1#!/sbin/sh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# ident "%Z%%M% %I% %E% SMI" 24# 25# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 26# Use is subject to license terms. 27# 28 29. /lib/svc/share/smf_include.sh 30 31PATH=${PATH}:/usr/sbin:/usr/lib/ipf 32PIDFILE=/var/run/ipmon.pid 33IPFILCONF=/etc/ipf/ipf.conf 34IP6FILCONF=/etc/ipf/ipf6.conf 35IPNATCONF=/etc/ipf/ipnat.conf 36IPPOOLCONF=/etc/ipf/ippool.conf 37PFILCHECKED=no 38 39zone=`smf_zonename` 40ipfid=`/usr/sbin/modinfo 2>&1 | awk '/ipf/ { print $1 } ' - 2>/dev/null` 41if [ -f $PIDFILE ] ; then 42 pid=`cat $PIDFILE 2>/dev/null` 43else 44 pid=`pgrep -z $zone ipmon` 45fi 46 47logmsg() 48{ 49 logger -p daemon.warning -t ipfilter "$1" 50 echo "$1" >&2 51} 52 53load_ipf() { 54 bad=0 55 if [ -r ${IPFILCONF} ]; then 56 ipf -IFa -f ${IPFILCONF} >/dev/null 57 if [ $? != 0 ]; then 58 echo "$0: load of ${IPFILCONF} into alternate set failed" 59 bad=1 60 fi 61 fi 62 if [ -r ${IP6FILCONF} ]; then 63 ipf -6IFa -f ${IP6FILCONF} >/dev/null 64 if [ $? != 0 ]; then 65 echo "$0: load of ${IP6FILCONF} into alternate set failed" 66 bad=1 67 fi 68 fi 69 if [ $bad -eq 0 ] ; then 70 ipf -s -y >/dev/null 71 return 0 72 else 73 echo "Not switching config due to load error." 74 return 1 75 fi 76} 77 78 79load_ipnat() { 80 if [ -r ${IPNATCONF} ]; then 81 ipnat -CF -f ${IPNATCONF} >/dev/null 82 if [ $? != 0 ]; then 83 echo "$0: load of ${IPNATCONF} failed" 84 return 1 85 else 86 ipf -y >/dev/null 87 return 0 88 fi 89 else 90 return 0 91 fi 92} 93 94 95load_ippool() { 96 if [ -r ${IPPOOLCONF} ]; then 97 ippool -F >/dev/null 98 ippool -f ${IPPOOLCONF} >/dev/null 99 if [ $? != 0 ]; then 100 echo "$0: load of ${IPPOOLCONF} failed" 101 return 1 102 else 103 return 0 104 fi 105 else 106 return 0 107 fi 108} 109 110 111case "$1" in 112 start) 113 [ ! -f ${IPFILCONF} -a ! -f ${IPNATCONF} ] && exit 0 114 ipf -E 115 [ -n "$pid" ] && kill -TERM $pid 2>/dev/null 116 if load_ippool && load_ipf && load_ipnat ; then 117 /usr/sbin/ipmon -Ds 118 else 119 exit $SMF_EXIT_ERR_CONFIG 120 fi 121 ;; 122 123 stop) 124 [ -n "$pid" ] && kill -TERM $pid 125 ipf -D 126 [ -n "$ipfid" ] && modunload -i $ipfid 127 ;; 128 129 pause) 130 ipfs -l 131 ipfs -NS -w 132 ipf -D 133 if [ -f $PIDFILE ] ; then 134 if kill -0 $pid; then 135 kill -TERM $pid 136 else 137 cp /dev/null $PIDFILE 138 fi 139 fi 140 ;; 141 142 resume) 143 ipf -E 144 ipfs -R 145 load_ippool 146 load_ipf 147 load_ipnat 148 if [ -f $PIDFILE -a -n "$pid" ] ; then 149 /usr/sbin/ipmon -Ds 150 fi 151 ;; 152 153 reload) 154 load_ippool 155 load_ipf 156 load_ipnat 157 ;; 158 159 reipf) 160 load_ipf 161 ;; 162 163 reipnat) 164 load_ipnat 165 ;; 166 167 *) 168 echo "Usage: $0 \c" >&2 169 echo "(start|stop|reload|reipf|reipnat|pause|resume)" >&2 170 exit 1 171 ;; 172 173esac 174exit $SMF_EXIT_OK 175