[BACK]Return to ipfilter CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / etc / rc.d

Annotation of src/etc/rc.d/ipfilter, Revision 1.10.4.2

1.1       lukem       1: #!/bin/sh
                      2: #
1.10.4.2! jmc         3: # $NetBSD: ipfilter,v 1.10.4.1 2004/09/21 15:14:20 tron Exp $
1.1       lukem       4: #
                      5:
                      6: # PROVIDE: ipfilter
                      7: # REQUIRE: root beforenetlkm mountcritlocal tty
                      8:
                      9: . /etc/rc.subr
                     10:
                     11: name="ipfilter"
1.7       lukem      12: rcvar=$name
1.5       lukem      13: start_precmd="ipfilter_prestart"
1.1       lukem      14: start_cmd="ipfilter_start"
1.8       lukem      15: stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
1.1       lukem      16: stop_cmd="ipfilter_stop"
                     17: reload_precmd="$stop_precmd"
                     18: reload_cmd="ipfilter_reload"
1.10      lukem      19: resync_precmd="$stop_precmd"
                     20: resync_cmd="ipfilter_resync"
1.5       lukem      21: status_precmd="$stop_precmd"
                     22: status_cmd="ipfilter_status"
1.10      lukem      23: extra_commands="reload resync status"
1.1       lukem      24:
1.5       lukem      25: ipfilter_prestart()
1.1       lukem      26: {
1.9       nisimura   27:        if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then
1.8       lukem      28:                warn "/etc/ipf*.conf not readable; ipfilter start aborted."
1.6       lukem      29:                        #
                     30:                        # If booting directly to multiuser, send SIGTERM to
                     31:                        # the parent (/etc/rc) to abort the boot
                     32:                        #
                     33:                if [ "$autoboot" = yes ]; then
                     34:                        echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
                     35:                        kill -TERM $$
                     36:                        exit 1
                     37:                fi
1.5       lukem      38:                return 1
1.1       lukem      39:        fi
1.5       lukem      40:        return 0
                     41: }
                     42:
                     43: ipfilter_start()
                     44: {
1.1       lukem      45:        echo "Enabling ipfilter."
1.10.4.2! jmc        46:        /sbin/ipf -E
        !            47:        /sbin/ipf -Fa
        !            48:        /sbin/ipf -6 -Fa
1.8       lukem      49:        if [ -f /etc/ipf.conf ]; then
1.10.4.2! jmc        50:                /sbin/ipf -f /etc/ipf.conf
1.8       lukem      51:        fi
                     52:        if [ -f /etc/ipf6.conf ]; then
1.10.4.2! jmc        53:                /sbin/ipf -6 -f /etc/ipf6.conf
1.8       lukem      54:        fi
1.1       lukem      55: }
                     56:
                     57: ipfilter_stop()
                     58: {
                     59:        echo "Disabling ipfilter."
                     60:        /sbin/ipf -D
                     61: }
                     62:
                     63: ipfilter_reload()
                     64: {
                     65:        echo "Reloading ipfilter rules."
1.8       lukem      66:
1.10.4.2! jmc        67:        /sbin/ipf -I -Fa
        !            68:        /sbin/ipf -6 -I -Fa
        !            69:        if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
1.8       lukem      70:                err 1 "reload of ipf.conf failed; not swapping to new ruleset."
                     71:        fi
1.10.4.2! jmc        72:        if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
1.8       lukem      73:                err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
1.1       lukem      74:        fi
1.8       lukem      75:        /sbin/ipf -s
1.10      lukem      76: }
                     77:
                     78: ipfilter_resync()
                     79: {
                     80:        /sbin/ipf -y
1.5       lukem      81: }
                     82:
                     83: ipfilter_status()
                     84: {
                     85:        /sbin/ipf -V
1.1       lukem      86: }
                     87:
1.4       lukem      88: load_rc_config $name
1.3       lukem      89: run_rc_command "$1"

CVSweb <webmaster@jp.NetBSD.org>