svn commit: r204325 - in stable/7: etc/defaults etc/rc.d
share/man/man5
Maksim Yevmenkin
emax at FreeBSD.org
Thu Feb 25 18:02:52 UTC 2010
Author: emax
Date: Thu Feb 25 18:02:52 2010
New Revision: 204325
URL: http://svn.freebsd.org/changeset/base/204325
Log:
MFC: r203676
Introduce new rc.conf variable firewall_coscripts. It can be used to
specify list of executables and/or rc scripts that should be executed
after firewall starts/stops.
Submitted by: Yuri Kurenkov <y dot kurenkov at init dot ru>
Reviewed by: rhodes, rc@
Modified:
stable/7/etc/defaults/rc.conf
stable/7/etc/rc.d/ipfw
stable/7/share/man/man5/rc.conf.5 (contents, props changed)
Directory Properties:
stable/7/etc/ (props changed)
stable/7/share/man/man5/ (props changed)
Modified: stable/7/etc/defaults/rc.conf
==============================================================================
--- stable/7/etc/defaults/rc.conf Thu Feb 25 16:40:08 2010 (r204324)
+++ stable/7/etc/defaults/rc.conf Thu Feb 25 18:02:52 2010 (r204325)
@@ -113,6 +113,8 @@ firewall_quiet="NO" # Set to YES to sup
firewall_logging="NO" # Set to YES to enable events logging
firewall_flags="" # Flags passed to ipfw when type is a file
firewall_client_net="192.0.2.0/24" # Network address for "client" firewall.
+firewall_coscripts="" # List of executables/scripts to run after
+ # firewall starts/stops
firewall_simple_iif="ed1" # Inside network interface for "simple"
# firewall.
firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple"
Modified: stable/7/etc/rc.d/ipfw
==============================================================================
--- stable/7/etc/rc.d/ipfw Thu Feb 25 16:40:08 2010 (r204324)
+++ stable/7/etc/rc.d/ipfw Thu Feb 25 18:02:52 2010 (r204325)
@@ -15,6 +15,7 @@ name="ipfw"
rcvar="firewall_enable"
start_cmd="ipfw_start"
start_precmd="ipfw_prestart"
+start_postcmd="ipfw_poststart"
stop_cmd="ipfw_stop"
required_modules="ipfw"
@@ -41,9 +42,6 @@ ipfw_start()
[ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
if [ -r "${firewall_script}" ]; then
- if [ -f /etc/rc.d/natd ] ; then
- /etc/rc.d/natd start
- fi
/bin/sh "${firewall_script}" "${_firewall_type}"
echo 'Firewall rules loaded.'
elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then
@@ -58,6 +56,19 @@ ipfw_start()
echo 'Firewall logging enabled.'
sysctl net.inet.ip.fw.verbose=1 >/dev/null
fi
+}
+
+ipfw_poststart()
+{
+ local _coscript
+
+ # Start firewall coscripts
+ #
+ for _coscript in ${firewall_coscripts} ; do
+ if [ -f "${_coscript}" ]; then
+ ${_coscript} quietstart
+ fi
+ done
# Enable the firewall
#
@@ -66,13 +77,22 @@ ipfw_start()
ipfw_stop()
{
+ local _coscript
+
# Disable the firewall
#
${SYSCTL_W} net.inet.ip.fw.enable=0
- if [ -f /etc/rc.d/natd ] ; then
- /etc/rc.d/natd stop
- fi
+
+ # Stop firewall coscripts
+ #
+ for _coscript in `reverse_list ${firewall_coscripts}` ; do
+ if [ -f "${_coscript}" ]; then
+ ${_coscript} quietstop
+ fi
+ done
}
load_rc_config $name
+firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}"
+
run_rc_command $*
Modified: stable/7/share/man/man5/rc.conf.5
==============================================================================
--- stable/7/share/man/man5/rc.conf.5 Thu Feb 25 16:40:08 2010 (r204324)
+++ stable/7/share/man/man5/rc.conf.5 Thu Feb 25 18:02:52 2010 (r204325)
@@ -501,6 +501,10 @@ specifies a filename.
.Pq Vt str
The IPv6 equivalent of
.Va firewall_flags .
+.It Va firewall_coscripts
+.Pq Vt str
+List of executables and/or rc scripts to run after firewall starts/stops.
+Default is empty.
.\" ----- firewall_nat_enable setting --------------------------------
.It Va firewall_nat_enable
.Pq Vt bool
More information about the svn-src-stable-7
mailing list