diff options
author | Darren Reed <darrenr@FreeBSD.org> | 2000-10-06 12:24:45 +0000 |
---|---|---|
committer | Darren Reed <darrenr@FreeBSD.org> | 2000-10-06 12:24:45 +0000 |
commit | 7a76642f3cd8235eecd46368358e2a4fe101db49 (patch) | |
tree | 6f88051e047ac9b21d968161e39c61b948893117 /etc/rc.d/network1 | |
parent | c0752e1657e3cde5831390c43bdd66b943bbb3f2 (diff) | |
download | src-7a76642f3cd8235eecd46368358e2a4fe101db49.tar.gz src-7a76642f3cd8235eecd46368358e2a4fe101db49.zip |
This brings support for IP Filter into rc.network and rc.conf with
the appropriate documentation added to rc.conf(5). If all goes well
with this over the next few weeks, the PR will be closed with the
pullup of patches back to 4-STABLE.
PR: 20202
Submitted by: Gerhard Sittig <Gerhard.Sittig@gmx.net>
Reviewed by: Darren Reed <darrenr@freebsd.org>
Approved by: Darren Reed <darrenr@freebsd.org>
Obtained from: Gerhard Sittig <Gerhard.Sittig@gmx.net>
Notes
Notes:
svn path=/head/; revision=66745
Diffstat (limited to 'etc/rc.d/network1')
-rw-r--r-- | etc/rc.d/network1 | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/etc/rc.d/network1 b/etc/rc.d/network1 index 8e97b44784e4..4c9d621b1a0e 100644 --- a/etc/rc.d/network1 +++ b/etc/rc.d/network1 @@ -32,6 +32,37 @@ network_pass1() { echo -n ' hostname' fi + # Establish ipfilter ruleset as early as possible (best in + # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) + # + case "${ipfilter_enable}" in + [Yy][Ee][Ss]) + if [ -r "${ipfilter_rules}" ]; then + echo -n ' ipfilter'; + ${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags} + case "${ipmon_enable}" in + [Yy][Ee][Ss]) + echo -n ' ipmon' + ${ipmon_program:-ipmon} ${ipmon_flags} + ;; + esac + case "${ipnat_enable}" in + [Yy][Ee][Ss]) + if [ -r "${ipnat_rules}" ]; then + echo -n ' ipnat'; + ${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags} + else + echo -n ' NO IPNAT RULES' + fi + ;; + esac + else + ipfilter_enable="NO" + echo -n ' NO IPF RULES' + fi + ;; + esac + # Set the domainname if we're using NIS # case ${nisdomainname} in |