1#!/bin/sh 2# 3# 4 5# PROVIDE: ipfilter 6# REQUIRE: FILESYSTEMS 7# BEFORE: ipmon ipnat netif netwait securelevel 8# KEYWORD: nojailvnet 9 10. /etc/rc.subr 11 12name="ipfilter" 13desc="IP packet filter" 14rcvar="ipfilter_enable" 15load_rc_config $name 16stop_precmd="test -f ${ipfilter_rules}" 17 18start_precmd="$stop_precmd" 19start_cmd="ipfilter_start" 20stop_cmd="ipfilter_stop" 21reload_precmd="$stop_precmd" 22reload_cmd="ipfilter_reload" 23resync_precmd="$stop_precmd" 24resync_cmd="ipfilter_resync" 25status_precmd="$stop_precmd" 26status_cmd="ipfilter_status" 27extra_commands="reload resync" 28required_modules="ipl:ipfilter" 29 30ipfilter_start() 31{ 32 echo "Enabling ipfilter." 33 if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 34 ${ipfilter_program:-/sbin/ipf} -E 35 fi 36 ${ipfilter_program:-/sbin/ipf} -Fa 37 if [ -r "${ipfilter_rules}" ]; then 38 ${ipfilter_program:-/sbin/ipf} \ 39 -f "${ipfilter_rules}" ${ipfilter_flags} 40 fi 41} 42 43ipfilter_stop() 44{ 45 if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 46 echo "Saving firewall state tables" 47 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 48 echo "Disabling ipfilter." 49 ${ipfilter_program:-/sbin/ipf} -D 50 fi 51} 52 53ipfilter_reload() 54{ 55 echo "Reloading ipfilter rules." 56 57 ${ipfilter_program:-/sbin/ipf} -I -Fa 58 if [ -r "${ipfilter_rules}" ]; then 59 ${ipfilter_program:-/sbin/ipf} -I \ 60 -f "${ipfilter_rules}" ${ipfilter_flags} 61 if [ $? -ne 0 ]; then 62 err 1 'Load of rules into alternate set failed; aborting reload' 63 fi 64 fi 65 ${ipfilter_program:-/sbin/ipf} -s 66 67} 68 69ipfilter_resync() 70{ 71 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 72} 73 74ipfilter_status() 75{ 76 ${ipfilter_program:-/sbin/ipf} -V 77} 78 79run_rc_command "$1" 80