tuxillo's projects / dragonfly.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rc: Use kldload -n in our rc scripts which load modules.
[dragonfly.git] / etc / rc.d / ipfw
1 #!/bin/sh
2 #
3 # $FreeBSD: src/etc/rc.d/ipfw,v 1.4 2003/03/30 15:52:18 mtm Exp $
4 #
5
6 # PROVIDE: ipfw
7 # REQUIRE: ppp-user
8 # BEFORE: NETWORKING
9
10 . /etc/rc.subr
11
12 name="ipfw"
13 rcvar="firewall_enable"
14 start_cmd="ipfw_start"
15 start_precmd="ipfw_precmd"
16 stop_cmd="ipfw_stop"
17
18 ipfw_precmd()
19 {
20         # Load IPv4 firewall module, if not already loaded
21         if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then
22                 kldload -n ipfw || return 1
23         fi
24         return 0
25 }
26
27 ipfw_start()
28 {
29         # set the firewall rules script if none was specified
30         [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
31
32         if [ -r "${firewall_script}" ]; then
33                 . "${firewall_script}"
34                 echo -n 'Firewall rules loaded, starting divert daemons:'
35
36                 # Network Address Translation daemon
37                 #
38                 if checkyesno natd_enable; then
39                         if [ -n "${natd_interface}" ]; then
40                                 if echo ${natd_interface} | \
41                                 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
42                                         natd_flags="$natd_flags -a ${natd_interface}"
43                                 else
44                                         natd_flags="$natd_flags -n ${natd_interface}"
45                                 fi
46                         fi
47                         echo -n ' natd'
48                         ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
49                 fi
50         elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
51                 echo 'Warning: kernel has firewall functionality, but' \
52                     ' firewall rules are not enabled.'
53                 echo '           All ip services are disabled.'
54         fi
55         echo '.'
56
57         # Firewall logging
58         #
59         if checkyesno firewall_logging; then
60                 echo 'Firewall logging enabled'
61                 sysctl net.inet.ip.fw.verbose=1 >/dev/null
62         fi
63
64         # Enable the firewall
65         #
66         ${SYSCTL_W} net.inet.ip.fw.enable=1
67 }
68
69 ipfw_stop()
70 {
71         # Disable the firewall
72         #
73         ${SYSCTL_W} net.inet.ip.fw.enable=0
74 }
75
76 load_rc_config $name
77 run_rc_command "$1"
WIP repository