Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/etc/rc.d/ipfilter,v rcsdiff: /ftp/cvs/cvsroot/src/etc/rc.d/ipfilter,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.6 retrieving revision 1.10.4.2 diff -u -p -r1.6 -r1.10.4.2 --- src/etc/rc.d/ipfilter 2000/07/21 01:14:23 1.6 +++ src/etc/rc.d/ipfilter 2004/11/12 06:44:17 1.10.4.2 @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: ipfilter,v 1.6 2000/07/21 01:14:23 lukem Exp $ +# $NetBSD: ipfilter,v 1.10.4.2 2004/11/12 06:44:17 jmc Exp $ # # PROVIDE: ipfilter @@ -9,23 +9,23 @@ . /etc/rc.subr name="ipfilter" +rcvar=$name start_precmd="ipfilter_prestart" start_cmd="ipfilter_start" -stop_precmd="checkyesno ipfilter && [ -f /etc/ipf.conf ]" +stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf" stop_cmd="ipfilter_stop" reload_precmd="$stop_precmd" reload_cmd="ipfilter_reload" +resync_precmd="$stop_precmd" +resync_cmd="ipfilter_resync" status_precmd="$stop_precmd" status_cmd="ipfilter_status" -extra_commands="reload status" +extra_commands="reload resync status" ipfilter_prestart() { - if ! checkyesno ipfilter; then - return 1 - fi - if [ ! -f /etc/ipf.conf ]; then - warn "/etc/ipf.conf not readable; ipfilter start aborted." + if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then + warn "/etc/ipf*.conf not readable; ipfilter start aborted." # # If booting directly to multiuser, send SIGTERM to # the parent (/etc/rc) to abort the boot @@ -43,7 +43,15 @@ ipfilter_prestart() ipfilter_start() { echo "Enabling ipfilter." - /sbin/ipf -E -Fa -f /etc/ipf.conf + /sbin/ipf -E + /sbin/ipf -Fa + /sbin/ipf -6 -Fa + if [ -f /etc/ipf.conf ]; then + /sbin/ipf -f /etc/ipf.conf + fi + if [ -f /etc/ipf6.conf ]; then + /sbin/ipf -6 -f /etc/ipf6.conf + fi } ipfilter_stop() @@ -55,12 +63,21 @@ ipfilter_stop() ipfilter_reload() { echo "Reloading ipfilter rules." - /sbin/ipf -I -Fa -f /etc/ipf.conf - if [ $? -eq 0 ]; then - /sbin/ipf -s - else - warn "Reload failed; not swapping to new ruleset." + + /sbin/ipf -I -Fa + /sbin/ipf -6 -I -Fa + if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then + err 1 "reload of ipf.conf failed; not swapping to new ruleset." fi + if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then + err 1 "reload of ipf6.conf failed; not swapping to new ruleset." + fi + /sbin/ipf -s +} + +ipfilter_resync() +{ + /sbin/ipf -y } ipfilter_status()