diff options
author | Hajimu UMEMOTO <ume@FreeBSD.org> | 2002-11-02 08:21:26 +0000 |
---|---|---|
committer | Hajimu UMEMOTO <ume@FreeBSD.org> | 2002-11-02 08:21:26 +0000 |
commit | 7b988fe73c5dfb6c7f9e9d10d25792459fb0d2f0 (patch) | |
tree | aa5ccbd31b7b338b754059e0c9d91a49b15ee782 /etc | |
parent | 99d45c5f9db3ecb4db1d559a90ba6e80b78bda3c (diff) | |
download | src-7b988fe73c5dfb6c7f9e9d10d25792459fb0d2f0.tar.gz src-7b988fe73c5dfb6c7f9e9d10d25792459fb0d2f0.zip |
Add IPv6 setup for ipfilter. `ipv6_ipfilter_rules' was added
to specify rules definition file for ipfilter. The default is
/etc/ipf6.rules. If there is a file which is specified by
'ipv6_ipfilter_rules', IPv6 rule is installed.
Reviewed by: Ronald van der Pol <Ronald.vanderPol@rvdp.org>
MFC after: 1 week
Notes
Notes:
svn path=/head/; revision=106333
Diffstat (limited to 'etc')
-rw-r--r-- | etc/defaults/rc.conf | 3 | ||||
-rwxr-xr-x | etc/rc.d/ipfilter | 27 | ||||
-rw-r--r-- | etc/rc.network | 16 |
3 files changed, 37 insertions, 9 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 0bd12453e8a0..87ae29792053 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -311,6 +311,9 @@ ipv6_firewall_type="UNKNOWN" # IPv6 Firewall type (see /etc/rc.firewall6) ipv6_firewall_quiet="NO" # Set to YES to suppress rule display ipv6_firewall_logging="NO" # Set to YES to enable events logging ipv6_firewall_flags="" # Flags passed to ip6fw when type is a file +ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter, + # see /usr/src/contrib/ipfilter/rules + # for examples ############################################################## ### System console options ################################# diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter index 2ee2d286e035..423717e62c1f 100755 --- a/etc/rc.d/ipfilter +++ b/etc/rc.d/ipfilter @@ -16,7 +16,7 @@ load_rc_config $name case ${OSTYPE} in FreeBSD) - stop_precmd="test -f ${ipfilter_rules}" + stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" ;; NetBSD) stop_precmd="test -f /etc/ipf.conf -o -f /etc/ipf6.conf" @@ -49,7 +49,8 @@ FreeBSD) fi # check for ipfilter rules - if [ ! -r "${ipfilter_rules}" ]; then + if [ ! -r "${ipfilter_rules}" ] && [ ! -r "${ipv6_ipfilter_rules}" ] + then warn 'IP-filter: NO IPF RULES' return 1 fi @@ -78,8 +79,15 @@ ipfilter_start() echo "Enabling ipfilter." case ${OSTYPE} in FreeBSD) - ${ipfilter_program:-/sbin/ipf} -Fa -f \ - "${ipfilter_rules}" ${ipfilter_flags} + ${ipfilter_program:-/sbin/ipf} -Fa + if [ -r "${ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} \ + -f "${ipfilter_rules}" ${ipfilter_flags} + fi + if [ -r "${ipv6_ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -6 \ + -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} + fi ;; NetBSD) /sbin/ipf -E -Fa @@ -114,8 +122,15 @@ ipfilter_reload() case ${OSTYPE} in FreeBSD) - ${ipfilter_program:-/sbin/ipf} -I -Fa -f \ - "${ipfilter_rules}" ${ipfilter_flags} + ${ipfilter_program:-/sbin/ipf} -I -Fa + if [ -r "${ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -I \ + -f "${ipfilter_rules}" ${ipfilter_flags} + fi + if [ -r "${ipv6_ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -I -6 \ + -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} + fi ;; NetBSD) /sbin/ipf -I -Fa diff --git a/etc/rc.network b/etc/rc.network index 43d9a0028d14..925876bbacca 100644 --- a/etc/rc.network +++ b/etc/rc.network @@ -101,10 +101,20 @@ network_pass1() { esac case "${ipfilter_enable}" in [Yy][Ee][Ss]) - if [ -r "${ipfilter_rules}" ]; then + if [ -r "${ipfilter_rules}" -o \ + -r "${ipv6_ipfilter_rules}" ]; then echo -n ' ipfilter' - ${ipfilter_program:-/sbin/ipf} -Fa -f \ - "${ipfilter_rules}" ${ipfilter_flags} + ${ipfilter_program:-/sbin/ipf} -Fa + if [ -r "${ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} \ + -f "${ipfilter_rules}" \ + ${ipfilter_flags} + fi + if [ -r "${ipv6_ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -6 \ + -f "${ipv6_ipfilter_rules}" \ + ${ipfilter_flags} + fi else ipfilter_enable="NO" echo -n ' NO IPF RULES' |