3 # Copyright (c) 2018 The DragonFly Project. All rights reserved.
5 # This code is derived from software contributed to The DragonFly Project
6 # by Aaron LI <aly@dragonflybsd.org>
8 # Redistribution and use in source and binary forms, with or without
9 # modification, are permitted provided that the following conditions
12 # 1. Redistributions of source code must retain the above copyright
13 # notice, this list of conditions and the following disclaimer.
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in
16 # the documentation and/or other materials provided with the
18 # 3. Neither the name of The DragonFly Project nor the names of its
19 # contributors may be used to endorse or promote products derived
20 # from this software without specific, prior written permission.
22 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 # COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27 # INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
28 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
30 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
31 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
32 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 start_cmd
="${name}_start"
44 start_precmd
="${name}_precmd"
45 stop_cmd
="${name}_stop"
49 # Load firewall modules, if not already loaded
50 if ! ${SYSCTL} -q net.inet.ip.fw3.
enable >/dev
/null
; then
51 for _module
in ${ipfw3_modules}; do
52 kldload
-n ${_module} ||
return 1
61 if [ -r "${ipfw3_script}" ]; then
63 echo "Firewall ${name} rules loaded."
64 elif [ "`${ipfw3_program} list`" = "65535 deny" ]; then
65 echo 'Warning: kernel has firewall functionality, but' \
66 'firewall rules are not enabled.'
67 echo ' All ip services are disabled.'
71 ${SYSCTL_W} net.inet.ip.fw3.
enable=1
72 echo "Firewall ${name} enabled"
77 ${ipfw3_program} -f flush
78 echo "Firewall ${name} rules flushed."
80 # XXX/TODO: also flush/delete lookup tables
82 # Disable the firewall
84 ${SYSCTL_W} net.inet.ip.fw3.
enable=0
85 echo "Firewall ${name} disabled"
88 load_rc_config
${name}