etc/rc.d/ipsec

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4 #
   5
   6 # PROVIDE: ipsec
   7 # REQUIRE: FILESYSTEMS
   8 # BEFORE:  DAEMON mountcritremote
   9 # KEYWORD: nojailvnet
  10
  11 . /etc/rc.subr
  12
  13 name="ipsec"
  14 desc="Internet Protocol Security protocol"
  15 rcvar="ipsec_enable"
  16 start_precmd="ipsec_prestart"
  17 start_cmd="ipsec_start"
  18 stop_precmd="test -f $ipsec_file"
  19 stop_cmd="ipsec_stop"
  20 reload_cmd="ipsec_reload"
  21 extra_commands="reload"
  22 ipsec_program="/sbin/setkey"
  23 # ipsec_file is set by rc.conf
  24
  25 ipsec_prestart()
  26 {
  27         if [ ! -f "$ipsec_file" ]; then
  28                 warn "$ipsec_file not readable; ipsec start aborted."
  29                 stop_boot
  30                 return 1
  31         fi
  32         return 0
  33 }
  34
  35 ipsec_start()
  36 {
  37         echo "Installing ipsec manual keys/policies."
  38         ${ipsec_program} -f $ipsec_file
  39 }
  40
  41 ipsec_stop()
  42 {
  43         echo "Clearing ipsec manual keys/policies."
  44
  45         # Still not 100% sure if we would like to do this.
  46         # It is very questionable to do this during shutdown session
  47         # since it can hang any of the remaining IPv4/v6 sessions.
  48         #
  49         ${ipsec_program} -F
  50         ${ipsec_program} -FP
  51 }
  52
  53 ipsec_reload()
  54 {
  55         echo "Reloading ipsec manual keys/policies."
  56         ${ipsec_program} -f "$ipsec_file"
  57 }
  58
  59 load_rc_config $name
  60 run_rc_command "$1"