diff options
author | gordon <gordon@FreeBSD.org> | 2002-06-13 22:14:37 +0000 |
---|---|---|
committer | gordon <gordon@FreeBSD.org> | 2002-06-13 22:14:37 +0000 |
commit | 9c5433cb225f7a4e56e87623ea2e4011179553a5 (patch) | |
tree | 3168589e209abd888b033397e3c46dee6131a116 /etc/rc.d/ip6fw | |
parent | 50d99cdfecd92f5323a18aa791a5b1cb9d8b7191 (diff) | |
download | FreeBSD-src-9c5433cb225f7a4e56e87623ea2e4011179553a5.zip FreeBSD-src-9c5433cb225f7a4e56e87623ea2e4011179553a5.tar.gz |
Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson
Diffstat (limited to 'etc/rc.d/ip6fw')
-rw-r--r-- | etc/rc.d/ip6fw | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/etc/rc.d/ip6fw b/etc/rc.d/ip6fw new file mode 100644 index 0000000..4f37e26 --- /dev/null +++ b/etc/rc.d/ip6fw @@ -0,0 +1,58 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ip6fw +# REQUIRE: network2 +# BEFORE: network_ipv6 +# KEYWORD: FreeBSD + +. /etc/rc.subr + +name="ip6fw" +rcvar=`set_rcvar ipv6_firewall` +start_cmd="ip6fw_start" +start_precmd="ip6fw_prestart" +stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0" + +ip6fw_prestart() +{ + # Load IPv6 firewall module, if not already loaded + if ! ${SYSCTL} net.inet6.ip6.fw.enable > /dev/null 2>&1; then + kldload ip6fw && { + debug 'Kernel IPv6 firewall module loaded.' + return 0 + } + warn 'IPv6 firewall kernel module failed to load.' + return 1 + fi +} + +ip6fw_start() +{ + # Specify default rules file if none provided + if [ -z "${ipv6_firewall_script}" ]; then + ipv6_firewall_script=/etc/rc.firewall6 + fi + + # Load rules + # + if [ -r "${ipv6_firewall_script}" ]; then + . "${ipv6_firewall_script}" + echo 'IPv6 Firewall rules loaded.' + elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then + warn 'IPv6 firewall rules have not been loaded. Default' \ + ' to DENY all access.' + fi + + # Enable firewall logging + # + if checkyesno ipv6_firewall_logging ; then + echo 'IPv6 Firewall logging=YES' + sysctl net.inet6.ip6.fw.verbose=1 >/dev/null + fi +} + +load_rc_config $name +run_rc_command "$1" |