a3e34d6908
(when new natd is started before old natd died) and allows to manage natd without touching ipfw. natd should probably be killed with SIGKILL when stopping natd.
70 lines
1.3 KiB
Bash
70 lines
1.3 KiB
Bash
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: ipfw
|
|
# REQUIRE: ppp-user
|
|
# BEFORE: NETWORKING
|
|
# KEYWORD: FreeBSD nojail
|
|
|
|
. /etc/rc.subr
|
|
. /etc/network.subr
|
|
|
|
name="ipfw"
|
|
rcvar="firewall_enable"
|
|
start_cmd="ipfw_start"
|
|
start_precmd="ipfw_precmd"
|
|
stop_cmd="ipfw_stop"
|
|
|
|
ipfw_precmd()
|
|
{
|
|
if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then
|
|
if ! kldload ipfw; then
|
|
warn unable to load firewall module.
|
|
return 1
|
|
fi
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
ipfw_start()
|
|
{
|
|
# set the firewall rules script if none was specified
|
|
[ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
|
|
|
|
if [ -r "${firewall_script}" ]; then
|
|
. "${firewall_script}"
|
|
echo -n 'Firewall rules loaded, starting divert daemons:'
|
|
/etc/rc.d/natd start
|
|
elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
|
|
echo 'Warning: kernel has firewall functionality, but' \
|
|
' firewall rules are not enabled.'
|
|
echo ' All ip services are disabled.'
|
|
fi
|
|
echo '.'
|
|
|
|
# Firewall logging
|
|
#
|
|
if checkyesno firewall_logging; then
|
|
echo 'Firewall logging enabled'
|
|
sysctl net.inet.ip.fw.verbose=1 >/dev/null
|
|
fi
|
|
|
|
# Enable the firewall
|
|
#
|
|
${SYSCTL_W} net.inet.ip.fw.enable=1
|
|
}
|
|
|
|
ipfw_stop()
|
|
{
|
|
# Disable the firewall
|
|
#
|
|
${SYSCTL_W} net.inet.ip.fw.enable=0
|
|
/etc/rc.d/natd stop
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|