Cross Reference: /illumos-gate/usr/src/cmd/ipf/svc/ipfilter

	ipfilter revision a9a89b0d6c324bab7992625c6817b44dc958f35d
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#!/sbin/sh
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# CDDL HEADER START
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner#
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# The contents of this file are subject to the terms of the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Common Development and Distribution License (the "License").
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin# You may not use this file except in compliance with the License.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# or http://www.opensolaris.org/os/licensing.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# See the License for the specific language governing permissions
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# and limitations under the License.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# When distributing Covered Code, include this CDDL HEADER in each
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# If applicable, add the following below this CDDL HEADER, with the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# fields enclosed by brackets "[]" replaced with your own identifying
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# information: Portions Copyright [yyyy] [name of copyright owner]
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# CDDL HEADER END
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# ident "%Z%%M% %I% %E% SMI"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Use is subject to license terms.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin. /lib/svc/share/smf_include.sh
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinPATH=${PATH}:/usr/sbin:/usr/lib/ipf
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinPIDFILE=/var/run/ipmon.pid
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinIPFILCONF=/etc/ipf/ipf.conf
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinIP6FILCONF=/etc/ipf/ipf6.conf
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinIPNATCONF=/etc/ipf/ipnat.conf
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinIPPOOLCONF=/etc/ipf/ippool.conf
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinPFILCHECKED=no
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinipfid=`/usr/sbin/modinfo 2>&1 | awk '/ipf/ { print $1 } ' - 2>/dev/null`
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinif [ -f $PIDFILE ] ; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    pid=`cat $PIDFILE 2>/dev/null`
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinelse
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    pid=`pgrep ipmon`
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinfi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinlogmsg()
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin{
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    logger -p daemon.warning -t ipfilter "$1"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    echo "$1" >&2
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinload_ipf() {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    bad=0
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    if [ -r ${IPFILCONF} ]; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ipf -IFa -f ${IPFILCONF} >/dev/null
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        if [ $? != 0 ]; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            echo "$0: load of ${IPFILCONF} into alternate set failed"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            bad=1
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    if [ -r ${IP6FILCONF} ]; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ipf -6IFa -f ${IP6FILCONF} >/dev/null
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        if [ $? != 0 ]; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            echo "$0: load of ${IP6FILCONF} into alternate set failed"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            bad=1
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    if [ $bad -eq 0 ] ; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ipf -s -y >/dev/null
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        return 0
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    else
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        echo "Not switching config due to load error."
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        return 1
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinload_ipnat() {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    if [ -r ${IPNATCONF} ]; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ipnat -CF -f ${IPNATCONF} >/dev/null
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        if [ $? != 0 ]; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            echo "$0: load of ${IPNATCONF} failed"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            return 1
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        else
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            ipf -y >/dev/null
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            return 0
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    else
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        return 0
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinload_ippool() {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    if [ -r ${IPPOOLCONF} ]; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ippool -F >/dev/null
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ippool -f ${IPPOOLCONF} >/dev/null
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        if [ $? != 0 ]; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            echo "$0: load of ${IPPOOLCONF} failed"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            return 1
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        else
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            return 0
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    else
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        return 0
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin}
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chincase "$1" in
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    start)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        [ ! -f ${IPFILCONF} -a ! -f ${IPNATCONF} ] && exit 0
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ipf -E
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        [ -n "$pid" ] && kill -TERM $pid 2>/dev/null
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        if load_ippool && load_ipf && load_ipnat ; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            /usr/sbin/ipmon -Ds
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        else
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            exit $SMF_EXIT_ERR_CONFIG
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ;;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    stop)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        [ -n "$pid" ] && kill -TERM $pid
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ipf -D
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        [ -n "$ipfid" ] && modunload -i $ipfid
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ;;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    pause)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ipfs -l
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ipfs -NS -w
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ipf -D
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        if [ -f $PIDFILE ] ; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            if kill -0 $pid; then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin                kill -TERM $pid
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            else
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin                cp /dev/null $PIDFILE
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        fi
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ;;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    resume)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        ipf -E
        ipfs -R
        load_ippool
        load_ipf
        load_ipnat
        if [ -f $PIDFILE -a -n "$pid" ] ; then
            /usr/sbin/ipmon -Ds
        fi
        ;;

    reload)
        load_ippool
        load_ipf
        load_ipnat
        ;;

    reipf)
        load_ipf
        ;;

    reipnat)
        load_ipnat
        ;;

    *)
        echo "Usage: $0 \c" >&2
        echo "(start|stop|reload|reipf|reipnat|pause|resume)" >&2
        exit 1
        ;;

esac
exit $SMF_EXIT_OK