summaryrefslogtreecommitdiffstats
path: root/etc/rc.d/ipfw
Commit message (Collapse)AuthorAgeFilesLines
* Refine the "nojail" rc keyword, adding "nojailvnet" for files that don'tjamie2013-05-191-1/+1
| | | | | | | | | apply to most jails but do apply to vnet jails. This includes adding a new sysctl "security.jail.vnet" to identify vnet jails. PR: conf/149050 Submitted by: mdodd MFC after: 3 days
* Load ipdivert.ko when natd_enable=YES.hrs2012-10-291-4/+4
| | | | PR: conf/167566
* Make ipfw0 logging pseudo-interface clonable. It can be created automaticallyhrs2012-07-091-0/+4
| | | | | | | by $firewall_logif rc.conf(5) variable at boot time or manually by ifconfig(8) after a boot. Discussed on: freebsd-ipfw@
* Replace ${SYSCTL_W} with ${SYSCTL} in rc.d scripts, as they are identical.emaste2011-03-301-4/+4
| | | | | | This is a further clean up after r202988. SYSCTL_W is still initialized in rc.subr as some ports may still use it.
* Remove trailing white space. No functional changes.dougb2010-05-141-2/+2
|
* Introduce new rc.conf variable firewall_coscripts. It can be used toemax2010-02-081-6/+26
| | | | | | | | | specify list of executables and/or rc scripts that should be executed after firewall starts/stops. Submitted by: Yuri Kurenkov <y dot kurenkov at init dot ru> Reviewed by: rhodes, rc@ MFC after: 1 week
* Unify rc.firewall and rc.firewall6, and obsolete rc.firewall6ume2009-12-021-1/+12
| | | | | | | and rc.d/ip6fw. Reviewed by: dougb, jhb MFC after: 1 month
* Reverse the effect of r193198 for pf and ipfw which will once againdougb2009-06-261-1/+1
| | | | | | | | | | | | | | | allow them to start after netif. There were too many problems reported with this change in the short period of time that it lived in HEAD, and we are too late in the release cycle to properly shake it out. IMO the issue of having the firewalls up before the network is still a valid concern, particularly for pf whose default state is wide open. However properly solving this issue is going to take some investment on the part of the people who actually use those tools. This is not a strict reversion of all the changes for r193198 since it also included some simplification of the BEFORE/REQUIRE logic which is still valid for ipfilter and ip6fw.
* Make the pf and ipfw firewalls start before netif, just like ipfilterdougb2009-06-011-2/+1
| | | | | already does. This eliminates a logical inconsistency, and a small window where the system is open after the network comes up.
* - Add ipfw_nat to the list of required modules if "firewall_nat_enable"emax2009-03-301-2/+12
| | | | | | | | | | is set and "natd_enable" is NOT set; - Accept and pass firewall type to the external firewall script. Submitted by: Yuri Kurenkov < y -dot- kurenkov -at- init -dot- ru > MFC after: 3 days No response from: freebsd-rc
* As previously discussed, add the svn:executable property to all scriptsdougb2008-07-161-0/+0
|
* No need to display the result of enabling the ipfw sysctl if it'smtm2008-07-051-1/+3
| | | | successfull. Issue a warning if it fails, however.
* Add a dummynet_enable knob to go with firewall_enable. If this knobmtm2008-01-271-0/+8
| | | | | | | | is enabled dummynet(4) is added to the list of required modules. Discussed on: #freebsd-bugbusters (rwatson, trhodes) PR: conf/79196 MFC after: 1 week
* Generally, anything that runs rc.d scripts internally shouldmtm2008-01-261-2/+2
| | | | start using the quiet prefix (i.e. quietstart, quietstop, etc...).
* Instead of directly sourcing the firewall script, run it in a separate shell.mtm2007-04-021-1/+1
| | | | | | | | If the firewall script is sourced directly from the script, then any exit statements in it will also terminate the rc.d script prematurely. PR: conf/78762 MFC-After: 2 weeks
* Use $required_modules wherever suitable. Use load_kld() in specialyar2006-12-311-13/+1
| | | | cases. So we get rid of quite a few lines of duplicated code.
* De-uglify messages from the ipfw script.yar2006-07-251-4/+2
|
* Use 'ipfw list' instead of 'ipfw l', since it's deprecated (and warning iswkoszek2006-02-261-1/+1
| | | | | | | printed on system startup). Approved by: cognet (mentor) MFC after: 3 days
* Transforming "ppp-user" into just "ppp", step 1:yar2005-10-281-1/+1
| | | | | | | | | | | The rcorder(8) condition PROVIDE'd by the script and REQUIRE'd by the others becomes "ppp". The ultimate goal of the transformation is to reduce confusion resulting from the fact that $name has been "ppp" already. Discussed with: pjd, -rc
* Start natd(8) before loading firewall rules, to give theru2005-03-161-2/+3
| | | | ipdivert.ko module a chance to load.
* Remove the requirement for the FreeBSD keyword as it no longermtm2004-10-071-1/+1
| | | | | | | makes any sense. Discussed with: dougb, brooks MFC after: 3 days
* Protect som cross-script invocations by checks to see that the targetphk2004-04-281-2/+6
| | | | | script exists. This allows pruning of rc.d scripts without getting too many ugly boottime error message
* Add separate script for natd. This fixes race condition with "ipfw restart"fjoe2004-04-051-27/+2
| | | | | | | (when new natd is started before old natd died) and allows to manage natd without touching ipfw. natd should probably be killed with SIGKILL when stopping natd.
* Mark scripts as not usable inside a jail by adding keyword 'nojail'.pjd2004-03-081-1/+1
| | | | Some suggestions from: rwatson, Ruben de Groot <mail25@bzerk.org>
* Add -dynamic to natd if dhcp is used for the natd interface.mbr2003-07-271-0/+13
| | | | | | Kill natd in stop(). Reviewed by: mtm
* Make the 'restart' command work. Otherwise, it would successfullymtm2003-03-301-4/+15
| | | | | | | | | | | | stop ipfw, but not enable it again. Aesthetic changes o Use positve logic (instead of negative) o create a 'stop' function, rather than putting the commands in the stop_cmd variable. Submitted by: des Approved by: markm (mentor) (implicit)
* Finish merging in rev. 1.124 of rc.network, so that natd can be usedmtm2003-01-141-2/+2
| | | | | | | | | | | withough the $natd_interface having to be explicitly specified on the command line. Approved by: markm (mentor) Submitted by: Aaron D. Gifford <agifford@infowest.com> PR: conf/47024 MFC: upon re approval
* Fix style bugs:schweikh2002-10-121-4/+4
| | | | | | | | | | * Space -> tabs conversion. * Removed blanks before semicolon in "if ... ; then". * Proper indentation of misindented lines. * Put a full stop after some comments. * Removed whitespace at end of line. Approved by: silence from gordon
* Merge in all the changes that Mike Makonnen has been maintaining for agordon2002-06-131-0/+70
while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
OpenPOWER on IntegriCloud