xref: /illumos-gate/usr/src/cmd/ipf/svc/ipfilter (revision a9a89b0d) 
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# ident	"%Z%%M%	%I%	%E% SMI"
24#
25# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
26# Use is subject to license terms.
27#
28
29. /lib/svc/share/smf_include.sh
30
31PATH=${PATH}:/usr/sbin:/usr/lib/ipf
32PIDFILE=/var/run/ipmon.pid
33IPFILCONF=/etc/ipf/ipf.conf
34IP6FILCONF=/etc/ipf/ipf6.conf
35IPNATCONF=/etc/ipf/ipnat.conf
36IPPOOLCONF=/etc/ipf/ippool.conf
37PFILCHECKED=no
38
39ipfid=`/usr/sbin/modinfo 2>&1 | awk '/ipf/ { print $1 } ' - 2>/dev/null`
40if [ -f $PIDFILE ] ; then
41	pid=`cat $PIDFILE 2>/dev/null`
42else
43	pid=`pgrep ipmon`
44fi
45
46logmsg()
47{
48	logger -p daemon.warning -t ipfilter "$1"
49	echo "$1" >&2
50}
51
52load_ipf() {
53	bad=0
54	if [ -r ${IPFILCONF} ]; then
55		ipf -IFa -f ${IPFILCONF} >/dev/null
56		if [ $? != 0 ]; then
57			echo "$0: load of ${IPFILCONF} into alternate set failed"
58			bad=1
59		fi
60	fi
61	if [ -r ${IP6FILCONF} ]; then
62		ipf -6IFa -f ${IP6FILCONF} >/dev/null
63		if [ $? != 0 ]; then
64			echo "$0: load of ${IP6FILCONF} into alternate set failed"
65			bad=1
66		fi
67	fi
68	if [ $bad -eq 0 ] ; then
69		ipf -s -y >/dev/null
70		return 0
71	else
72		echo "Not switching config due to load error."
73		return 1
74	fi
75}
76
77
78load_ipnat() {
79	if [ -r ${IPNATCONF} ]; then
80		ipnat -CF -f ${IPNATCONF} >/dev/null
81		if [ $? != 0 ]; then
82			echo "$0: load of ${IPNATCONF} failed"
83			return 1
84		else
85			ipf -y >/dev/null
86			return 0
87		fi
88	else
89		return 0
90	fi
91}
92
93
94load_ippool() {
95	if [ -r ${IPPOOLCONF} ]; then
96		ippool -F >/dev/null
97		ippool -f ${IPPOOLCONF} >/dev/null
98		if [ $? != 0 ]; then
99			echo "$0: load of ${IPPOOLCONF} failed"
100			return 1
101		else
102			return 0
103		fi
104	else
105		return 0
106	fi
107}
108
109
110case "$1" in
111	start)
112		[ ! -f ${IPFILCONF} -a ! -f ${IPNATCONF} ] && exit 0
113		ipf -E
114		[ -n "$pid" ] && kill -TERM $pid 2>/dev/null
115		if load_ippool && load_ipf && load_ipnat ; then
116			/usr/sbin/ipmon -Ds
117		else
118			exit $SMF_EXIT_ERR_CONFIG
119		fi
120		;;
121
122	stop)
123		[ -n "$pid" ] && kill -TERM $pid
124		ipf -D
125		[ -n "$ipfid" ] && modunload -i $ipfid
126		;;
127
128	pause)
129		ipfs -l
130		ipfs -NS -w
131		ipf -D
132		if [ -f $PIDFILE ] ; then
133			if kill -0 $pid; then
134				kill -TERM $pid
135			else
136				cp /dev/null $PIDFILE
137			fi
138		fi
139		;;
140
141	resume)
142		ipf -E
143		ipfs -R
144		load_ippool
145		load_ipf
146		load_ipnat
147		if [ -f $PIDFILE -a -n "$pid" ] ; then
148			/usr/sbin/ipmon -Ds
149		fi
150		;;
151
152	reload)
153		load_ippool
154		load_ipf
155		load_ipnat
156		;;
157
158	reipf)
159		load_ipf
160		;;
161
162	reipnat)
163		load_ipnat
164		;;
165
166	*)
167		echo "Usage: $0 \c" >&2
168		echo "(start|stop|reload|reipf|reipnat|pause|resume)" >&2
169		exit 1
170		;;
171
172esac
173exit $SMF_EXIT_OK
174