From ea768cc3c26894afa3749739a91476398c797f60 Mon Sep 17 00:00:00 2001
From: fjoe <fjoe@FreeBSD.org>
Date: Mon, 5 Apr 2004 16:29:45 +0000
Subject: Add separate script for natd. This fixes race condition with "ipfw
 restart" (when new natd is started before old natd died) and allows to manage
 natd without touching ipfw.

natd should probably be killed with SIGKILL when stopping natd.
---
 etc/rc.d/Makefile |  2 +-
 etc/rc.d/ipfw     | 29 ++---------------------------
 etc/rc.d/natd     | 42 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 45 insertions(+), 28 deletions(-)
 create mode 100644 etc/rc.d/natd

diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile
index 852cf12..ab9b83a 100755
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@@ -21,7 +21,7 @@ FILES=	DAEMON LOGIN NETWORKING SERVERS \
 	ldconfig local localpkg lomac lpd \
 	mixer motd mountcritlocal mountcritremote \
 	mountd moused mroute6d mrouted msgs \
-	named netif netoptions \
+	named natd netif netoptions \
 	network_ipv6 nfsclient nfsd \
 	nfslocking nfsserver nisdomain ntpd ntpdate \
 	othermta \
diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw
index 50b8cf7..990c14e 100644
--- a/etc/rc.d/ipfw
+++ b/etc/rc.d/ipfw
@@ -37,31 +37,7 @@ ipfw_start()
 	if [ -r "${firewall_script}" ]; then
 		. "${firewall_script}"
 		echo -n 'Firewall rules loaded, starting divert daemons:'
-
-		# Network Address Translation daemon
-		#
-		if checkyesno natd_enable; then
-			dhcp_list="`list_net_interfaces dhcp`"
-			for ifn in ${dhcp_list}; do
-				case ${natd_interface} in
-				${ifn})
-					natd_flags="$natd_flags -dynamic"
-					;;
-				*)
-					;;
-				esac
-			done
-			if [ -n "${natd_interface}" ]; then
-				if echo ${natd_interface} | \
-				grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
-					natd_flags="$natd_flags -a ${natd_interface}"
-				else
-					natd_flags="$natd_flags -n ${natd_interface}"
-				fi
-			fi
-			echo -n ' natd'
-			${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
-		fi
+		/etc/rc.d/natd start
 	elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
 		echo 'Warning: kernel has firewall functionality, but' \
 		    ' firewall rules are not enabled.'
@@ -86,8 +62,7 @@ ipfw_stop()
 	# Disable the firewall
 	#
 	${SYSCTL_W} net.inet.ip.fw.enable=0
-	killall natd;
-	sleep 2;
+	/etc/rc.d/natd stop
 }
 
 load_rc_config $name
diff --git a/etc/rc.d/natd b/etc/rc.d/natd
new file mode 100644
index 0000000..53a370d
--- /dev/null
+++ b/etc/rc.d/natd
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: natd
+# KEYWORD: FreeBSD nostart nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="natd"
+rcvar=`set_rcvar`
+command="/sbin/${name}"
+start_cmd="natd_start"
+
+natd_start()
+{
+	dhcp_list="`list_net_interfaces dhcp`"
+	for ifn in ${dhcp_list}; do
+		case ${natd_interface} in
+		${ifn})
+			natd_flags="$natd_flags -dynamic"
+			;;
+		*)
+			;;
+		esac
+	done
+	if [ -n "${natd_interface}" ]; then
+		if echo ${natd_interface} | \
+		grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
+			natd_flags="$natd_flags -a ${natd_interface}"
+		else
+			natd_flags="$natd_flags -n ${natd_interface}"
+		fi
+	fi
+	echo -n ' natd'
+	${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
+}
+
+load_rc_config $name
+run_rc_command "$1"
-- 
cgit v1.1