3 # $NetBSD: ipfilter,v 1.10 2001/02/28 17:03:50 lukem Exp $
4 # $FreeBSD: src/etc/rc.d/ipfilter,v 1.10 2003/04/30 02:54:17 mtm Exp $
5 # $DragonFly: src/etc/rc.d/ipfilter,v 1.6 2005/11/19 21:47:32 swildner Exp $
9 # REQUIRE: root mountcritlocal tty ipmon
18 stop_precmd
="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
20 start_precmd
="ipfilter_prestart"
21 start_cmd
="ipfilter_start"
22 stop_cmd
="ipfilter_stop"
23 reload_precmd
="$stop_precmd"
24 reload_cmd
="ipfilter_reload"
25 resync_precmd
="$stop_precmd"
26 resync_cmd
="ipfilter_resync"
27 status_precmd
="$stop_precmd"
28 status_cmd
="ipfilter_status"
29 extra_commands
="reload resync status"
33 if ! kldstat
-v |
grep "IP Filter" > /dev
/null
2>&1; then
42 # load ipfilter kernel module if needed
43 if ! ipfilter_loaded
; then
45 info
'IP-filter module loaded.'
47 err
1 'IP-filter module failed to load.'
51 # check for ipfilter rules
52 if [ ! -r "${ipfilter_rules}" ] && [ ! -r "${ipv6_ipfilter_rules}" ]
54 warn
'IP-filter: NO IPF RULES'
62 echo "Enabling ipfilter."
63 if [ `sysctl -n net.inet.ipf.fr_running` -eq 0 ]; then
64 ${ipfilter_program:-/sbin/ipf} -E
66 ${ipfilter_program:-/sbin/ipf} -Fa
67 if [ -r "${ipfilter_rules}" ]; then
68 ${ipfilter_program:-/sbin/ipf} \
69 -f "${ipfilter_rules}" ${ipfilter_flags}
71 ${ipfilter_program:-/sbin/ipf} -6 -Fa
72 if [ -r "${ipv6_ipfilter_rules}" ]; then
73 ${ipfilter_program:-/sbin/ipf} -6 \
74 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
80 # XXX - The ipf -D command is not effective for 'lkm's
81 if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
82 echo "Saving firewall state tables"
83 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
84 echo "Disabling ipfilter."
85 ${ipfilter_program:-/sbin/ipf} -D
91 echo "Reloading ipfilter rules."
93 ${ipfilter_program:-/sbin/ipf} -I -Fa
94 if [ -r "${ipfilter_rules}" ]; then
95 ${ipfilter_program:-/sbin/ipf} -I \
96 -f "${ipfilter_rules}" ${ipfilter_flags}
98 ${ipfilter_program:-/sbin/ipf} -I -6 -Fa
99 if [ -r "${ipv6_ipfilter_rules}" ]; then
100 ${ipfilter_program:-/sbin/ipf} -I -6 \
101 -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
103 ${ipfilter_program:-/sbin/ipf} -s
109 # Don't resync if ipfilter is not loaded
110 if ! ipfilter_loaded
; then
113 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
118 ${ipfilter_program:-/sbin/ipf} -V