summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorume <ume@FreeBSD.org>2002-11-02 08:21:26 +0000
committerume <ume@FreeBSD.org>2002-11-02 08:21:26 +0000
commit6866e4bdcadbb5f349d46c00e275956b679f432b (patch)
treeaa5ccbd31b7b338b754059e0c9d91a49b15ee782
parent635e3ab81e29feed15a1dbbb08bea9455a49423a (diff)
downloadFreeBSD-src-6866e4bdcadbb5f349d46c00e275956b679f432b.zip
FreeBSD-src-6866e4bdcadbb5f349d46c00e275956b679f432b.tar.gz
Add IPv6 setup for ipfilter. `ipv6_ipfilter_rules' was added
to specify rules definition file for ipfilter. The default is /etc/ipf6.rules. If there is a file which is specified by 'ipv6_ipfilter_rules', IPv6 rule is installed. Reviewed by: Ronald van der Pol <Ronald.vanderPol@rvdp.org> MFC after: 1 week
Diffstat
-rw-r--r--etc/defaults/rc.conf3
-rwxr-xr-xetc/rc.d/ipfilter27
-rw-r--r--etc/rc.network16
3 files changed, 37 insertions, 9 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 0bd1245..87ae297 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -311,6 +311,9 @@ ipv6_firewall_type="UNKNOWN" # IPv6 Firewall type (see /etc/rc.firewall6)
ipv6_firewall_quiet="NO" # Set to YES to suppress rule display
ipv6_firewall_logging="NO" # Set to YES to enable events logging
ipv6_firewall_flags="" # Flags passed to ip6fw when type is a file
+ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter,
+ # see /usr/src/contrib/ipfilter/rules
+ # for examples
##############################################################
### System console options #################################
diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter
index 2ee2d28..423717e 100755
--- a/etc/rc.d/ipfilter
+++ b/etc/rc.d/ipfilter
@@ -16,7 +16,7 @@ load_rc_config $name
case ${OSTYPE} in
FreeBSD)
- stop_precmd="test -f ${ipfilter_rules}"
+ stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
;;
NetBSD)
stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
@@ -49,7 +49,8 @@ FreeBSD)
fi
# check for ipfilter rules
- if [ ! -r "${ipfilter_rules}" ]; then
+ if [ ! -r "${ipfilter_rules}" ] && [ ! -r "${ipv6_ipfilter_rules}" ]
+ then
warn 'IP-filter: NO IPF RULES'
return 1
fi
@@ -78,8 +79,15 @@ ipfilter_start()
echo "Enabling ipfilter."
case ${OSTYPE} in
FreeBSD)
- ${ipfilter_program:-/sbin/ipf} -Fa -f \
- "${ipfilter_rules}" ${ipfilter_flags}
+ ${ipfilter_program:-/sbin/ipf} -Fa
+ if [ -r "${ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} \
+ -f "${ipfilter_rules}" ${ipfilter_flags}
+ fi
+ if [ -r "${ipv6_ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} -6 \
+ -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
+ fi
;;
NetBSD)
/sbin/ipf -E -Fa
@@ -114,8 +122,15 @@ ipfilter_reload()
case ${OSTYPE} in
FreeBSD)
- ${ipfilter_program:-/sbin/ipf} -I -Fa -f \
- "${ipfilter_rules}" ${ipfilter_flags}
+ ${ipfilter_program:-/sbin/ipf} -I -Fa
+ if [ -r "${ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} -I \
+ -f "${ipfilter_rules}" ${ipfilter_flags}
+ fi
+ if [ -r "${ipv6_ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} -I -6 \
+ -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
+ fi
;;
NetBSD)
/sbin/ipf -I -Fa
diff --git a/etc/rc.network b/etc/rc.network
index 43d9a00..925876b 100644
--- a/etc/rc.network
+++ b/etc/rc.network
@@ -101,10 +101,20 @@ network_pass1() {
esac
case "${ipfilter_enable}" in
[Yy][Ee][Ss])
- if [ -r "${ipfilter_rules}" ]; then
+ if [ -r "${ipfilter_rules}" -o \
+ -r "${ipv6_ipfilter_rules}" ]; then
echo -n ' ipfilter'
- ${ipfilter_program:-/sbin/ipf} -Fa -f \
- "${ipfilter_rules}" ${ipfilter_flags}
+ ${ipfilter_program:-/sbin/ipf} -Fa
+ if [ -r "${ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} \
+ -f "${ipfilter_rules}" \
+ ${ipfilter_flags}
+ fi
+ if [ -r "${ipv6_ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} -6 \
+ -f "${ipv6_ipfilter_rules}" \
+ ${ipfilter_flags}
+ fi
else
ipfilter_enable="NO"
echo -n ' NO IPF RULES'
OpenPOWER on IntegriCloud