1#!/sbin/sh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# ident "%Z%%M% %I% %E% SMI" 24# 25# Copyright 2006 Sun Microsystems, Inc. All rights reserved. 26# Use is subject to license terms. 27# 28 29. /lib/svc/share/smf_include.sh 30 31PATH=${PATH}:/usr/sbin:/usr/lib/ipf 32PIDFILE=/var/run/ipmon.pid 33IPFILCONF=/etc/ipf/ipf.conf 34IP6FILCONF=/etc/ipf/ipf6.conf 35IPNATCONF=/etc/ipf/ipnat.conf 36IPPOOLCONF=/etc/ipf/ippool.conf 37PFILCHECKED=no 38 39ipfid=`/usr/sbin/modinfo 2>&1 | awk '/ipf/ { print $1 } ' - 2>/dev/null` 40if [ -f $PIDFILE ] ; then 41 pid=`cat $PIDFILE 2>/dev/null` 42else 43 pid=`pgrep ipmon` 44fi 45 46logmsg() 47{ 48 logger -p daemon.warning -t ipfilter "$1" 49 echo "$1" >&2 50} 51 52load_ipf() { 53 bad=0 54 if [ -r ${IPFILCONF} ]; then 55 ipf -IFa -f ${IPFILCONF} >/dev/null 56 if [ $? != 0 ]; then 57 echo "$0: load of ${IPFILCONF} into alternate set failed" 58 bad=1 59 fi 60 fi 61 if [ -r ${IP6FILCONF} ]; then 62 ipf -6IFa -f ${IP6FILCONF} >/dev/null 63 if [ $? != 0 ]; then 64 echo "$0: load of ${IP6FILCONF} into alternate set failed" 65 bad=1 66 fi 67 fi 68 if [ $bad -eq 0 ] ; then 69 ipf -s -y >/dev/null 70 return 0 71 else 72 echo "Not switching config due to load error." 73 return 1 74 fi 75} 76 77 78load_ipnat() { 79 if [ -r ${IPNATCONF} ]; then 80 ipnat -CF -f ${IPNATCONF} >/dev/null 81 if [ $? != 0 ]; then 82 echo "$0: load of ${IPNATCONF} failed" 83 return 1 84 else 85 ipf -y >/dev/null 86 return 0 87 fi 88 else 89 return 0 90 fi 91} 92 93 94load_ippool() { 95 if [ -r ${IPPOOLCONF} ]; then 96 ippool -F >/dev/null 97 ippool -f ${IPPOOLCONF} >/dev/null 98 if [ $? != 0 ]; then 99 echo "$0: load of ${IPPOOLCONF} failed" 100 return 1 101 else 102 return 0 103 fi 104 else 105 return 0 106 fi 107} 108 109 110case "$1" in 111 start) 112 [ ! -f ${IPFILCONF} -a ! -f ${IPNATCONF} ] && exit 0 113 ipf -E 114 [ -n "$pid" ] && kill -TERM $pid 2>/dev/null 115 if load_ippool && load_ipf && load_ipnat ; then 116 /usr/sbin/ipmon -Ds 117 else 118 exit $SMF_EXIT_ERR_CONFIG 119 fi 120 ;; 121 122 stop) 123 [ -n "$pid" ] && kill -TERM $pid 124 ipf -D 125 [ -n "$ipfid" ] && modunload -i $ipfid 126 ;; 127 128 pause) 129 ipfs -l 130 ipfs -NS -w 131 ipf -D 132 if [ -f $PIDFILE ] ; then 133 if kill -0 $pid; then 134 kill -TERM $pid 135 else 136 cp /dev/null $PIDFILE 137 fi 138 fi 139 ;; 140 141 resume) 142 ipf -E 143 ipfs -R 144 load_ippool 145 load_ipf 146 load_ipnat 147 if [ -f $PIDFILE -a -n "$pid" ] ; then 148 /usr/sbin/ipmon -Ds 149 fi 150 ;; 151 152 reload) 153 load_ippool 154 load_ipf 155 load_ipnat 156 ;; 157 158 reipf) 159 load_ipf 160 ;; 161 162 reipnat) 163 load_ipnat 164 ;; 165 166 *) 167 echo "Usage: $0 \c" >&2 168 echo "(start|stop|reload|reipf|reipnat|pause|resume)" >&2 169 exit 1 170 ;; 171 172esac 173exit $SMF_EXIT_OK 174