From d021730618104ab174a87b6e451c53d7d6debf2d Mon Sep 17 00:00:00 2001
From: darrenr <darrenr@FreeBSD.org>
Date: Fri, 6 Oct 2000 12:24:45 +0000
Subject: This brings support for IP Filter into rc.network and rc.conf with
 the appropriate documentation added to rc.conf(5).  If all goes well with
 this over the next few weeks, the PR will be closed with the pullup of
 patches back to 4-STABLE.

PR:		20202
Submitted by:	Gerhard Sittig <Gerhard.Sittig@gmx.net>
Reviewed by:	Darren Reed <darrenr@freebsd.org>
Approved by:	Darren Reed <darrenr@freebsd.org>
Obtained from:	Gerhard Sittig <Gerhard.Sittig@gmx.net>
---
 etc/rc.network | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'etc/rc.network')

diff --git a/etc/rc.network b/etc/rc.network
index 8e97b44..4c9d621 100644
--- a/etc/rc.network
+++ b/etc/rc.network
@@ -32,6 +32,37 @@ network_pass1() {
 		echo -n ' hostname'
 	fi
 
+	# Establish ipfilter ruleset as early as possible (best in
+	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
+	#
+	case "${ipfilter_enable}" in
+	[Yy][Ee][Ss])
+		if [ -r "${ipfilter_rules}" ]; then
+			echo -n ' ipfilter';
+			${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags}
+			case "${ipmon_enable}" in
+			[Yy][Ee][Ss])
+				echo -n ' ipmon'
+				${ipmon_program:-ipmon} ${ipmon_flags}
+				;;
+			esac
+			case "${ipnat_enable}" in
+			[Yy][Ee][Ss])
+				if [ -r "${ipnat_rules}" ]; then
+					echo -n ' ipnat';
+					${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags}
+				else
+					echo -n ' NO IPNAT RULES'
+				fi
+				;;
+			esac
+		else
+			ipfilter_enable="NO"
+			echo -n ' NO IPF RULES'
+		fi
+		;;
+	esac
+
 	# Set the domainname if we're using NIS
 	#
 	case ${nisdomainname} in
-- 
cgit v1.1