Home | History | Annotate | Line # | Download | only in rc.d
ipfilter revision 1.14 
      1 #!/bin/sh
      2 #
      3 # $NetBSD: ipfilter,v 1.14 2004/12/23 03:31:54 lukem Exp $
      4 #
      5 
      6 # PROVIDE: ipfilter
      7 # REQUIRE: root beforenetlkm mountcritlocal tty
      8 
      9 $_rc_subr_loaded . /etc/rc.subr
     10 
     11 name="ipfilter"
     12 rcvar=$name
     13 start_precmd="ipfilter_prestart"
     14 start_cmd="ipfilter_start"
     15 stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
     16 stop_cmd="ipfilter_stop"
     17 reload_precmd="$stop_precmd"
     18 reload_cmd="ipfilter_reload"
     19 resync_precmd="$stop_precmd"
     20 resync_cmd="ipfilter_resync"
     21 status_precmd="$stop_precmd"
     22 status_cmd="ipfilter_status"
     23 extra_commands="reload resync status"
     24 
     25 ipfilter_prestart()
     26 {
     27 	if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then
     28 		warn "/etc/ipf*.conf not readable; ipfilter start aborted."
     29 
     30 			# If booting directly to multiuser, send SIGTERM to
     31 			# the parent (/etc/rc) to abort the boot
     32 			#
     33 		if [ "$autoboot" = yes ]; then
     34 			echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
     35 			kill -TERM $$
     36 			exit 1
     37 		fi
     38 		return 1
     39 	fi
     40 	return 0
     41 }
     42 
     43 ipfilter_start()
     44 {
     45 	echo "Enabling ipfilter."
     46 	/sbin/ipf -E
     47 
     48 		# Do the flush first; since older ipf has different semantics.
     49 		#
     50 	if [ -f /etc/ipf.conf ]; then
     51 		/sbin/ipf -Fa
     52 	fi
     53 	if [ -f /etc/ipf6.conf ]; then
     54 		/sbin/ipf -6 -Fa
     55 	fi
     56 
     57 		# Now load the config files
     58 		#
     59 	if [ -f /etc/ipf.conf ]; then
     60 		/sbin/ipf -f /etc/ipf.conf
     61 	fi
     62 	if [ -f /etc/ipf6.conf ]; then
     63 		/sbin/ipf -6 -f /etc/ipf6.conf
     64 	fi
     65 }
     66 
     67 ipfilter_stop()
     68 {
     69 	echo "Disabling ipfilter."
     70 	/sbin/ipf -D
     71 }
     72 
     73 ipfilter_reload()
     74 {
     75 	echo "Reloading ipfilter rules."
     76 
     77 		# Do the flush first; since older ipf has different semantics.
     78 		#
     79 	if [ -f /etc/ipf.conf ]; then
     80 		/sbin/ipf -I -Fa
     81 	fi
     82 	if [ -f /etc/ipf6.conf ]; then
     83 		/sbin/ipf -6 -I -Fa
     84 	fi
     85 
     86 		# Now load the config files into the Inactive set
     87 		#
     88 	if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
     89 		err 1 "reload of ipf.conf failed; not swapping to new ruleset."
     90 	fi
     91 	if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
     92 		err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
     93 	fi
     94 		
     95 		# Swap in the new rules
     96 		#
     97 	/sbin/ipf -s
     98 }
     99 
    100 ipfilter_resync()
    101 {
    102 	/sbin/ipf -y
    103 }
    104 
    105 ipfilter_status()
    106 {
    107 	/sbin/ipf -V
    108 }
    109 
    110 load_rc_config $name
    111 run_rc_command "$1"
    112