1 1.1 lukem #!/bin/sh 2 1.1 lukem # 3 1.21 martin # $NetBSD: ipfilter,v 1.21 2020/09/08 12:52:18 martin Exp $ 4 1.1 lukem # 5 1.1 lukem 6 1.1 lukem # PROVIDE: ipfilter 7 1.21 martin # REQUIRE: root bootconf CRITLOCALMOUNTED tty 8 1.1 lukem 9 1.11 mycroft $_rc_subr_loaded . /etc/rc.subr 10 1.1 lukem 11 1.1 lukem name="ipfilter" 12 1.7 lukem rcvar=$name 13 1.5 lukem start_precmd="ipfilter_prestart" 14 1.1 lukem start_cmd="ipfilter_start" 15 1.8 lukem stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf" 16 1.1 lukem stop_cmd="ipfilter_stop" 17 1.1 lukem reload_precmd="$stop_precmd" 18 1.1 lukem reload_cmd="ipfilter_reload" 19 1.10 lukem resync_precmd="$stop_precmd" 20 1.10 lukem resync_cmd="ipfilter_resync" 21 1.5 lukem status_precmd="$stop_precmd" 22 1.5 lukem status_cmd="ipfilter_status" 23 1.10 lukem extra_commands="reload resync status" 24 1.1 lukem 25 1.5 lukem ipfilter_prestart() 26 1.1 lukem { 27 1.9 nisimura if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then 28 1.8 lukem warn "/etc/ipf*.conf not readable; ipfilter start aborted." 29 1.14 lukem 30 1.15 apb stop_boot 31 1.5 lukem return 1 32 1.1 lukem fi 33 1.5 lukem return 0 34 1.5 lukem } 35 1.5 lukem 36 1.5 lukem ipfilter_start() 37 1.5 lukem { 38 1.1 lukem echo "Enabling ipfilter." 39 1.18 hannken /sbin/ipf ${rc_flags} -E 40 1.14 lukem 41 1.14 lukem # Do the flush first; since older ipf has different semantics. 42 1.14 lukem # 43 1.14 lukem if [ -f /etc/ipf.conf ]; then 44 1.14 lukem /sbin/ipf -Fa 45 1.14 lukem fi 46 1.14 lukem if [ -f /etc/ipf6.conf ]; then 47 1.14 lukem /sbin/ipf -6 -Fa 48 1.14 lukem fi 49 1.14 lukem 50 1.14 lukem # Now load the config files 51 1.14 lukem # 52 1.8 lukem if [ -f /etc/ipf.conf ]; then 53 1.13 lukem /sbin/ipf -f /etc/ipf.conf 54 1.8 lukem fi 55 1.8 lukem if [ -f /etc/ipf6.conf ]; then 56 1.13 lukem /sbin/ipf -6 -f /etc/ipf6.conf 57 1.8 lukem fi 58 1.1 lukem } 59 1.1 lukem 60 1.1 lukem ipfilter_stop() 61 1.1 lukem { 62 1.1 lukem echo "Disabling ipfilter." 63 1.1 lukem /sbin/ipf -D 64 1.1 lukem } 65 1.1 lukem 66 1.1 lukem ipfilter_reload() 67 1.1 lukem { 68 1.1 lukem echo "Reloading ipfilter rules." 69 1.8 lukem 70 1.14 lukem # Do the flush first; since older ipf has different semantics. 71 1.14 lukem # 72 1.14 lukem if [ -f /etc/ipf.conf ]; then 73 1.14 lukem /sbin/ipf -I -Fa 74 1.14 lukem fi 75 1.14 lukem if [ -f /etc/ipf6.conf ]; then 76 1.14 lukem /sbin/ipf -6 -I -Fa 77 1.14 lukem fi 78 1.14 lukem 79 1.14 lukem # Now load the config files into the Inactive set 80 1.14 lukem # 81 1.13 lukem if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then 82 1.8 lukem err 1 "reload of ipf.conf failed; not swapping to new ruleset." 83 1.8 lukem fi 84 1.13 lukem if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then 85 1.8 lukem err 1 "reload of ipf6.conf failed; not swapping to new ruleset." 86 1.1 lukem fi 87 1.19 skrll 88 1.14 lukem # Swap in the new rules 89 1.14 lukem # 90 1.8 lukem /sbin/ipf -s 91 1.10 lukem } 92 1.10 lukem 93 1.10 lukem ipfilter_resync() 94 1.10 lukem { 95 1.10 lukem /sbin/ipf -y 96 1.5 lukem } 97 1.5 lukem 98 1.5 lukem ipfilter_status() 99 1.5 lukem { 100 1.5 lukem /sbin/ipf -V 101 1.1 lukem } 102 1.1 lukem 103 1.4 lukem load_rc_config $name 104 1.3 lukem run_rc_command "$1" 105
Indexes created Sat Sep 27 22:09:54 GMT 2025