src/etc/rc.d/ipfilter - view

Return to ipfilter CVS log

Up to [cvs.NetBSD.org] / src / etc / rc.d

File: [cvs.NetBSD.org] / src / etc / rc.d / ipfilter (download)

Revision 1.15.20.1, Thu Mar 26 17:45:38 2009 UTC (15 years ago) by snj
Branch: netbsd-5
CVS Tags: netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-3-RELEASE, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-5-RELEASE, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, netbsd-5-0, matt-nb5-pq3-base, matt-nb5-pq3, matt-nb5-mips64-u2-k2-k4-k7-k8-k9, matt-nb5-mips64-u1-k1-k5, matt-nb5-mips64-premerge-20101231, matt-nb5-mips64-premerge-20091211, matt-nb5-mips64-k15, matt-nb5-mips64, matt-nb4-mips64-k7-u2a-k9b
Changes since 1.15: +2 -2 lines

Pull up following revision(s) (requested by hannken in ticket #606):
	etc/defaults/rc.conf: revision 1.101
	etc/rc.d/ipfilter: revision 1.18
Add flags to rc.d/ipfilter.  Use it from rc.conf like
	ipfilter=YES ipfilter_flags="-T fr_statemax=18963,fr_statesize=27091"
Ok: Christos Zoulas <christos@netbsd.org>

#!/bin/sh
#
# $NetBSD: ipfilter,v 1.15.20.1 2009/03/26 17:45:38 snj Exp $
#

# PROVIDE: ipfilter
# REQUIRE: root beforenetlkm mountcritlocal tty

$_rc_subr_loaded . /etc/rc.subr

name="ipfilter"
rcvar=$name
start_precmd="ipfilter_prestart"
start_cmd="ipfilter_start"
stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
stop_cmd="ipfilter_stop"
reload_precmd="$stop_precmd"
reload_cmd="ipfilter_reload"
resync_precmd="$stop_precmd"
resync_cmd="ipfilter_resync"
status_precmd="$stop_precmd"
status_cmd="ipfilter_status"
extra_commands="reload resync status"

ipfilter_prestart()
{
	if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then
		warn "/etc/ipf*.conf not readable; ipfilter start aborted."

		stop_boot
		return 1
	fi
	return 0
}

ipfilter_start()
{
	echo "Enabling ipfilter."
	/sbin/ipf ${rc_flags} -E

		# Do the flush first; since older ipf has different semantics.
		#
	if [ -f /etc/ipf.conf ]; then
		/sbin/ipf -Fa
	fi
	if [ -f /etc/ipf6.conf ]; then
		/sbin/ipf -6 -Fa
	fi

		# Now load the config files
		#
	if [ -f /etc/ipf.conf ]; then
		/sbin/ipf -f /etc/ipf.conf
	fi
	if [ -f /etc/ipf6.conf ]; then
		/sbin/ipf -6 -f /etc/ipf6.conf
	fi
}

ipfilter_stop()
{
	echo "Disabling ipfilter."
	/sbin/ipf -D
}

ipfilter_reload()
{
	echo "Reloading ipfilter rules."

		# Do the flush first; since older ipf has different semantics.
		#
	if [ -f /etc/ipf.conf ]; then
		/sbin/ipf -I -Fa
	fi
	if [ -f /etc/ipf6.conf ]; then
		/sbin/ipf -6 -I -Fa
	fi

		# Now load the config files into the Inactive set
		#
	if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
		err 1 "reload of ipf.conf failed; not swapping to new ruleset."
	fi
	if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
		err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
	fi
		
		# Swap in the new rules
		#
	/sbin/ipf -s
}

ipfilter_resync()
{
	/sbin/ipf -y
}

ipfilter_status()
{
	/sbin/ipf -V
}

load_rc_config $name
run_rc_command "$1"