Make ipfilter, ipnat, ipmon, and ipfs behave more like the old rc.

o group them together so they run one right after another o use the NetBSD supplied ipfs script instead of tacking it on to the end of ipnat o Load the ipl module in ipnat and ipfilter, if it's not already loaded o In ipmon and ipnat show a warning if neither ipfilter nor ipnat is enabled or the ipl module is not loaded, and exit Approved by: markm (mentor) (implicit) Tested by: leafy <leafy@leafy.idv.tw>
author: mtm <mtm@FreeBSD.org> 2003-04-24 08:20:47 +0000
committer: mtm <mtm@FreeBSD.org> 2003-04-24 08:20:47 +0000
commit: a6c5ee3cc4da9ead0959ff4821507c2229de063f (patch)
tree: c0744a674488d76a59082db26fc4805a539f9646 /etc
parent: 2b308e25a03938ef728237c7cc2d42d7bdac5f43 (diff)
download: FreeBSD-src-a6c5ee3cc4da9ead0959ff4821507c2229de063f.zip
FreeBSD-src-a6c5ee3cc4da9ead0959ff4821507c2229de063f.tar.gz
7 files changed, 75 insertions, 65 deletions
diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile
index 1fc8fc3..ad9f4d3 100755
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@@ -6,9 +6,9 @@
 FILES=	DAEMON LOGIN NETWORKING SERVERS abi accounting addswap adjkerntz amd \
 	apm apmd atm1 atm2.sh atm3.sh archdep bgfsck bootparams ccd cleanvar \
 	cleartmp cron devd devdb devfs dhclient diskless dmesg dumpon fsck \
-	hostname inetd initdiskless initrandom ip6fw ipfilter ipfw ipmon ipnat \
-	ipsec ipxrouted isdnd jail kadmind kerberos keyserv kldxref ldconfig \
-	local localdaemons lomac lpd motd mountcritlocal mountcritremote \
+	hostname inetd initdiskless initrandom ip6fw ipfilter ipfs ipfw ipmon \
+	ipnat ipsec ipxrouted isdnd jail kadmind kerberos keyserv kldxref \
+	ldconfig local localdaemons lomac lpd motd mountcritlocal mountcritremote \
 	mountd moused mroute6d mrouted msgs named netif network1 network2 network3 \
 	network_ipv6 nfsclient nfsd nfslocking nfsserver nisdomain ntpd \
 	ntpdate othermta pccard pcvt ppp-user pppoed pwcheck quota random \
diff --git a/etc/rc.d/hostname b/etc/rc.d/hostname
index 3a54a2d..812347b 100644
--- a/etc/rc.d/hostname
+++ b/etc/rc.d/hostname
@@ -27,7 +27,7 @@
 #
 
 # PROVIDE: hostname
-# REQUIRE: mountcritlocal sysctl tty
+# REQUIRE: mountcritlocal tty
 # BEFORE:  netif
 # KEYWORD: FreeBSD
 
diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter
index b13a807..46d1840 100755
--- a/etc/rc.d/ipfilter
+++ b/etc/rc.d/ipfilter
@@ -5,7 +5,8 @@
 #
 
 # PROVIDE: ipfilter
-# REQUIRE: root beforenetlkm mountcritlocal tty
+# REQUIRE: root beforenetlkm mountcritlocal tty ipmon
+# BEFORE:  netif
 # KEYWORD: FreeBSD NetBSD
 
 . /etc/rc.subr
@@ -43,8 +44,7 @@ FreeBSD)
 		if kldload ipl; then
 			echo 'IP-filter module loaded.'
 		else
-			warn 'IP-filter module failed to load.'
-			return 1
+			err 1 'IP-filter module failed to load.'
 		fi
 	fi
 
diff --git a/etc/rc.d/ipfs b/etc/rc.d/ipfs
index 0abdba0..1f8f9fb 100755
--- a/etc/rc.d/ipfs
+++ b/etc/rc.d/ipfs
@@ -1,23 +1,47 @@
 #!/bin/sh
 #
 # $NetBSD: ipfs,v 1.3 2002/02/11 13:55:42 lukem Exp $
+# $FreeBSD$
 #
 
 # PROVIDE: ipfs
-# REQUIRE: ipnat mountcritremote
-# KEYWORD: shutdown
+# REQUIRE: ipnat
+# BEFORE:  netif
+# KEYWORD: FreeBSD NetBSD shutdown
 
 . /etc/rc.subr
 
 name="ipfs"
-rcvar=$name
+rcvar=`set_rcvar`
 start_cmd="ipfs_start"
 stop_cmd="ipfs_stop"
+case ${OSTYPE} in
+FreeBSD)
+	start_precmd="ipfs_prestart"
+	;;
+NetBSD)
+	ipfs_program="/usr/sbin/ipfs"
+	;;
+esac
+
+ipfs_prestart()
+{
+	# Do not continue if either ipnat or ipfilter is not enabled or
+	# if the ipfilter module is not loaded.
+	#
+	if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then
+		err 1  "${name} requires either ipfilter or ipnat enabled"
+	fi
+	if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+		err 1 "ipfilter module is not loaded"
+	fi
+	return 0
+}
 
 ipfs_start()
 {
 	if [ -r /var/db/ipf/ipstate.ipf -a -r /var/db/ipf/ipnat.ipf ]; then
-		/usr/sbin/ipfs -R ${rc_flags}
+		${ipfs_program} -R ${rc_flags}
 		rm -f /var/db/ipf/ipstate.ipf /var/db/ipf/ipnat.ipf
 	fi
 }
@@ -29,7 +53,7 @@ ipfs_stop()
 		chmod 700 /var/db/ipf
 		chown root:wheel /var/db/ipf
 	fi
-	/usr/sbin/ipfs -W ${rc_flags}
+	${ipfs_program} -W ${rc_flags}
 }
 
 load_rc_config $name
diff --git a/etc/rc.d/ipmon b/etc/rc.d/ipmon
index 12ef6cc..0c2c1cc 100755
--- a/etc/rc.d/ipmon
+++ b/etc/rc.d/ipmon
@@ -5,7 +5,7 @@
 #
 
 # PROVIDE: ipmon
-# REQUIRE: syslogd
+# REQUIRE: mountcritlocal hostname sysctl
 # BEFORE:  SERVERS
 # KEYWORD: FreeBSD NetBSD
 
@@ -26,9 +26,14 @@ esac
 
 ipmon_precmd()
 {
-	# Make sure ipfilter is loaded before continuing
+	# Continue only if ipfilter or ipnat is enabled and the
+	# ipfilter module is loaded.
+	#
+	if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then
+		err 1  "${name} requires either ipfilter or ipnat enabled"
+	fi
 	if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
-		return 1
+		err 1 "ipfilter module is not loaded"
 	fi
 	return 0
 }
diff --git a/etc/rc.d/ipnat b/etc/rc.d/ipnat
index 51d116c..7d699f4 100755
--- a/etc/rc.d/ipnat
+++ b/etc/rc.d/ipnat
@@ -5,80 +5,61 @@
 #
 
 # PROVIDE: ipnat
-# REQUIRE: ipfilter mountcritremote
-# BEFORE:  DAEMON
+# REQUIRE: ipfilter
+# BEFORE:  DAEMON netif
 # KEYWORD: FreeBSD NetBSD
 
 . /etc/rc.subr
 
 name="ipnat"
 rcvar=`set_rcvar`
+load_rc_config $name
 
 case ${OSTYPE} in
-FreeBSD)
-	IPNATDIR="/sbin"
-	start_precmd="ipnat_precmd"
-	reload_cmd="ipnat_start"
-	;;
 NetBSD)
-	IPNATDIR="/usr/sbin"
-	config="/etc/ipnat.conf"
-	reload_cmd="/usr/sbin/ipnat -F -C -f ${config}"
-	start_precmd=
+	ipnat_flags=
+	ipnat_rules="/etc/ipnat.conf"
+	ipnat_program="/usr/sbin/ipnat"
 	;;
 esac
 
+start_precmd="ipnat_precmd"
 start_cmd="ipnat_start"
-stop_cmd="${ipnat_program:-${IPNATDIR}/${name}} -F -C"
+stop_cmd="${ipnat_program} -F -C"
+reload_cmd="${ipnat_program} -F -C -f ${ipnat_rules}"
 extra_commands="reload"
 
 ipnat_precmd()
 {
+	case ${OSTYPE} in
+	NetBSD)
+		if ! checkyesno ipfilter || [ ! -f /etc/ipf.conf ]; then	
+			echo "Enabling ipfilter for NAT."
+			/sbin/ipf -E -Fa
+		fi
+		return 0
+		;;
+	esac
+
 	# Make sure ipfilter is loaded before continuing
 	if ! ${SYSCTL} net.inet.ipf.fr_pass >/dev/null 2>&1; then
-		err 1 'ipnat requires ipfilter be loaded'
+		if kldload ipl; then
+			echo 'IP-filter module loaded.'
+		else
+			err 1 'IP-filter module failed to load.'
+		fi
 	fi
 	return 0
 }
 
 ipnat_start()
 {
-	case ${OSTYPE} in
-	FreeBSD)
-		echo -n 'Installing NAT rules ... '
-		if [ -r "${ipnat_rules}" ]; then
-			${ipnat_program:-/sbin/ipnat} -CF -f \
-			    "${ipnat_rules}" ${ipnat_flags}
-		else
-			echo -n ' NO IPNAT RULES'
-		fi
-		echo '.'
-
-		# restore filter/NAT state tables after loading the rules
-		if checkyesno ipfs_enable; then
-			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
-				echo -n ' ipfs'
-				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
-				# remove files to avoid reloading old state
-				# after an ungraceful shutdown
-				rm -f /var/db/ipf/ipstate.ipf
-				rm -f /var/db/ipf/ipnat.ipf
-			fi
-		fi
-		;;
-	NetBSD)
-		if [ ! -f ${config} ]; then
-			return 0
-		fi
-		if ! checkyesno ipfilter || [ ! -f /etc/ipf.conf ]; then
-			echo "Enabling ipfilter for NAT."
-			/sbin/ipf -E -Fa
-		fi
-		echo -n "Installing NAT rules ... "
-		/usr/sbin/ipnat -F -f ${config}
-		;;
-	esac
+	if [ ! -f ${ipnat_rules} ]; then
+		echo -n ' NO IPNAT RULES'
+		return 0
+	fi
+	echo -n "Installing NAT rules ... "
+	/usr/sbin/ipnat -CF -f ${ipnat_rules} ${ipnat_flags}
 }
 
-load_rc_config $name
 run_rc_command "$1"
diff --git a/etc/rc.d/sysctl b/etc/rc.d/sysctl
index 71e6752..6e24030 100644
--- a/etc/rc.d/sysctl
+++ b/etc/rc.d/sysctl
@@ -5,7 +5,7 @@
 #
 
 # PROVIDE: sysctl
-# REQUIRE: root ipfilter ipsec
+# REQUIRE: root
 # BEFORE:  DAEMON
 # KEYWORD: FreeBSD NetBSD
author	mtm <mtm@FreeBSD.org>	2003-04-24 08:20:47 +0000
committer	mtm <mtm@FreeBSD.org>	2003-04-24 08:20:47 +0000
commit	a6c5ee3cc4da9ead0959ff4821507c2229de063f (patch)
tree	c0744a674488d76a59082db26fc4805a539f9646 /etc
parent	2b308e25a03938ef728237c7cc2d42d7bdac5f43 (diff)
download	FreeBSD-src-a6c5ee3cc4da9ead0959ff4821507c2229de063f.zip FreeBSD-src-a6c5ee3cc4da9ead0959ff4821507c2229de063f.tar.gz