1#!/bin/sh 2# 3# 4 5# PROVIDE: ipfilter 6# REQUIRE: FILESYSTEMS 7# BEFORE: ipmon ipnat netif netwait securelevel 8# KEYWORD: nojailvnet 9 10. /etc/rc.subr 11 12name="ipfilter" 13desc="IP packet filter" 14rcvar="ipfilter_enable" 15load_rc_config $name 16stop_precmd="test -f ${ipfilter_rules}" 17 18# doesn't make sense to run in a svcj: config setting 19ipfilter_svcj="NO" 20 21start_precmd="$stop_precmd" 22start_cmd="ipfilter_start" 23stop_cmd="ipfilter_stop" 24reload_precmd="$stop_precmd" 25reload_cmd="ipfilter_reload" 26resync_precmd="$stop_precmd" 27resync_cmd="ipfilter_resync" 28status_precmd="$stop_precmd" 29status_cmd="ipfilter_status" 30extra_commands="reload resync" 31required_modules="ipl:ipfilter" 32 33ipfilter_start() 34{ 35 echo "Enabling ipfilter." 36 if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 37 ${ipfilter_program:-/sbin/ipf} -E 38 fi 39 if [ -n "${ipfilter_optionlist}" ]; then 40 ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" 41 fi 42 ${ipfilter_program:-/sbin/ipf} -Fa 43 if [ -r "${ipfilter_rules}" ]; then 44 ${ipfilter_program:-/sbin/ipf} \ 45 -f "${ipfilter_rules}" ${ipfilter_flags} 46 fi 47} 48 49ipfilter_stop() 50{ 51 if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then 52 echo "Saving firewall state tables" 53 ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} 54 echo "Disabling ipfilter." 55 ${ipfilter_program:-/sbin/ipf} -D 56 fi 57} 58 59ipfilter_reload() 60{ 61 echo "Reloading ipfilter rules." 62 63 ${ipfilter_program:-/sbin/ipf} -I -Fa 64 if [ -r "${ipfilter_rules}" ]; then 65 ${ipfilter_program:-/sbin/ipf} -I \ 66 -f "${ipfilter_rules}" ${ipfilter_flags} 67 if [ $? -ne 0 ]; then 68 err 1 'Load of rules into alternate set failed; aborting reload' 69 fi 70 fi 71 ${ipfilter_program:-/sbin/ipf} -s 72 73} 74 75ipfilter_resync() 76{ 77 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 78} 79 80ipfilter_status() 81{ 82 ${ipfilter_program:-/sbin/ipf} -V 83} 84 85run_rc_command "$1" 86