ipfilter revision 1.14 
1#!/bin/sh
2#
3# $NetBSD: ipfilter,v 1.14 2004/12/23 03:31:54 lukem Exp $
4#
5
6# PROVIDE: ipfilter
7# REQUIRE: root beforenetlkm mountcritlocal tty
8
9$_rc_subr_loaded . /etc/rc.subr
10
11name="ipfilter"
12rcvar=$name
13start_precmd="ipfilter_prestart"
14start_cmd="ipfilter_start"
15stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
16stop_cmd="ipfilter_stop"
17reload_precmd="$stop_precmd"
18reload_cmd="ipfilter_reload"
19resync_precmd="$stop_precmd"
20resync_cmd="ipfilter_resync"
21status_precmd="$stop_precmd"
22status_cmd="ipfilter_status"
23extra_commands="reload resync status"
24
25ipfilter_prestart()
26{
27	if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then
28		warn "/etc/ipf*.conf not readable; ipfilter start aborted."
29
30			# If booting directly to multiuser, send SIGTERM to
31			# the parent (/etc/rc) to abort the boot
32			#
33		if [ "$autoboot" = yes ]; then
34			echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
35			kill -TERM $$
36			exit 1
37		fi
38		return 1
39	fi
40	return 0
41}
42
43ipfilter_start()
44{
45	echo "Enabling ipfilter."
46	/sbin/ipf -E
47
48		# Do the flush first; since older ipf has different semantics.
49		#
50	if [ -f /etc/ipf.conf ]; then
51		/sbin/ipf -Fa
52	fi
53	if [ -f /etc/ipf6.conf ]; then
54		/sbin/ipf -6 -Fa
55	fi
56
57		# Now load the config files
58		#
59	if [ -f /etc/ipf.conf ]; then
60		/sbin/ipf -f /etc/ipf.conf
61	fi
62	if [ -f /etc/ipf6.conf ]; then
63		/sbin/ipf -6 -f /etc/ipf6.conf
64	fi
65}
66
67ipfilter_stop()
68{
69	echo "Disabling ipfilter."
70	/sbin/ipf -D
71}
72
73ipfilter_reload()
74{
75	echo "Reloading ipfilter rules."
76
77		# Do the flush first; since older ipf has different semantics.
78		#
79	if [ -f /etc/ipf.conf ]; then
80		/sbin/ipf -I -Fa
81	fi
82	if [ -f /etc/ipf6.conf ]; then
83		/sbin/ipf -6 -I -Fa
84	fi
85
86		# Now load the config files into the Inactive set
87		#
88	if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
89		err 1 "reload of ipf.conf failed; not swapping to new ruleset."
90	fi
91	if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
92		err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
93	fi
94		
95		# Swap in the new rules
96		#
97	/sbin/ipf -s
98}
99
100ipfilter_resync()
101{
102	/sbin/ipf -y
103}
104
105ipfilter_status()
106{
107	/sbin/ipf -V
108}
109
110load_rc_config $name
111run_rc_command "$1"
112