diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index 1fc8fc3de5b4..ad9f4d309f20 100755 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -6,9 +6,9 @@ FILES= DAEMON LOGIN NETWORKING SERVERS abi accounting addswap adjkerntz amd \ apm apmd atm1 atm2.sh atm3.sh archdep bgfsck bootparams ccd cleanvar \ cleartmp cron devd devdb devfs dhclient diskless dmesg dumpon fsck \ - hostname inetd initdiskless initrandom ip6fw ipfilter ipfw ipmon ipnat \ - ipsec ipxrouted isdnd jail kadmind kerberos keyserv kldxref ldconfig \ - local localdaemons lomac lpd motd mountcritlocal mountcritremote \ + hostname inetd initdiskless initrandom ip6fw ipfilter ipfs ipfw ipmon \ + ipnat ipsec ipxrouted isdnd jail kadmind kerberos keyserv kldxref \ + ldconfig local localdaemons lomac lpd motd mountcritlocal mountcritremote \ mountd moused mroute6d mrouted msgs named netif network1 network2 network3 \ network_ipv6 nfsclient nfsd nfslocking nfsserver nisdomain ntpd \ ntpdate othermta pccard pcvt ppp-user pppoed pwcheck quota random \ diff --git a/etc/rc.d/hostname b/etc/rc.d/hostname index 3a54a2d1ef6d..812347b66b66 100644 --- a/etc/rc.d/hostname +++ b/etc/rc.d/hostname @@ -27,7 +27,7 @@ # # PROVIDE: hostname -# REQUIRE: mountcritlocal sysctl tty +# REQUIRE: mountcritlocal tty # BEFORE: netif # KEYWORD: FreeBSD diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter index b13a8076dbeb..46d184087598 100755 --- a/etc/rc.d/ipfilter +++ b/etc/rc.d/ipfilter @@ -5,7 +5,8 @@ # # PROVIDE: ipfilter -# REQUIRE: root beforenetlkm mountcritlocal tty +# REQUIRE: root beforenetlkm mountcritlocal tty ipmon +# BEFORE: netif # KEYWORD: FreeBSD NetBSD . /etc/rc.subr @@ -43,8 +44,7 @@ FreeBSD) if kldload ipl; then echo 'IP-filter module loaded.' else - warn 'IP-filter module failed to load.' - return 1 + err 1 'IP-filter module failed to load.' fi fi diff --git a/etc/rc.d/ipfs b/etc/rc.d/ipfs index 0abdba07826c..1f8f9fb17fa3 100755 --- a/etc/rc.d/ipfs +++ b/etc/rc.d/ipfs @@ -1,23 +1,47 @@ #!/bin/sh # # $NetBSD: ipfs,v 1.3 2002/02/11 13:55:42 lukem Exp $ +# $FreeBSD$ # # PROVIDE: ipfs -# REQUIRE: ipnat mountcritremote -# KEYWORD: shutdown +# REQUIRE: ipnat +# BEFORE: netif +# KEYWORD: FreeBSD NetBSD shutdown . /etc/rc.subr name="ipfs" -rcvar=$name +rcvar=`set_rcvar` start_cmd="ipfs_start" stop_cmd="ipfs_stop" +case ${OSTYPE} in +FreeBSD) + start_precmd="ipfs_prestart" + ;; +NetBSD) + ipfs_program="/usr/sbin/ipfs" + ;; +esac + +ipfs_prestart() +{ + # Do not continue if either ipnat or ipfilter is not enabled or + # if the ipfilter module is not loaded. + # + if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then + err 1 "${name} requires either ipfilter or ipnat enabled" + fi + if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then + err 1 "ipfilter module is not loaded" + fi + return 0 +} ipfs_start() { if [ -r /var/db/ipf/ipstate.ipf -a -r /var/db/ipf/ipnat.ipf ]; then - /usr/sbin/ipfs -R ${rc_flags} + ${ipfs_program} -R ${rc_flags} rm -f /var/db/ipf/ipstate.ipf /var/db/ipf/ipnat.ipf fi } @@ -29,7 +53,7 @@ ipfs_stop() chmod 700 /var/db/ipf chown root:wheel /var/db/ipf fi - /usr/sbin/ipfs -W ${rc_flags} + ${ipfs_program} -W ${rc_flags} } load_rc_config $name diff --git a/etc/rc.d/ipmon b/etc/rc.d/ipmon index 12ef6cc60966..0c2c1cc0f24f 100755 --- a/etc/rc.d/ipmon +++ b/etc/rc.d/ipmon @@ -5,7 +5,7 @@ # # PROVIDE: ipmon -# REQUIRE: syslogd +# REQUIRE: mountcritlocal hostname sysctl # BEFORE: SERVERS # KEYWORD: FreeBSD NetBSD @@ -26,9 +26,14 @@ esac ipmon_precmd() { - # Make sure ipfilter is loaded before continuing + # Continue only if ipfilter or ipnat is enabled and the + # ipfilter module is loaded. + # + if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then + err 1 "${name} requires either ipfilter or ipnat enabled" + fi if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then - return 1 + err 1 "ipfilter module is not loaded" fi return 0 } diff --git a/etc/rc.d/ipnat b/etc/rc.d/ipnat index 51d116c264c6..7d699f463eb6 100755 --- a/etc/rc.d/ipnat +++ b/etc/rc.d/ipnat @@ -5,80 +5,61 @@ # # PROVIDE: ipnat -# REQUIRE: ipfilter mountcritremote -# BEFORE: DAEMON +# REQUIRE: ipfilter +# BEFORE: DAEMON netif # KEYWORD: FreeBSD NetBSD . /etc/rc.subr name="ipnat" rcvar=`set_rcvar` +load_rc_config $name case ${OSTYPE} in -FreeBSD) - IPNATDIR="/sbin" - start_precmd="ipnat_precmd" - reload_cmd="ipnat_start" - ;; NetBSD) - IPNATDIR="/usr/sbin" - config="/etc/ipnat.conf" - reload_cmd="/usr/sbin/ipnat -F -C -f ${config}" - start_precmd= + ipnat_flags= + ipnat_rules="/etc/ipnat.conf" + ipnat_program="/usr/sbin/ipnat" ;; esac +start_precmd="ipnat_precmd" start_cmd="ipnat_start" -stop_cmd="${ipnat_program:-${IPNATDIR}/${name}} -F -C" +stop_cmd="${ipnat_program} -F -C" +reload_cmd="${ipnat_program} -F -C -f ${ipnat_rules}" extra_commands="reload" ipnat_precmd() { + case ${OSTYPE} in + NetBSD) + if ! checkyesno ipfilter || [ ! -f /etc/ipf.conf ]; then + echo "Enabling ipfilter for NAT." + /sbin/ipf -E -Fa + fi + return 0 + ;; + esac + # Make sure ipfilter is loaded before continuing if ! ${SYSCTL} net.inet.ipf.fr_pass >/dev/null 2>&1; then - err 1 'ipnat requires ipfilter be loaded' + if kldload ipl; then + echo 'IP-filter module loaded.' + else + err 1 'IP-filter module failed to load.' + fi fi return 0 } ipnat_start() { - case ${OSTYPE} in - FreeBSD) - echo -n 'Installing NAT rules ... ' - if [ -r "${ipnat_rules}" ]; then - ${ipnat_program:-/sbin/ipnat} -CF -f \ - "${ipnat_rules}" ${ipnat_flags} - else - echo -n ' NO IPNAT RULES' - fi - echo '.' - - # restore filter/NAT state tables after loading the rules - if checkyesno ipfs_enable; then - if [ -r "/var/db/ipf/ipstate.ipf" ]; then - echo -n ' ipfs' - ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} - # remove files to avoid reloading old state - # after an ungraceful shutdown - rm -f /var/db/ipf/ipstate.ipf - rm -f /var/db/ipf/ipnat.ipf - fi - fi - ;; - NetBSD) - if [ ! -f ${config} ]; then - return 0 - fi - if ! checkyesno ipfilter || [ ! -f /etc/ipf.conf ]; then - echo "Enabling ipfilter for NAT." - /sbin/ipf -E -Fa - fi - echo -n "Installing NAT rules ... " - /usr/sbin/ipnat -F -f ${config} - ;; - esac + if [ ! -f ${ipnat_rules} ]; then + echo -n ' NO IPNAT RULES' + return 0 + fi + echo -n "Installing NAT rules ... " + /usr/sbin/ipnat -CF -f ${ipnat_rules} ${ipnat_flags} } -load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/sysctl b/etc/rc.d/sysctl index 71e675288c88..6e24030bdbb0 100644 --- a/etc/rc.d/sysctl +++ b/etc/rc.d/sysctl @@ -5,7 +5,7 @@ # # PROVIDE: sysctl -# REQUIRE: root ipfilter ipsec +# REQUIRE: root # BEFORE: DAEMON # KEYWORD: FreeBSD NetBSD