diff options
author | darrenr <darrenr@FreeBSD.org> | 2001-11-24 15:36:30 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 2001-11-24 15:36:30 +0000 |
commit | 94889bc82bde52bff12f3ab81bdbd8868c1a9204 (patch) | |
tree | af7dbbd8a5528518ab68bb8f20913312af48aa71 /etc | |
parent | ee8055d6038d7928288598a4238513bc459ed3bb (diff) | |
download | FreeBSD-src-94889bc82bde52bff12f3ab81bdbd8868c1a9204.zip FreeBSD-src-94889bc82bde52bff12f3ab81bdbd8868c1a9204.tar.gz |
second part of the patches to complete ipf changes to rc
PR: multiple
Submitted by: Arjan de Vet <devet@devet.org>
Diffstat (limited to 'etc')
-rw-r--r-- | etc/defaults/rc.conf | 20 | ||||
-rw-r--r-- | etc/rc.shutdown | 14 |
2 files changed, 15 insertions, 19 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index a1245d1..f0b6148 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -61,25 +61,21 @@ natd_enable="NO" # Enable natd (if firewall_enable == YES). natd_interface="fxp0" # Public interface or IPaddress to use. natd_flags="" # Additional flags for natd. ipfilter_enable="NO" # Set to YES to enable ipfilter functionality -ipfilter_program="/sbin/ipf -Fa -f" - # program and how to specify the rules file, - # see /etc/rc.network (pass1) for details +ipfilter_program="/sbin/ipf" # where the ipfilter program lives ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see # /usr/src/contrib/ipfilter/rules for examples -ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module - # (i.e. compiled into the kernel) to - # avoid a warning about "already initialized" -ipnat_enable="NO" # Set to YES for ipnat; needs ipfilter, too! -ipnat_program="/sbin/ipnat -CF -f" # program and how to specify rules file +ipfilter_flags="" # additional flags for ipfilter +ipnat_enable="NO" # Set to YES to enable ipnat functionality +ipnat_program="/sbin/ipnat" # where the ipnat program lives ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat ipnat_flags="" # additional flags for ipnat +ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter or ipnat +ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives +ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog" ipfs_enable="NO" # Set to YES to enable saving and restoring # of state tables at shutdown and boot -ipfs_flags="" # additional flags for ipfs ipfs_program="/sbin/ipfs" # where the ipfs program lives -ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter, too! -ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives -ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog" +ipfs_flags="" # additional flags for ipfs tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions. log_in_vain="NO" # YES to log connects to ports w/o listeners. tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). diff --git a/etc/rc.shutdown b/etc/rc.shutdown index 3984f68..f6c59c9 100644 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -124,18 +124,18 @@ case ${local_startup} in ;; esac -# Save IP Filter state tables +# Insert other shutdown procedures here + +# Saving firewall state tables should be done last +echo -n 'Saving firewall state tables:' +# Save IP-filter state tables case ${ipfs_enable} in [Yy][Ee][Ss]) - echo -n 'Saving IP Filter state tables:' - eval ${ipfs_program:-/sbin/ipfs -W} ${ipfs_flags} + echo -n ' ipfs' + ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} ;; esac -echo . - -# Insert other shutdown procedures here - echo '.' exit 0 |