Date: Mon, 8 Feb 2010 18:51:24 +0000 (UTC) From: Maksim Yevmenkin <emax@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r203676 - in head: etc/defaults etc/rc.d share/man/man5 Message-ID: <201002081851.o18IpO8m027255@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emax Date: Mon Feb 8 18:51:24 2010 New Revision: 203676 URL: http://svn.freebsd.org/changeset/base/203676 Log: Introduce new rc.conf variable firewall_coscripts. It can be used to specify list of executables and/or rc scripts that should be executed after firewall starts/stops. Submitted by: Yuri Kurenkov <y dot kurenkov at init dot ru> Reviewed by: rhodes, rc@ MFC after: 1 week Modified: head/etc/defaults/rc.conf head/etc/rc.d/ipfw head/share/man/man5/rc.conf.5 Modified: head/etc/defaults/rc.conf ============================================================================== --- head/etc/defaults/rc.conf Mon Feb 8 18:49:50 2010 (r203675) +++ head/etc/defaults/rc.conf Mon Feb 8 18:51:24 2010 (r203676) @@ -118,6 +118,8 @@ firewall_type="UNKNOWN" # Firewall type firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="NO" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file +firewall_coscripts="" # List of executables/scripts to run after + # firewall starts/stops firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client" # firewall. #firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for Modified: head/etc/rc.d/ipfw ============================================================================== --- head/etc/rc.d/ipfw Mon Feb 8 18:49:50 2010 (r203675) +++ head/etc/rc.d/ipfw Mon Feb 8 18:51:24 2010 (r203676) @@ -14,6 +14,7 @@ name="ipfw" rcvar="firewall_enable" start_cmd="ipfw_start" start_precmd="ipfw_prestart" +start_postcmd="ipfw_poststart" stop_cmd="ipfw_stop" required_modules="ipfw" @@ -42,9 +43,6 @@ ipfw_start() [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall if [ -r "${firewall_script}" ]; then - if [ -f /etc/rc.d/natd ] ; then - /etc/rc.d/natd quietstart - fi /bin/sh "${firewall_script}" "${_firewall_type}" echo 'Firewall rules loaded.' elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then @@ -59,6 +57,19 @@ ipfw_start() echo 'Firewall logging enabled.' sysctl net.inet.ip.fw.verbose=1 >/dev/null fi +} + +ipfw_poststart() +{ + local _coscript + + # Start firewall coscripts + # + for _coscript in ${firewall_coscripts} ; do + if [ -f "${_coscript}" ]; then + ${_coscript} quietstart + fi + done # Enable the firewall # @@ -75,16 +86,25 @@ ipfw_start() ipfw_stop() { + local _coscript + # Disable the firewall # ${SYSCTL_W} net.inet.ip.fw.enable=0 if afexists inet6; then ${SYSCTL_W} net.inet6.ip6.fw.enable=0 fi - if [ -f /etc/rc.d/natd ] ; then - /etc/rc.d/natd quietstop - fi + + # Stop firewall coscripts + # + for _coscript in `reverse_list ${firewall_coscripts}` ; do + if [ -f "${_coscript}" ]; then + ${_coscript} quietstop + fi + done } load_rc_config $name +firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}" + run_rc_command $* Modified: head/share/man/man5/rc.conf.5 ============================================================================== --- head/share/man/man5/rc.conf.5 Mon Feb 8 18:49:50 2010 (r203675) +++ head/share/man/man5/rc.conf.5 Mon Feb 8 18:51:24 2010 (r203676) @@ -507,6 +507,10 @@ specifies a filename. .Pq Vt str The IPv6 equivalent of .Va firewall_flags . +.It Va firewall_coscripts +.Pq Vt str +List of executables and/or rc scripts to run after firewall starts/stops. +Default is empty. .\" ----- firewall_nat_enable setting -------------------------------- .It Va firewall_nat_enable .Pq Vt bool
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002081851.o18IpO8m027255>