1#!/sbin/sh 2# 3# ident "%Z%%M% %I% %E% SMI" 4# 5# Copyright 2005 Sun Microsystems, Inc. All rights reserved. 6# Use is subject to license terms. 7# 8 9. /lib/svc/share/smf_include.sh 10 11PATH=${PATH}:/usr/sbin:/usr/lib/ipf 12PIDFILE=/etc/ipf/ipmon.pid 13IPFILCONF=/etc/ipf/ipf.conf 14IP6FILCONF=/etc/ipf/ipf6.conf 15IPNATCONF=/etc/ipf/ipnat.conf 16IPPOOLCONF=/etc/ipf/ippool.conf 17PFILCHECKED=no 18 19id=`/usr/sbin/modinfo 2>&1 | awk '/ipf/ { print $1 } ' - 2>/dev/null` 20if [ -f $PIDFILE ] ; then 21 pid=`cat $PIDFILE 2>/dev/null` 22else 23 pid=`pgrep ipmon` 24fi 25pfildpid=`pgrep pfild` 26 27logmsg() 28{ 29 logger -p daemon.warning -t ipfilter "$1" 30 echo "$1" >&2 31} 32 33checkpfil() 34{ 35 if [ $PFILCHECKED = yes ] ; then 36 return 37 fi 38 /usr/sbin/ndd /dev/pfil \? 2>&1 > /dev/null 39 if [ $? -ne 0 ] ; then 40 logmsg "pfil not available to support ipfilter" 41 exit $SMF_EXIT_ERR_CONFIG 42 fi 43 realnic=`/sbin/ifconfig -a modlist 2>/dev/null | grep -c pfil` 44 if [ $realnic -eq 0 ] ; then 45 logmsg "pfil not configured for firewall/NAT operation" 46 fi 47 PFILCHECKED=yes 48} 49 50 51load_ipf() { 52 bad=0 53 if [ -r ${IPFILCONF} ]; then 54 checkpfil 55 ipf -IFa -f ${IPFILCONF} >/dev/null 56 if [ $? != 0 ]; then 57 echo "$0: load of ${IPFILCONF} into alternate set failed" 58 bad=1 59 fi 60 fi 61 if [ -r ${IP6FILCONF} ]; then 62 checkpfil 63 ipf -6IFa -f ${IP6FILCONF} >/dev/null 64 if [ $? != 0 ]; then 65 echo "$0: load of ${IPFILCONF} into alternate set failed" 66 bad=1 67 fi 68 fi 69 if [ $bad -eq 0 ] ; then 70 ipf -s -y >/dev/null 71 return 0 72 else 73 echo "Not switching config due to load error." 74 return 1 75 fi 76} 77 78 79load_ipnat() { 80 if [ -r ${IPNATCONF} ]; then 81 checkpfil 82 ipnat -CF -f ${IPNATCONF} >/dev/null 83 if [ $? != 0 ]; then 84 echo "$0: load of ${IPNATCONF} failed" 85 return 1 86 else 87 ipf -y >/dev/null 88 return 0 89 fi 90 else 91 return 0 92 fi 93} 94 95 96load_ippool() { 97 if [ -r ${IPPOOLCONF} ]; then 98 checkpfil 99 ippool -F >/dev/null 100 ippool -f ${IPPOOLCONF} >/dev/null 101 if [ $? != 0 ]; then 102 echo "$0: load of ${IPPOOLCONF} failed" 103 return 1 104 else 105 return 0 106 fi 107 else 108 return 0 109 fi 110} 111 112 113case "$1" in 114 start) 115 [ ! -f ${IPFILCONF} ] && exit 0 116 [ -n "$pfildpid" ] && kill -TERM $pfildpid 2>/dev/null 117 [ -n "$pid" ] && kill -TERM $pid 2>/dev/null 118 /usr/sbin/pfild >/dev/null 119 if load_ippool && load_ipf && load_ipnat ; then 120 ipmon -Ds 121 else 122 exit $SMF_EXIT_ERR_CONFIG 123 fi 124 ;; 125 126 stop) 127 [ -n "$pfildpid" ] && kill -TERM $pfildpid 128 [ -n "$pid" ] && kill -TERM $pid 129 ;; 130 131 pause) 132 ipfs -l 133 ipfs -NS -w 134 ipf -D 135 if [ -f $PIDFILE ] ; then 136 if kill -0 $pid; then 137 kill -TERM $pid 138 else 139 cp /dev/null $PIDFILE 140 fi 141 fi 142 ;; 143 144 resume) 145 ipf -E 146 ipfs -R 147 load_ippool 148 load_ipf 149 load_ipnat 150 if [ -f $PIDFILE -a -n "$pid" ] ; then 151 ipmon -Ds 152 fi 153 ;; 154 155 reload) 156 load_ippool 157 load_ipf 158 load_ipnat 159 ;; 160 161 reipf) 162 load_ipf 163 ;; 164 165 reipnat) 166 load_ipnat 167 ;; 168 169 *) 170 echo "Usage: $0 \c" >&2 171 echo "(start|stop|reload|reipf|reipnat|pause|resume)" >&2 172 exit 1 173 ;; 174 175esac 176exit $SMF_EXIT_OK 177