Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/etc/rc.d/ipfilter,v rcsdiff: /ftp/cvs/cvsroot/src/etc/rc.d/ipfilter,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.5 retrieving revision 1.12 diff -u -p -r1.5 -r1.12 --- src/etc/rc.d/ipfilter 2000/07/17 12:58:14 1.5 +++ src/etc/rc.d/ipfilter 2004/09/09 00:33:03 1.12 @@ -1,31 +1,40 @@ #!/bin/sh # -# $NetBSD: ipfilter,v 1.5 2000/07/17 12:58:14 lukem Exp $ +# $NetBSD: ipfilter,v 1.12 2004/09/09 00:33:03 lukem Exp $ # # PROVIDE: ipfilter # REQUIRE: root beforenetlkm mountcritlocal tty -. /etc/rc.subr +$_rc_subr_loaded . /etc/rc.subr name="ipfilter" +rcvar=$name start_precmd="ipfilter_prestart" start_cmd="ipfilter_start" -stop_precmd="checkyesno ipfilter && [ -f /etc/ipf.conf ]" +stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf" stop_cmd="ipfilter_stop" reload_precmd="$stop_precmd" reload_cmd="ipfilter_reload" +resync_precmd="$stop_precmd" +resync_cmd="ipfilter_resync" status_precmd="$stop_precmd" status_cmd="ipfilter_status" -extra_commands="reload status" +extra_commands="reload resync status" ipfilter_prestart() { - if ! checkyesno ipfilter; then - return 1 - fi - if [ ! -f /etc/ipf.conf ]; then - warn "/etc/ipf.conf not readable; ipfilter start aborted." + if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then + warn "/etc/ipf*.conf not readable; ipfilter start aborted." + # + # If booting directly to multiuser, send SIGTERM to + # the parent (/etc/rc) to abort the boot + # + if [ "$autoboot" = yes ]; then + echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" + kill -TERM $$ + exit 1 + fi return 1 fi return 0 @@ -34,7 +43,13 @@ ipfilter_prestart() ipfilter_start() { echo "Enabling ipfilter." - /sbin/ipf -E -Fa -f /etc/ipf.conf + /sbin/ipf -E -Fa + if [ -f /etc/ipf.conf ]; then + /sbin/ipf -Fa -f /etc/ipf.conf + fi + if [ -f /etc/ipf6.conf ]; then + /sbin/ipf -6 -Fa -f /etc/ipf6.conf + fi } ipfilter_stop() @@ -46,12 +61,19 @@ ipfilter_stop() ipfilter_reload() { echo "Reloading ipfilter rules." - /sbin/ipf -I -Fa -f /etc/ipf.conf - if [ $? -eq 0 ]; then - /sbin/ipf -s - else - warn "Reload failed; not swapping to new ruleset." + + if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -Fa -f /etc/ipf.conf; then + err 1 "reload of ipf.conf failed; not swapping to new ruleset." fi + if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -6 -I -Fa -f /etc/ipf6.conf; then + err 1 "reload of ipf6.conf failed; not swapping to new ruleset." + fi + /sbin/ipf -s +} + +ipfilter_resync() +{ + /sbin/ipf -y } ipfilter_status()