#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: ip6fw
# REQUIRE: routing
# KEYWORD: nojail

. /etc/rc.subr

name="ip6fw"
rcvar=`set_rcvar ipv6_firewall`
start_cmd="ip6fw_start"
stop_cmd="${SYSCTL_W} net.inet6.ip6.fw.enable=0"
required_modules="ipfw"

ip6fw_start()
{
	# Specify default rules file if none provided
	if [ -z "${ipv6_firewall_script}" ]; then
		ipv6_firewall_script=/etc/rc.firewall6
	fi

	# Load rules
	#
	if [ -r "${ipv6_firewall_script}" ]; then
		/bin/sh "${ipv6_firewall_script}"
		echo 'IPv6 Firewall rules loaded.'
	elif [ "`ipfw show 65535`" = "65535 deny ip from any to any" ]; then
		warn 'IPv6 firewall rules have not been loaded. Default' \
		    ' to DENY all access.'
	fi

	# Enable firewall logging
	#
	if checkyesno ipv6_firewall_logging; then
		echo 'IPv6 Firewall logging=YES'
		sysctl net.inet.ip.fw.verbose=1 >/dev/null
	fi

	# Enable the firewall
	#
	${SYSCTL_W} net.inet6.ip6.fw.enable=1
}

load_rc_config $name
run_rc_command "$1"