#!/bin/sh
#
# $NetBSD: ipfilter,v 1.7 2000/09/19 13:04:38 lukem Exp $
#

# PROVIDE: ipfilter
# REQUIRE: root beforenetlkm mountcritlocal tty

. /etc/rc.subr

name="ipfilter"
rcvar=$name
start_precmd="ipfilter_prestart"
start_cmd="ipfilter_start"
stop_precmd="test -f /etc/ipf.conf"
stop_cmd="ipfilter_stop"
reload_precmd="$stop_precmd"
reload_cmd="ipfilter_reload"
status_precmd="$stop_precmd"
status_cmd="ipfilter_status"
extra_commands="reload status"

ipfilter_prestart()
{
	if [ ! -f /etc/ipf.conf ]; then
		warn "/etc/ipf.conf not readable; ipfilter start aborted."
			#
			# If booting directly to multiuser, send SIGTERM to
			# the parent (/etc/rc) to abort the boot
			#
		if [ "$autoboot" = yes ]; then
			echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
			kill -TERM $$
			exit 1
		fi
		return 1
	fi
	return 0
}

ipfilter_start()
{
	echo "Enabling ipfilter."
	/sbin/ipf -E -Fa -f /etc/ipf.conf
}

ipfilter_stop()
{
	echo "Disabling ipfilter."
	/sbin/ipf -D
}

ipfilter_reload()
{
	echo "Reloading ipfilter rules."
	/sbin/ipf -I -Fa -f /etc/ipf.conf
	if [ $? -eq 0 ]; then
		/sbin/ipf -s
	else
		warn "Reload failed; not swapping to new ruleset."
	fi
}

ipfilter_status()
{
	/sbin/ipf -V
}

load_rc_config $name
run_rc_command "$1"