ipfilter revision 1.13
1#!/bin/sh 2# 3# $NetBSD: ipfilter,v 1.13 2004/11/08 02:09:01 lukem Exp $ 4# 5 6# PROVIDE: ipfilter 7# REQUIRE: root beforenetlkm mountcritlocal tty 8 9$_rc_subr_loaded . /etc/rc.subr 10 11name="ipfilter" 12rcvar=$name 13start_precmd="ipfilter_prestart" 14start_cmd="ipfilter_start" 15stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf" 16stop_cmd="ipfilter_stop" 17reload_precmd="$stop_precmd" 18reload_cmd="ipfilter_reload" 19resync_precmd="$stop_precmd" 20resync_cmd="ipfilter_resync" 21status_precmd="$stop_precmd" 22status_cmd="ipfilter_status" 23extra_commands="reload resync status" 24 25ipfilter_prestart() 26{ 27 if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then 28 warn "/etc/ipf*.conf not readable; ipfilter start aborted." 29 # 30 # If booting directly to multiuser, send SIGTERM to 31 # the parent (/etc/rc) to abort the boot 32 # 33 if [ "$autoboot" = yes ]; then 34 echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" 35 kill -TERM $$ 36 exit 1 37 fi 38 return 1 39 fi 40 return 0 41} 42 43ipfilter_start() 44{ 45 echo "Enabling ipfilter." 46 /sbin/ipf -E 47 /sbin/ipf -Fa 48 /sbin/ipf -6 -Fa 49 if [ -f /etc/ipf.conf ]; then 50 /sbin/ipf -f /etc/ipf.conf 51 fi 52 if [ -f /etc/ipf6.conf ]; then 53 /sbin/ipf -6 -f /etc/ipf6.conf 54 fi 55} 56 57ipfilter_stop() 58{ 59 echo "Disabling ipfilter." 60 /sbin/ipf -D 61} 62 63ipfilter_reload() 64{ 65 echo "Reloading ipfilter rules." 66 67 /sbin/ipf -I -Fa 68 /sbin/ipf -6 -I -Fa 69 if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then 70 err 1 "reload of ipf.conf failed; not swapping to new ruleset." 71 fi 72 if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then 73 err 1 "reload of ipf6.conf failed; not swapping to new ruleset." 74 fi 75 /sbin/ipf -s 76} 77 78ipfilter_resync() 79{ 80 /sbin/ipf -y 81} 82 83ipfilter_status() 84{ 85 /sbin/ipf -V 86} 87 88load_rc_config $name 89run_rc_command "$1" 90