6 # PROVIDE: ipfw_netflow
14 desc="firewall, ipfw, netflow"
15 rcvar="${name}_enable"
16 start_cmd="${name}_start"
17 stop_cmd="${name}_stop"
18 start_precmd="${name}_test"
19 status_cmd="${name}_status"
20 required_modules="ipfw ng_netflow ng_ipfw"
21 extra_commands="status"
23 : ${ipfw_netflow_hook:=9995}
24 : ${ipfw_netflow_rule:=01000}
25 : ${ipfw_netflow_ip:=127.0.0.1}
26 : ${ipfw_netflow_port:=9995}
27 : ${ipfw_netflow_version:=}
31 if [ "${ipfw_netflow_version}" != "" ] && [ "${ipfw_netflow_version}" != 9 ]; then
32 err 1 "Unknown netflow version \'${ipfw_netflow_version}\'"
34 case "${ipfw_netflow_hook}" in
36 err 1 "Bad value \"${ipfw_netflow_hook}\": Hook must be numerical"
38 case "${ipfw_netflow_rule}" in
40 err 1 "Bad value \"${ipfw_netflow_rule}\": Rule number must be numerical"
44 ipfw_netflow_is_running()
46 ngctl show netflow: > /dev/null 2>&1 && return 0 || return 1
51 ipfw_netflow_is_running && echo "ipfw_netflow is active" || echo "ipfw_netflow is not active"
56 ipfw_netflow_is_running && err 1 "ipfw_netflow is already active"
57 ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any
59 mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0
60 name ipfw:${ipfw_netflow_hook} netflow
61 mkpeer netflow: ksocket export${ipfw_netflow_version} inet/dgram/udp
62 msg netflow: setdlt {iface=0 dlt=12}
63 name netflow:export${ipfw_netflow_version} netflow_export
64 msg netflow:export${ipfw_netflow_version} connect inet/${ipfw_netflow_ip}:${ipfw_netflow_port}
70 ipfw_netflow_is_running || err 1 "ipfw_netflow is not active"
71 ngctl shutdown netflow:
72 ipfw delete ${ipfw_netflow_rule}