etc/rc.d/ipfw

   1 #!/bin/sh
   2 #
   3 # $FreeBSD: src/etc/rc.d/ipfw,v 1.4 2003/03/30 15:52:18 mtm Exp $
   4 # $DragonFly: src/etc/rc.d/ipfw,v 1.2 2004/01/26 17:21:15 rob Exp $
   5 #
   6
   7 # PROVIDE: ipfw
   8 # REQUIRE: ppp-user
   9 # BEFORE: NETWORKING
  10 # KEYWORD: DragonFly
  11
  12 . /etc/rc.subr
  13
  14 name="ipfw"
  15 rcvar="firewall_enable"
  16 start_cmd="ipfw_start"
  17 start_precmd="ipfw_precmd"
  18 stop_cmd="ipfw_stop"
  19
  20 ipfw_precmd()
  21 {
  22         if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then
  23                 if ! kldload ipfw; then
  24                         warn unable to load firewall module.
  25                         return 1
  26                 fi
  27         fi
  28
  29         return 0
  30 }
  31
  32 ipfw_start()
  33 {
  34         # set the firewall rules script if none was specified
  35         [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
  36
  37         if [ -r "${firewall_script}" ]; then
  38                 . "${firewall_script}"
  39                 echo -n 'Firewall rules loaded, starting divert daemons:'
  40
  41                 # Network Address Translation daemon
  42                 #
  43                 if checkyesno natd_enable; then
  44                         if [ -n "${natd_interface}" ]; then
  45                                 if echo ${natd_interface} | \
  46                                 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
  47                                         natd_flags="$natd_flags -a ${natd_interface}"
  48                                 else
  49                                         natd_flags="$natd_flags -n ${natd_interface}"
  50                                 fi
  51                         fi
  52                         echo -n ' natd'
  53                         ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
  54                 fi
  55         elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
  56                 echo 'Warning: kernel has firewall functionality, but' \
  57                     ' firewall rules are not enabled.'
  58                 echo '           All ip services are disabled.'
  59         fi
  60         echo '.'
  61
  62         # Firewall logging
  63         #
  64         if checkyesno firewall_logging; then
  65                 echo 'Firewall logging enabled'
  66                 sysctl net.inet.ip.fw.verbose=1 >/dev/null
  67         fi
  68
  69         # Enable the firewall
  70         #
  71         ${SYSCTL_W} net.inet.ip.fw.enable=1
  72 }
  73
  74 ipfw_stop()
  75 {
  76         # Disable the firewall
  77         #
  78         ${SYSCTL_W} net.inet.ip.fw.enable=0
  79 }
  80
  81 load_rc_config $name
  82 run_rc_command "$1"