etc/rc.d/ip6fw

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4 #
   5
   6 # PROVIDE: ip6fw
   7 # REQUIRE: routing
   8 # BEFORE: network_ipv6
   9 # KEYWORD: nojail
  10
  11 . /etc/rc.subr
  12
  13 name="ip6fw"
  14 rcvar=`set_rcvar ipv6_firewall`
  15 start_cmd="ip6fw_start"
  16 start_precmd="ip6fw_prestart"
  17 stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0"
  18
  19 ip6fw_prestart()
  20 {
  21         # Load IPv6 firewall module, if not already loaded
  22         if ! ${SYSCTL} net.inet6.ip6.fw.enable > /dev/null 2>&1; then
  23                 kldload ip6fw && {
  24                         debug 'Kernel IPv6 firewall module loaded.'
  25                         return 0
  26                 }
  27                 warn 'IPv6 firewall kernel module failed to load.'
  28                 return 1
  29         fi
  30 }
  31
  32 ip6fw_start()
  33 {
  34         # Specify default rules file if none provided
  35         if [ -z "${ipv6_firewall_script}" ]; then
  36                 ipv6_firewall_script=/etc/rc.firewall6
  37         fi
  38
  39         # Load rules
  40         #
  41         if [ -r "${ipv6_firewall_script}" ]; then
  42                 /bin/sh "${ipv6_firewall_script}"
  43                 echo 'IPv6 Firewall rules loaded.'
  44         elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then
  45                 warn 'IPv6 firewall rules have not been loaded. Default' \
  46                     ' to DENY all access.'
  47         fi
  48
  49         # Enable firewall logging
  50         #
  51         if checkyesno ipv6_firewall_logging; then
  52                 echo 'IPv6 Firewall logging=YES'
  53                 sysctl net.inet6.ip6.fw.verbose=1 >/dev/null
  54         fi
  55
  56         # Enable the firewall
  57         #
  58         ${SYSCTL_W} net.inet6.ip6.fw.enable=1
  59 }
  60
  61 load_rc_config $name
  62 run_rc_command "$1"