Max Khon a3e34d6908 Add separate script for natd. This fixes race condition with "ipfw restart"
(when new natd is started before old natd died) and allows to manage natd
without touching ipfw.

natd should probably be killed with SIGKILL when stopping natd.
2004-04-05 16:29:45 +00:00

70 lines
1.3 KiB
Bash

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: ipfw
# REQUIRE: ppp-user
# BEFORE: NETWORKING
# KEYWORD: FreeBSD nojail
. /etc/rc.subr
. /etc/network.subr
name="ipfw"
rcvar="firewall_enable"
start_cmd="ipfw_start"
start_precmd="ipfw_precmd"
stop_cmd="ipfw_stop"
ipfw_precmd()
{
if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then
if ! kldload ipfw; then
warn unable to load firewall module.
return 1
fi
fi
return 0
}
ipfw_start()
{
# set the firewall rules script if none was specified
[ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
if [ -r "${firewall_script}" ]; then
. "${firewall_script}"
echo -n 'Firewall rules loaded, starting divert daemons:'
/etc/rc.d/natd start
elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
echo 'Warning: kernel has firewall functionality, but' \
' firewall rules are not enabled.'
echo ' All ip services are disabled.'
fi
echo '.'
# Firewall logging
#
if checkyesno firewall_logging; then
echo 'Firewall logging enabled'
sysctl net.inet.ip.fw.verbose=1 >/dev/null
fi
# Enable the firewall
#
${SYSCTL_W} net.inet.ip.fw.enable=1
}
ipfw_stop()
{
# Disable the firewall
#
${SYSCTL_W} net.inet.ip.fw.enable=0
/etc/rc.d/natd stop
}
load_rc_config $name
run_rc_command "$1"