aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--etc/defaults/rc.conf4
-rw-r--r--etc/network.subr9
-rw-r--r--etc/rc.d/netoptions9
-rw-r--r--etc/rc.d/network19
-rw-r--r--etc/rc.d/network29
-rw-r--r--etc/rc.d/network39
-rw-r--r--etc/rc.d/routing9
-rw-r--r--etc/rc.network9
-rw-r--r--etc/rc.shutdown11
9 files changed, 78 insertions, 0 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 1c778d6cbf66..a1245d100dcb 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -73,6 +73,10 @@ ipnat_enable="NO" # Set to YES for ipnat; needs ipfilter, too!
ipnat_program="/sbin/ipnat -CF -f" # program and how to specify rules file
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
ipnat_flags="" # additional flags for ipnat
+ipfs_enable="NO" # Set to YES to enable saving and restoring
+ # of state tables at shutdown and boot
+ipfs_flags="" # additional flags for ipfs
+ipfs_program="/sbin/ipfs" # where the ipfs program lives
ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter, too!
ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives
ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog"
diff --git a/etc/network.subr b/etc/network.subr
index 8f3f5a6ad1af..51c2926fe597 100644
--- a/etc/network.subr
+++ b/etc/network.subr
@@ -96,6 +96,15 @@ network_pass1() {
fi
;;
esac
+ case "${ipfs_enable}" in
+ [Yy][Ee][Ss])
+ if [ -r "/var/db/ipf/ipstate.ipf" ]; then
+ echo -n ' ipfs';
+ eval ${ipfs_program:-/sbin/ipfs -R} \
+ ${ipfs_flags}
+ fi
+ ;;
+ esac
else
ipfilter_enable="NO"
echo -n ' NO IPF RULES'
diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions
index 8f3f5a6ad1af..51c2926fe597 100644
--- a/etc/rc.d/netoptions
+++ b/etc/rc.d/netoptions
@@ -96,6 +96,15 @@ network_pass1() {
fi
;;
esac
+ case "${ipfs_enable}" in
+ [Yy][Ee][Ss])
+ if [ -r "/var/db/ipf/ipstate.ipf" ]; then
+ echo -n ' ipfs';
+ eval ${ipfs_program:-/sbin/ipfs -R} \
+ ${ipfs_flags}
+ fi
+ ;;
+ esac
else
ipfilter_enable="NO"
echo -n ' NO IPF RULES'
diff --git a/etc/rc.d/network1 b/etc/rc.d/network1
index 8f3f5a6ad1af..51c2926fe597 100644
--- a/etc/rc.d/network1
+++ b/etc/rc.d/network1
@@ -96,6 +96,15 @@ network_pass1() {
fi
;;
esac
+ case "${ipfs_enable}" in
+ [Yy][Ee][Ss])
+ if [ -r "/var/db/ipf/ipstate.ipf" ]; then
+ echo -n ' ipfs';
+ eval ${ipfs_program:-/sbin/ipfs -R} \
+ ${ipfs_flags}
+ fi
+ ;;
+ esac
else
ipfilter_enable="NO"
echo -n ' NO IPF RULES'
diff --git a/etc/rc.d/network2 b/etc/rc.d/network2
index 8f3f5a6ad1af..51c2926fe597 100644
--- a/etc/rc.d/network2
+++ b/etc/rc.d/network2
@@ -96,6 +96,15 @@ network_pass1() {
fi
;;
esac
+ case "${ipfs_enable}" in
+ [Yy][Ee][Ss])
+ if [ -r "/var/db/ipf/ipstate.ipf" ]; then
+ echo -n ' ipfs';
+ eval ${ipfs_program:-/sbin/ipfs -R} \
+ ${ipfs_flags}
+ fi
+ ;;
+ esac
else
ipfilter_enable="NO"
echo -n ' NO IPF RULES'
diff --git a/etc/rc.d/network3 b/etc/rc.d/network3
index 8f3f5a6ad1af..51c2926fe597 100644
--- a/etc/rc.d/network3
+++ b/etc/rc.d/network3
@@ -96,6 +96,15 @@ network_pass1() {
fi
;;
esac
+ case "${ipfs_enable}" in
+ [Yy][Ee][Ss])
+ if [ -r "/var/db/ipf/ipstate.ipf" ]; then
+ echo -n ' ipfs';
+ eval ${ipfs_program:-/sbin/ipfs -R} \
+ ${ipfs_flags}
+ fi
+ ;;
+ esac
else
ipfilter_enable="NO"
echo -n ' NO IPF RULES'
diff --git a/etc/rc.d/routing b/etc/rc.d/routing
index 8f3f5a6ad1af..51c2926fe597 100644
--- a/etc/rc.d/routing
+++ b/etc/rc.d/routing
@@ -96,6 +96,15 @@ network_pass1() {
fi
;;
esac
+ case "${ipfs_enable}" in
+ [Yy][Ee][Ss])
+ if [ -r "/var/db/ipf/ipstate.ipf" ]; then
+ echo -n ' ipfs';
+ eval ${ipfs_program:-/sbin/ipfs -R} \
+ ${ipfs_flags}
+ fi
+ ;;
+ esac
else
ipfilter_enable="NO"
echo -n ' NO IPF RULES'
diff --git a/etc/rc.network b/etc/rc.network
index 8f3f5a6ad1af..51c2926fe597 100644
--- a/etc/rc.network
+++ b/etc/rc.network
@@ -96,6 +96,15 @@ network_pass1() {
fi
;;
esac
+ case "${ipfs_enable}" in
+ [Yy][Ee][Ss])
+ if [ -r "/var/db/ipf/ipstate.ipf" ]; then
+ echo -n ' ipfs';
+ eval ${ipfs_program:-/sbin/ipfs -R} \
+ ${ipfs_flags}
+ fi
+ ;;
+ esac
else
ipfilter_enable="NO"
echo -n ' NO IPF RULES'
diff --git a/etc/rc.shutdown b/etc/rc.shutdown
index 1a565c750f5c..3984f683827f 100644
--- a/etc/rc.shutdown
+++ b/etc/rc.shutdown
@@ -124,6 +124,17 @@ case ${local_startup} in
;;
esac
+# Save IP Filter state tables
+
+case ${ipfs_enable} in
+[Yy][Ee][Ss])
+ echo -n 'Saving IP Filter state tables:'
+ eval ${ipfs_program:-/sbin/ipfs -W} ${ipfs_flags}
+ ;;
+esac
+
+echo .
+
# Insert other shutdown procedures here
echo '.'