diff options
| author | ume <ume@FreeBSD.org> | 2009-12-02 15:05:26 +0000 |
|---|---|---|
| committer | ume <ume@FreeBSD.org> | 2009-12-02 15:05:26 +0000 |
| commit | ba7665678f35b37968e0734f1086fc8fe7143340 (patch) | |
| tree | d274f4a3f20bd30ff98ae13a63f13accbcd8cba4 /etc/rc.d | |
| parent | b26098335ad13f28d7c5848b7616741f750e786e (diff) | |
| download | FreeBSD-src-ba7665678f35b37968e0734f1086fc8fe7143340.zip FreeBSD-src-ba7665678f35b37968e0734f1086fc8fe7143340.tar.gz | |
Unify rc.firewall and rc.firewall6, and obsolete rc.firewall6
and rc.d/ip6fw.
Reviewed by: dougb, jhb
MFC after: 1 month
Diffstat (limited to 'etc/rc.d')
| -rwxr-xr-x | etc/rc.d/Makefile | 2 | ||||
| -rwxr-xr-x | etc/rc.d/ip6fw | 48 | ||||
| -rwxr-xr-x | etc/rc.d/ipfw | 13 |
3 files changed, 13 insertions, 50 deletions
diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index fbfac8a..7f72303 100755 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -15,7 +15,7 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ hcsecd \ hostapd hostid hostid_save hostname \ inetd initrandom \ - ip6addrctl ip6fw ipfilter ipfs ipfw ipmon \ + ip6addrctl ipfilter ipfs ipfw ipmon \ ipnat ipsec ipxrouted \ jail \ kadmind kerberos keyserv kldxref kpasswdd \ diff --git a/etc/rc.d/ip6fw b/etc/rc.d/ip6fw deleted file mode 100755 index ca95d36..0000000 --- a/etc/rc.d/ip6fw +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: ip6fw -# REQUIRE: routing -# KEYWORD: nojail - -. /etc/rc.subr - -name="ip6fw" -rcvar=`set_rcvar ipv6_firewall` -start_cmd="ip6fw_start" -stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0" -required_modules="ipfw" - -ip6fw_start() -{ - # Specify default rules file if none provided - if [ -z "${ipv6_firewall_script}" ]; then - ipv6_firewall_script=/etc/rc.firewall6 - fi - - # Load rules - # - if [ -r "${ipv6_firewall_script}" ]; then - /bin/sh "${ipv6_firewall_script}" - echo 'IPv6 Firewall rules loaded.' - elif [ "`ipfw show 65535`" = "65535 deny ip from any to any" ]; then - warn 'IPv6 firewall rules have not been loaded. Default' \ - ' to DENY all access.' - fi - - # Enable firewall logging - # - if checkyesno ipv6_firewall_logging; then - echo 'IPv6 Firewall logging=YES' - sysctl net.inet.ip.fw.verbose=1 >/dev/null - fi - - # Enable the firewall - # - ${SYSCTL_W} net.inet6.ip6.fw.enable=1 -} - -load_rc_config $name -run_rc_command "$1" diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw index 872f278..dd7ab55 100755 --- a/etc/rc.d/ipfw +++ b/etc/rc.d/ipfw @@ -17,6 +17,8 @@ start_precmd="ipfw_prestart" stop_cmd="ipfw_stop" required_modules="ipfw" +set_rcvar_obsolete ipv6_firewall_enable + ipfw_prestart() { if checkyesno dummynet_enable; then @@ -61,7 +63,13 @@ ipfw_start() # Enable the firewall # if ! ${SYSCTL_W} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then - warn "failed to enable firewall" + warn "failed to enable IPv4 firewall" + fi + if afexists inet6; then + if ! ${SYSCTL_W} net.inet6.ip6.fw.enable=1 1>/dev/null 2>&1 + then + warn "failed to enable IPv6 firewall" + fi fi } @@ -70,6 +78,9 @@ ipfw_stop() # Disable the firewall # ${SYSCTL_W} net.inet.ip.fw.enable=0 + if afexists inet6; then + ${SYSCTL_W} net.inet6.ip6.fw.enable=0 + fi if [ -f /etc/rc.d/natd ] ; then /etc/rc.d/natd quietstop fi |
