11.1Slukem#!/bin/sh 21.1Slukem# 31.21Smartin# $NetBSD: ipfilter,v 1.21 2020/09/08 12:52:18 martin Exp $ 41.1Slukem# 51.1Slukem 61.1Slukem# PROVIDE: ipfilter 71.21Smartin# REQUIRE: root bootconf CRITLOCALMOUNTED tty 81.1Slukem 91.11Smycroft$_rc_subr_loaded . /etc/rc.subr 101.1Slukem 111.1Slukemname="ipfilter" 121.7Slukemrcvar=$name 131.5Slukemstart_precmd="ipfilter_prestart" 141.1Slukemstart_cmd="ipfilter_start" 151.8Slukemstop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf" 161.1Slukemstop_cmd="ipfilter_stop" 171.1Slukemreload_precmd="$stop_precmd" 181.1Slukemreload_cmd="ipfilter_reload" 191.10Slukemresync_precmd="$stop_precmd" 201.10Slukemresync_cmd="ipfilter_resync" 211.5Slukemstatus_precmd="$stop_precmd" 221.5Slukemstatus_cmd="ipfilter_status" 231.10Slukemextra_commands="reload resync status" 241.1Slukem 251.5Slukemipfilter_prestart() 261.1Slukem{ 271.9Snisimura if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then 281.8Slukem warn "/etc/ipf*.conf not readable; ipfilter start aborted." 291.14Slukem 301.15Sapb stop_boot 311.5Slukem return 1 321.1Slukem fi 331.5Slukem return 0 341.5Slukem} 351.5Slukem 361.5Slukemipfilter_start() 371.5Slukem{ 381.1Slukem echo "Enabling ipfilter." 391.18Shannken /sbin/ipf ${rc_flags} -E 401.14Slukem 411.14Slukem # Do the flush first; since older ipf has different semantics. 421.14Slukem # 431.14Slukem if [ -f /etc/ipf.conf ]; then 441.14Slukem /sbin/ipf -Fa 451.14Slukem fi 461.14Slukem if [ -f /etc/ipf6.conf ]; then 471.14Slukem /sbin/ipf -6 -Fa 481.14Slukem fi 491.14Slukem 501.14Slukem # Now load the config files 511.14Slukem # 521.8Slukem if [ -f /etc/ipf.conf ]; then 531.13Slukem /sbin/ipf -f /etc/ipf.conf 541.8Slukem fi 551.8Slukem if [ -f /etc/ipf6.conf ]; then 561.13Slukem /sbin/ipf -6 -f /etc/ipf6.conf 571.8Slukem fi 581.1Slukem} 591.1Slukem 601.1Slukemipfilter_stop() 611.1Slukem{ 621.1Slukem echo "Disabling ipfilter." 631.1Slukem /sbin/ipf -D 641.1Slukem} 651.1Slukem 661.1Slukemipfilter_reload() 671.1Slukem{ 681.1Slukem echo "Reloading ipfilter rules." 691.8Slukem 701.14Slukem # Do the flush first; since older ipf has different semantics. 711.14Slukem # 721.14Slukem if [ -f /etc/ipf.conf ]; then 731.14Slukem /sbin/ipf -I -Fa 741.14Slukem fi 751.14Slukem if [ -f /etc/ipf6.conf ]; then 761.14Slukem /sbin/ipf -6 -I -Fa 771.14Slukem fi 781.14Slukem 791.14Slukem # Now load the config files into the Inactive set 801.14Slukem # 811.13Slukem if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then 821.8Slukem err 1 "reload of ipf.conf failed; not swapping to new ruleset." 831.8Slukem fi 841.13Slukem if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then 851.8Slukem err 1 "reload of ipf6.conf failed; not swapping to new ruleset." 861.1Slukem fi 871.19Sskrll 881.14Slukem # Swap in the new rules 891.14Slukem # 901.8Slukem /sbin/ipf -s 911.10Slukem} 921.10Slukem 931.10Slukemipfilter_resync() 941.10Slukem{ 951.10Slukem /sbin/ipf -y 961.5Slukem} 971.5Slukem 981.5Slukemipfilter_status() 991.5Slukem{ 1001.5Slukem /sbin/ipf -V 1011.1Slukem} 1021.1Slukem 1031.4Slukemload_rc_config $name 1041.3Slukemrun_rc_command "$1" 105