MFC: r203676 - src - FreeBSD source tree

diff options


context:
space:
mode:

author	Maksim Yevmenkin <emax@FreeBSD.org>	2010-02-16 19:00:47 +0000
committer	Maksim Yevmenkin <emax@FreeBSD.org>	2010-02-16 19:00:47 +0000
commit	da9808aa2955560b919ce2a91f9dfe08bdae1a98 (patch)
tree	a9654107e2b36f2b7928164d8c3c3bbac2836a32 /etc
parent	d1b9afd28a8de901a0b38bba3d292d627d0d1663 (diff)

Notes

Diffstat (limited to 'etc')

-rw-r--r--

etc/defaults/rc.conf

-rwxr-xr-x

etc/rc.d/ipfw

2 files changed, 28 insertions, 6 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 6e7c37d8c68a..24a03fd5cc8d 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf

@@ -118,6 +118,8 @@ firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)

firewall_quiet="NO" # Set to YES to suppress rule display

firewall_logging="NO" # Set to YES to enable events logging

firewall_flags="" # Flags passed to ipfw when type is a file

+firewall_coscripts="" # List of executables/scripts to run after

+ # firewall starts/stops

firewall_client_net="192.0.2.0/24" # Network address for "client" firewall.

firewall_simple_iif="ed1" # Inside network interface for "simple"

# firewall.

diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw
index 872f2787ab3e..28e59d8cf116 100755
--- a/etc/rc.d/ipfw
+++ b/etc/rc.d/ipfw

@@ -14,6 +14,7 @@ name="ipfw"

rcvar="firewall_enable"

start_cmd="ipfw_start"

start_precmd="ipfw_prestart"

+start_postcmd="ipfw_poststart"

stop_cmd="ipfw_stop"

required_modules="ipfw"

@@ -40,9 +41,6 @@ ipfw_start()

[ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall

if [ -r "${firewall_script}" ]; then

- if [ -f /etc/rc.d/natd ] ; then

- /etc/rc.d/natd quietstart

- fi

/bin/sh "${firewall_script}" "${_firewall_type}"

echo 'Firewall rules loaded.'

elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then

@@ -57,6 +55,19 @@ ipfw_start()

echo 'Firewall logging enabled.'

sysctl net.inet.ip.fw.verbose=1 >/dev/null

+ipfw_poststart()

+ local _coscript

+ # Start firewall coscripts

+ #

+ for _coscript in ${firewall_coscripts} ; do

+ if [ -f "${_coscript}" ]; then

+ ${_coscript} quietstart

+ fi

+ done

# Enable the firewall

@@ -67,13 +78,22 @@ ipfw_start()

ipfw_stop()

{

+ local _coscript

# Disable the firewall

${SYSCTL_W} net.inet.ip.fw.enable=0

- if [ -f /etc/rc.d/natd ] ; then

- /etc/rc.d/natd quietstop

- fi

+ # Stop firewall coscripts

+ #

+ for _coscript in `reverse_list ${firewall_coscripts}` ; do

+ if [ -f "${_coscript}" ]; then

+ ${_coscript} quietstop

+ fi

+ done

}

load_rc_config $name

+firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}"

run_rc_command $*