Date: Fri, 5 Feb 2010 14:54:15 -0800 From: Maksim Yevmenkin <maksim.yevmenkin@gmail.com> To: freebsd-rc@freebsd.org Subject: [PATCH] small addition to /etc/rc.d/ipfw (RFC last chance) Message-ID: <bb4a86c71002051454s460c9502gef71c9ff75ae28a6@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
hello,
would anyone object to the attached path to /etc/rc.d/ipfw?
the idea is to introduce new "firewall_coscripts" variable that
contains the list of rc scripts that would be started/stopped via post
start and post stop hooks.
thanks,
max
[-- Attachment #2 --]
Index: rc.d/ipfw
===================================================================
--- rc.d/ipfw (revision 203100)
+++ rc.d/ipfw (working copy)
@@ -14,6 +14,7 @@
rcvar="firewall_enable"
start_cmd="ipfw_start"
start_precmd="ipfw_prestart"
+start_postcmd="ipfw_poststart"
stop_cmd="ipfw_stop"
required_modules="ipfw"
@@ -42,9 +43,6 @@
[ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
if [ -r "${firewall_script}" ]; then
- if [ -f /etc/rc.d/natd ] ; then
- /etc/rc.d/natd quietstart
- fi
/bin/sh "${firewall_script}" "${_firewall_type}"
echo 'Firewall rules loaded.'
elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then
@@ -59,7 +57,20 @@
echo 'Firewall logging enabled.'
sysctl net.inet.ip.fw.verbose=1 >/dev/null
fi
+}
+ipfw_poststart()
+{
+ local _coscript
+
+ # Start firewall coscripts
+ #
+ for _coscript in ${firewall_coscripts} ; do
+ if [ -f "${_coscript}" ]; then
+ ${_coscript} quietstart
+ fi
+ done
+
# Enable the firewall
#
if ! ${SYSCTL_W} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then
@@ -75,16 +86,25 @@
ipfw_stop()
{
+ local _coscript
+
# Disable the firewall
#
${SYSCTL_W} net.inet.ip.fw.enable=0
if afexists inet6; then
${SYSCTL_W} net.inet6.ip6.fw.enable=0
fi
- if [ -f /etc/rc.d/natd ] ; then
- /etc/rc.d/natd quietstop
- fi
+
+ # Stop firewall coscripts
+ #
+ for _coscript in `reverse_list ${firewall_coscripts}` ; do
+ if [ -f "${_coscript}" ]; then
+ ${_coscript} quietstop
+ fi
+ done
}
load_rc_config $name
+firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}"
+
run_rc_command $*
Index: defaults/rc.conf
===================================================================
--- defaults/rc.conf (revision 203100)
+++ defaults/rc.conf (working copy)
@@ -118,6 +118,8 @@
firewall_quiet="NO" # Set to YES to suppress rule display
firewall_logging="NO" # Set to YES to enable events logging
firewall_flags="" # Flags passed to ipfw when type is a file
+firewall_coscripts="" # List of executables/scripts to run after
+ # firewall starts/stops
firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client"
# firewall.
#firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bb4a86c71002051454s460c9502gef71c9ff75ae28a6>