Annotation of src/etc/rc.d/ipfilter, Revision 1.18
1.1 lukem 1: #!/bin/sh
2: #
1.18 ! hannken 3: # $NetBSD: ipfilter,v 1.17 2008/11/22 20:23:33 tsutsui Exp $
1.1 lukem 4: #
5:
6: # PROVIDE: ipfilter
1.17 tsutsui 7: # REQUIRE: root bootconf mountcritlocal tty
1.1 lukem 8:
1.11 mycroft 9: $_rc_subr_loaded . /etc/rc.subr
1.1 lukem 10:
11: name="ipfilter"
1.7 lukem 12: rcvar=$name
1.5 lukem 13: start_precmd="ipfilter_prestart"
1.1 lukem 14: start_cmd="ipfilter_start"
1.8 lukem 15: stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
1.1 lukem 16: stop_cmd="ipfilter_stop"
17: reload_precmd="$stop_precmd"
18: reload_cmd="ipfilter_reload"
1.10 lukem 19: resync_precmd="$stop_precmd"
20: resync_cmd="ipfilter_resync"
1.5 lukem 21: status_precmd="$stop_precmd"
22: status_cmd="ipfilter_status"
1.10 lukem 23: extra_commands="reload resync status"
1.1 lukem 24:
1.5 lukem 25: ipfilter_prestart()
1.1 lukem 26: {
1.9 nisimura 27: if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then
1.8 lukem 28: warn "/etc/ipf*.conf not readable; ipfilter start aborted."
1.14 lukem 29:
1.15 apb 30: stop_boot
1.5 lukem 31: return 1
1.1 lukem 32: fi
1.5 lukem 33: return 0
34: }
35:
36: ipfilter_start()
37: {
1.1 lukem 38: echo "Enabling ipfilter."
1.18 ! hannken 39: /sbin/ipf ${rc_flags} -E
1.14 lukem 40:
41: # Do the flush first; since older ipf has different semantics.
42: #
43: if [ -f /etc/ipf.conf ]; then
44: /sbin/ipf -Fa
45: fi
46: if [ -f /etc/ipf6.conf ]; then
47: /sbin/ipf -6 -Fa
48: fi
49:
50: # Now load the config files
51: #
1.8 lukem 52: if [ -f /etc/ipf.conf ]; then
1.13 lukem 53: /sbin/ipf -f /etc/ipf.conf
1.8 lukem 54: fi
55: if [ -f /etc/ipf6.conf ]; then
1.13 lukem 56: /sbin/ipf -6 -f /etc/ipf6.conf
1.8 lukem 57: fi
1.1 lukem 58: }
59:
60: ipfilter_stop()
61: {
62: echo "Disabling ipfilter."
63: /sbin/ipf -D
64: }
65:
66: ipfilter_reload()
67: {
68: echo "Reloading ipfilter rules."
1.8 lukem 69:
1.14 lukem 70: # Do the flush first; since older ipf has different semantics.
71: #
72: if [ -f /etc/ipf.conf ]; then
73: /sbin/ipf -I -Fa
74: fi
75: if [ -f /etc/ipf6.conf ]; then
76: /sbin/ipf -6 -I -Fa
77: fi
78:
79: # Now load the config files into the Inactive set
80: #
1.13 lukem 81: if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
1.8 lukem 82: err 1 "reload of ipf.conf failed; not swapping to new ruleset."
83: fi
1.13 lukem 84: if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
1.8 lukem 85: err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
1.1 lukem 86: fi
1.14 lukem 87:
88: # Swap in the new rules
89: #
1.8 lukem 90: /sbin/ipf -s
1.10 lukem 91: }
92:
93: ipfilter_resync()
94: {
95: /sbin/ipf -y
1.5 lukem 96: }
97:
98: ipfilter_status()
99: {
100: /sbin/ipf -V
1.1 lukem 101: }
102:
1.4 lukem 103: load_rc_config $name
1.3 lukem 104: run_rc_command "$1"
CVSweb <webmaster@jp.NetBSD.org>