O_CREAT was being allowed to leak through a read-only NFS export.
[dragonfly.git] / etc / rc.d / ipfw
bloba987ee479bc486270d86203638123534c2185d03
1 #!/bin/sh
3 # $FreeBSD: src/etc/rc.d/ipfw,v 1.4 2003/03/30 15:52:18 mtm Exp $
4 # $DragonFly: src/etc/rc.d/ipfw,v 1.4 2008/07/06 23:55:51 thomas Exp $
7 # PROVIDE: ipfw
8 # REQUIRE: ppp-user
9 # BEFORE: NETWORKING
11 . /etc/rc.subr
13 name="ipfw"
14 rcvar="firewall_enable"
15 start_cmd="ipfw_start"
16 start_precmd="ipfw_precmd"
17 stop_cmd="ipfw_stop"
19 ipfw_precmd()
21 if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then
22 if ! kldload ipfw; then
23 warn "unable to load ipfw firewall module."
24 return 1
28 return 0
31 ipfw_start()
33 # set the firewall rules script if none was specified
34 [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
36 if [ -r "${firewall_script}" ]; then
37 . "${firewall_script}"
38 echo -n 'Firewall rules loaded, starting divert daemons:'
40 # Network Address Translation daemon
42 if checkyesno natd_enable; then
43 if [ -n "${natd_interface}" ]; then
44 if echo ${natd_interface} | \
45 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
46 natd_flags="$natd_flags -a ${natd_interface}"
47 else
48 natd_flags="$natd_flags -n ${natd_interface}"
51 echo -n ' natd'
52 ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
54 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
55 echo 'Warning: kernel has firewall functionality, but' \
56 ' firewall rules are not enabled.'
57 echo ' All ip services are disabled.'
59 echo '.'
61 # Firewall logging
63 if checkyesno firewall_logging; then
64 echo 'Firewall logging enabled'
65 sysctl net.inet.ip.fw.verbose=1 >/dev/null
68 # Enable the firewall
70 ${SYSCTL_W} net.inet.ip.fw.enable=1
73 ipfw_stop()
75 # Disable the firewall
77 ${SYSCTL_W} net.inet.ip.fw.enable=0
80 load_rc_config $name
81 run_rc_command "$1"