diff options
Diffstat (limited to 'etc/rc.d/ip6fw')
-rw-r--r-- | etc/rc.d/ip6fw | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/etc/rc.d/ip6fw b/etc/rc.d/ip6fw new file mode 100644 index 0000000..4f37e26 --- /dev/null +++ b/etc/rc.d/ip6fw @@ -0,0 +1,58 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ip6fw +# REQUIRE: network2 +# BEFORE: network_ipv6 +# KEYWORD: FreeBSD + +. /etc/rc.subr + +name="ip6fw" +rcvar=`set_rcvar ipv6_firewall` +start_cmd="ip6fw_start" +start_precmd="ip6fw_prestart" +stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0" + +ip6fw_prestart() +{ + # Load IPv6 firewall module, if not already loaded + if ! ${SYSCTL} net.inet6.ip6.fw.enable > /dev/null 2>&1; then + kldload ip6fw && { + debug 'Kernel IPv6 firewall module loaded.' + return 0 + } + warn 'IPv6 firewall kernel module failed to load.' + return 1 + fi +} + +ip6fw_start() +{ + # Specify default rules file if none provided + if [ -z "${ipv6_firewall_script}" ]; then + ipv6_firewall_script=/etc/rc.firewall6 + fi + + # Load rules + # + if [ -r "${ipv6_firewall_script}" ]; then + . "${ipv6_firewall_script}" + echo 'IPv6 Firewall rules loaded.' + elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then + warn 'IPv6 firewall rules have not been loaded. Default' \ + ' to DENY all access.' + fi + + # Enable firewall logging + # + if checkyesno ipv6_firewall_logging ; then + echo 'IPv6 Firewall logging=YES' + sysctl net.inet6.ip6.fw.verbose=1 >/dev/null + fi +} + +load_rc_config $name +run_rc_command "$1" |