diff options
author | gordon <gordon@FreeBSD.org> | 2002-06-13 22:14:37 +0000 |
---|---|---|
committer | gordon <gordon@FreeBSD.org> | 2002-06-13 22:14:37 +0000 |
commit | 9c5433cb225f7a4e56e87623ea2e4011179553a5 (patch) | |
tree | 3168589e209abd888b033397e3c46dee6131a116 /etc/rc.d/ipfw | |
parent | 50d99cdfecd92f5323a18aa791a5b1cb9d8b7191 (diff) | |
download | FreeBSD-src-9c5433cb225f7a4e56e87623ea2e4011179553a5.zip FreeBSD-src-9c5433cb225f7a4e56e87623ea2e4011179553a5.tar.gz |
Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson
Diffstat (limited to 'etc/rc.d/ipfw')
-rw-r--r-- | etc/rc.d/ipfw | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw new file mode 100644 index 0000000..92c88e9 --- /dev/null +++ b/etc/rc.d/ipfw @@ -0,0 +1,70 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfw +# REQUIRE: ppp-user +# BEFORE: NETWORKING +# KEYWORD: FreeBSD + +. /etc/rc.subr + +name="ipfw" +rcvar="firewall_enable" +start_cmd="ipfw_start" +start_precmd="ipfw_precmd" +stop_cmd="${SYSCTL_W} net.inet.ip.fw.enable=0" + +ipfw_precmd() +{ + if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1 ; then + if ! kldload ipfw ; then + warn unable to load firewall module. + return 1 + fi + fi + + return 0 +} + +ipfw_start() +{ + # set the firewall rules script if none was specified + [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall + + if [ -r "${firewall_script}" ]; then + . "${firewall_script}" + echo -n 'Firewall rules loaded, starting divert daemons:' + + # Network Address Translation daemon + # + if checkyesno natd_enable ; then + if [ -n "${natd_interface}" ]; then + if echo ${natd_interface} | \ + grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then + natd_flags="$natd_flags -a ${natd_interface}" + else + natd_flags="$natd_flags -n ${natd_interface}" + fi + echo -n ' natd' + ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} + fi + fi + elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then + echo 'Warning: kernel has firewall functionality, but' \ + ' firewall rules are not enabled.' + echo ' All ip services are disabled.' + fi + echo '.' + + # Firewall logging + # + ! checkyesno firewall_logging && return 0 + + echo 'Firewall logging=YES' + sysctl net.inet.ip.fw.verbose=1 >/dev/null +} + +load_rc_config $name +run_rc_command "$1" |