ipsec revision 1.3
1#!/bin/sh 2# 3# $NetBSD: ipsec,v 1.3 2000/06/14 03:24:16 itojun Exp $ 4# 5 6# PROVIDE: ipsec 7# REQUIRE: root beforenetlkm mountcritlocal tty 8 9# it does not really require beforenetlkm. 10 11. /etc/rc.subr 12 13name="ipsec" 14start_cmd="ipsec_start" 15stop_precmd="checkyesno ipsec && [ -f /etc/ipsec.conf ]" 16stop_cmd="ipsec_stop" 17reload_precmd="$stop_precmd" 18reload_cmd="ipsec_reload" 19extra_commands="reload" 20 21ipsec_start() 22{ 23 if ! checkyesno ipsec; then 24 return 0 25 fi 26 27 # if /etc/ipsec.conf isn't readable, abort the boot rather 28 # than risk a security problem 29 # 30 if [ ! -f /etc/ipsec.conf ]; then 31 err 1 "/etc/ipsec.conf not readable; ipsec start aborted." 32 fi 33 # XXX should check if ipsec.conf is secure enough 34 # 35 echo "Installing ipsec manual keys/policies." 36 /sbin/setkey -f /etc/ipsec.conf 37} 38 39ipsec_stop() 40{ 41 echo "Clearing ipsec manual keys/policies." 42 43 # still not 100% sure if we would like to do this. 44 # it is very questionable to do this during shutdown session, since 45 # it can hang any of remaining IPv4/v6 session. 46 # 47 /sbin/setkey -F 48 /sbin/setkey -FP 49} 50 51ipsec_reload() 52{ 53 echo "Reloading ipsec manual keys/policies." 54 /sbin/setkey -F 55 /sbin/setkey -FP 56 /sbin/setkey -f /etc/ipsec.conf 57} 58 59load_rc_config $name 60run_rc_command "$1" 61