etc/rc.d/ip6fw

   1 #!/bin/sh
   2 #
   3 # $FreeBSD: src/etc/rc.d/ip6fw,v 1.3 2003/06/29 05:15:57 mtm Exp $
   4 #
   5
   6 # PROVIDE: ip6fw
   7 # REQUIRE: routing
   8 # BEFORE: network_ipv6
   9
  10 . /etc/rc.subr
  11
  12 name="ip6fw"
  13 rcvar=`set_rcvar ipv6_firewall`
  14 start_cmd="ip6fw_start"
  15 start_precmd="ip6fw_prestart"
  16 stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0"
  17
  18 ip6fw_prestart()
  19 {
  20         # Load IPv6 firewall module, if not already loaded
  21         if ! ${SYSCTL} -q net.inet6.ip6.fw.enable >/dev/null; then
  22                 kldstat -qm ip6fw || kldload -n ip6fw || return 1
  23         fi
  24         return 0
  25 }
  26
  27 ip6fw_start()
  28 {
  29         # Specify default rules file if none provided
  30         if [ -z "${ipv6_firewall_script}" ]; then
  31                 ipv6_firewall_script=/etc/rc.firewall6
  32         fi
  33
  34         # Load rules
  35         #
  36         if [ -r "${ipv6_firewall_script}" ]; then
  37                 . "${ipv6_firewall_script}"
  38                 echo 'IPv6 Firewall rules loaded.'
  39         elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then
  40                 warn 'IPv6 firewall rules have not been loaded. Default' \
  41                     ' to DENY all access.'
  42         fi
  43
  44         # Enable firewall logging
  45         #
  46         if checkyesno ipv6_firewall_logging; then
  47                 echo 'IPv6 Firewall logging=YES'
  48                 ${SYSCTL_W} net.inet6.ip6.fw.verbose=1 >/dev/null
  49         fi
  50 }
  51
  52 load_rc_config $name
  53 run_rc_command "$1"