1#!/bin/sh
2#
3# $NetBSD: ipfilter,v 1.21 2020/09/08 12:52:18 martin Exp $
4#
5
6# PROVIDE: ipfilter
7# REQUIRE: root bootconf CRITLOCALMOUNTED tty
8
9$_rc_subr_loaded . /etc/rc.subr
10
11name="ipfilter"
12rcvar=$name
13start_precmd="ipfilter_prestart"
14start_cmd="ipfilter_start"
15stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf"
16stop_cmd="ipfilter_stop"
17reload_precmd="$stop_precmd"
18reload_cmd="ipfilter_reload"
19resync_precmd="$stop_precmd"
20resync_cmd="ipfilter_resync"
21status_precmd="$stop_precmd"
22status_cmd="ipfilter_status"
23extra_commands="reload resync status"
24
25ipfilter_prestart()
26{
27          if [ ! -f /etc/ipf.conf ] && [ ! -f /etc/ipf6.conf ]; then
28                    warn "/etc/ipf*.conf not readable; ipfilter start aborted."
29
30                    stop_boot
31                    return 1
32          fi
33          return 0
34}
35
36ipfilter_start()
37{
38          echo "Enabling ipfilter."
39          /sbin/ipf ${rc_flags} -E
40
41                    # Do the flush first; since older ipf has different semantics.
42                    #
43          if [ -f /etc/ipf.conf ]; then
44                    /sbin/ipf -Fa
45          fi
46          if [ -f /etc/ipf6.conf ]; then
47                    /sbin/ipf -6 -Fa
48          fi
49
50                    # Now load the config files
51                    #
52          if [ -f /etc/ipf.conf ]; then
53                    /sbin/ipf -f /etc/ipf.conf
54          fi
55          if [ -f /etc/ipf6.conf ]; then
56                    /sbin/ipf -6 -f /etc/ipf6.conf
57          fi
58}
59
60ipfilter_stop()
61{
62          echo "Disabling ipfilter."
63          /sbin/ipf -D
64}
65
66ipfilter_reload()
67{
68          echo "Reloading ipfilter rules."
69
70                    # Do the flush first; since older ipf has different semantics.
71                    #
72          if [ -f /etc/ipf.conf ]; then
73                    /sbin/ipf -I -Fa
74          fi
75          if [ -f /etc/ipf6.conf ]; then
76                    /sbin/ipf -6 -I -Fa
77          fi
78
79                    # Now load the config files into the Inactive set
80                    #
81          if [ -f /etc/ipf.conf ] && ! /sbin/ipf -I -f /etc/ipf.conf; then
82                    err 1 "reload of ipf.conf failed; not swapping to new ruleset."
83          fi
84          if [ -f /etc/ipf6.conf ] && ! /sbin/ipf -I -6 -f /etc/ipf6.conf; then
85                    err 1 "reload of ipf6.conf failed; not swapping to new ruleset."
86          fi
87
88                    # Swap in the new rules
89                    #
90          /sbin/ipf -s
91}
92
93ipfilter_resync()
94{
95          /sbin/ipf -y
96}
97
98ipfilter_status()
99{
100          /sbin/ipf -V
101}
102
103load_rc_config $name
104run_rc_command "$1"
105