extra_commands="reload resync" 29required_modules="ipl:ipfilter" 30 31ipfilter_start() 32{ 33 echo "Enabling ipfilter." 34 if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 35 ${ipfilter_program:-/sbin/ipf} -E 36 fi 37 ${ipfilter_program:-/sbin/ipf} -Fa 38 if [ -r "${ipfilter_rules}" ]; then 39 ${ipfilter_program:-/sbin/ipf} \ 40 -f "${ipfilter_rules}" ${ipfilter_flags} 41 fi 42} 43 44ipfilter_stop() 45{ 46 if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 47 echo "Saving firewall state tables" 48 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 49 echo "Disabling ipfilter." 50 ${ipfilter_program:-/sbin/ipf} -D 51 fi 52} 53 54ipfilter_reload() 55{ 56 echo "Reloading ipfilter rules." 57 58 ${ipfilter_program:-/sbin/ipf} -I -Fa 59 if [ -r "${ipfilter_rules}" ]; then 60 ${ipfilter_program:-/sbin/ipf} -I \ 61 -f "${ipfilter_rules}" ${ipfilter_flags} 62 if [ $? -ne 0 ]; then 63 err 1 'Load of rules into alternate set failed; aborting reload' 64 fi 65 fi 66 ${ipfilter_program:-/sbin/ipf} -s 67 68} 69 70ipfilter_resync() 71{ 72 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 73} 74 75ipfilter_status() 76{ 77 ${ipfilter_program:-/sbin/ipf} -V 78} 79 80run_rc_command "$1" 81