xref: /freebsd-14-stable/libexec/rc/rc.d/ipfilter (revision 3b032c06989df3cd7bf075aeb54249bbeb8df2b4)
1#!/bin/sh
2#
3#
4
5# PROVIDE: ipfilter
6# REQUIRE: FILESYSTEMS
7# BEFORE: ipmon ipnat netif netwait securelevel
8# KEYWORD: nojailvnet
9
10. /etc/rc.subr
11
12name="ipfilter"
13desc="IP packet filter"
14rcvar="ipfilter_enable"
15load_rc_config $name
16stop_precmd="test -f ${ipfilter_rules}"
17
18start_precmd="$stop_precmd"
19start_cmd="ipfilter_start"
20stop_cmd="ipfilter_stop"
21reload_precmd="$stop_precmd"
22reload_cmd="ipfilter_reload"
23resync_precmd="$stop_precmd"
24resync_cmd="ipfilter_resync"
25status_precmd="$stop_precmd"
26status_cmd="ipfilter_status"
27extra_commands="reload resync"
28required_modules="ipl:ipfilter"
29
30ipfilter_start()
31{
32	echo "Enabling ipfilter."
33	if [ -n "${ifilter_optionlist}" ]; then
34		if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
35			${ipfilter_program:-/sbin/ipf} -D
36		fi
37		${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}"
38		${ipfilter_program:-/sbin/ipf} -E
39	elif ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
40		${ipfilter_program:-/sbin/ipf} -E
41	fi
42	${ipfilter_program:-/sbin/ipf} -Fa
43	if [ -r "${ipfilter_rules}" ]; then
44		${ipfilter_program:-/sbin/ipf} \
45		    -f "${ipfilter_rules}" ${ipfilter_flags}
46	fi
47}
48
49ipfilter_stop()
50{
51	if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
52		echo "Saving firewall state tables"
53		${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
54		echo "Disabling ipfilter."
55		${ipfilter_program:-/sbin/ipf} -D
56	fi
57}
58
59ipfilter_reload()
60{
61	echo "Reloading ipfilter rules."
62
63	${ipfilter_program:-/sbin/ipf} -I -Fa
64	if [ -r "${ipfilter_rules}" ]; then
65		${ipfilter_program:-/sbin/ipf} -I \
66		    -f "${ipfilter_rules}" ${ipfilter_flags}
67		if [ $? -ne 0 ]; then
68			err 1 'Load of rules into alternate set failed; aborting reload'
69		fi
70	fi
71	${ipfilter_program:-/sbin/ipf} -s
72
73}
74
75ipfilter_resync()
76{
77	${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
78}
79
80ipfilter_status()
81{
82	${ipfilter_program:-/sbin/ipf} -V
83}
84
85run_rc_command "$1"
86