etc/rc.d/ipfw

   1 #!/bin/sh
   2 #
   3 # $FreeBSD: src/etc/rc.d/ipfw,v 1.4 2003/03/30 15:52:18 mtm Exp $
   4 # $DragonFly: src/etc/rc.d/ipfw,v 1.4 2008/07/06 23:55:51 thomas Exp $
   5 #
   6
   7 # PROVIDE: ipfw
   8 # REQUIRE: ppp-user
   9 # BEFORE: NETWORKING
  10
  11 . /etc/rc.subr
  12
  13 name="ipfw"
  14 rcvar="firewall_enable"
  15 start_cmd="ipfw_start"
  16 start_precmd="ipfw_precmd"
  17 stop_cmd="ipfw_stop"
  18
  19 ipfw_precmd()
  20 {
  21         if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then
  22                 if ! kldload ipfw; then
  23                         warn "unable to load ipfw firewall module."
  24                         return 1
  25                 fi
  26         fi
  27
  28         return 0
  29 }
  30
  31 ipfw_start()
  32 {
  33         # set the firewall rules script if none was specified
  34         [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
  35
  36         if [ -r "${firewall_script}" ]; then
  37                 . "${firewall_script}"
  38                 echo -n 'Firewall rules loaded, starting divert daemons:'
  39
  40                 # Network Address Translation daemon
  41                 #
  42                 if checkyesno natd_enable; then
  43                         if [ -n "${natd_interface}" ]; then
  44                                 if echo ${natd_interface} | \
  45                                 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
  46                                         natd_flags="$natd_flags -a ${natd_interface}"
  47                                 else
  48                                         natd_flags="$natd_flags -n ${natd_interface}"
  49                                 fi
  50                         fi
  51                         echo -n ' natd'
  52                         ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
  53                 fi
  54         elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
  55                 echo 'Warning: kernel has firewall functionality, but' \
  56                     ' firewall rules are not enabled.'
  57                 echo '           All ip services are disabled.'
  58         fi
  59         echo '.'
  60
  61         # Firewall logging
  62         #
  63         if checkyesno firewall_logging; then
  64                 echo 'Firewall logging enabled'
  65                 sysctl net.inet.ip.fw.verbose=1 >/dev/null
  66         fi
  67
  68         # Enable the firewall
  69         #
  70         ${SYSCTL_W} net.inet.ip.fw.enable=1
  71 }
  72
  73 ipfw_stop()
  74 {
  75         # Disable the firewall
  76         #
  77         ${SYSCTL_W} net.inet.ip.fw.enable=0
  78 }
  79
  80 load_rc_config $name
  81 run_rc_command "$1"