etc/rc.d/ipfilter

   1 #!/bin/sh
   2 #
   3 # $NetBSD: ipfilter,v 1.17 2008/11/22 20:23:33 tsutsui Exp $
   4 #
   5
   6 # PROVIDE: ipfilter
   7 # REQUIRE: root bootconf mountcritlocal tty
   8
   9 $_rc_subr_loaded . /etc/rc.subr
  10
  11 name="ipfilter"
  12 rcvar=$name
  13 start_precmd="ipfilter_prestart"
  14 start_cmd="ipfilter_start"
  15 stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
  16 stop_cmd="ipfilter_stop"
  17 reload_precmd="$stop_precmd"
  18 reload_cmd="ipfilter_reload"
  19 resync_precmd="$stop_precmd"
  20 resync_cmd="ipfilter_resync"
  21 status_precmd="$stop_precmd"
  22 status_cmd="ipfilter_status"
  23 extra_commands="reload resync status"
  24
  25 ipfilter_prestart()
  26 {
  27         if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then
  28                 warn "/etc/ipf*.conf not readable; ipfilter start aborted."
  29
  30                 stop_boot
  31                 return 1
  32         fi
  33         return 0
  34 }
  35
  36 ipfilter_start()
  37 {
  38         echo "Enabling ipfilter."
  39         /sbin/ipf ${rc_flags} -E
  40
  41                 # Do the flush first; since older ipf has different semantics.
  42                 #
  43         if [ -f /etc/ipf.conf ]; then
  44                 /sbin/ipf -Fa
  45         fi
  46         if [ -f /etc/ipf6.conf ]; then
  47                 /sbin/ipf -6 -Fa
  48         fi
  49
  50                 # Now load the config files
  51                 #
  52         if [ -f /etc/ipf.conf ]; then
  53                 /sbin/ipf -f /etc/ipf.conf
  54         fi
  55         if [ -f /etc/ipf6.conf ]; then
  56                 /sbin/ipf -6 -f /etc/ipf6.conf
  57         fi
  58 }
  59
  60 ipfilter_stop()
  61 {
  62         echo "Disabling ipfilter."
  63         /sbin/ipf -D
  64 }
  65
  66 ipfilter_reload()
  67 {
  68         echo "Reloading ipfilter rules."
  69
  70                 # Do the flush first; since older ipf has different semantics.
  71                 #
  72         if [ -f /etc/ipf.conf ]; then
  73                 /sbin/ipf -I -Fa
  74         fi
  75         if [ -f /etc/ipf6.conf ]; then
  76                 /sbin/ipf -6 -I -Fa
  77         fi
  78
  79                 # Now load the config files into the Inactive set
  80                 #
  81         if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
  82                 err 1 "reload of ipf.conf failed; not swapping to new ruleset."
  83         fi
  84         if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
  85                 err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
  86         fi
  87
  88                 # Swap in the new rules
  89                 #
  90         /sbin/ipf -s
  91 }
  92
  93 ipfilter_resync()
  94 {
  95         /sbin/ipf -y
  96 }
  97
  98 ipfilter_status()
  99 {
 100         /sbin/ipf -V
 101 }
 102
 103 load_rc_config $name
 104 run_rc_command "$1"