xref: /illumos-gate/usr/src/cmd/ipf/svc/ipfilter (revision f4b3ec61) 
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# ident	"%Z%%M%	%I%	%E% SMI"
24#
25# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
26# Use is subject to license terms.
27#
28
29. /lib/svc/share/smf_include.sh
30
31PATH=${PATH}:/usr/sbin:/usr/lib/ipf
32PIDFILE=/var/run/ipmon.pid
33IPFILCONF=/etc/ipf/ipf.conf
34IP6FILCONF=/etc/ipf/ipf6.conf
35IPNATCONF=/etc/ipf/ipnat.conf
36IPPOOLCONF=/etc/ipf/ippool.conf
37PFILCHECKED=no
38
39zone=`smf_zonename`
40ipfid=`/usr/sbin/modinfo 2>&1 | awk '/ipf/ { print $1 } ' - 2>/dev/null`
41if [ -f $PIDFILE ] ; then
42	pid=`cat $PIDFILE 2>/dev/null`
43else
44	pid=`pgrep -z $zone ipmon`
45fi
46
47logmsg()
48{
49	logger -p daemon.warning -t ipfilter "$1"
50	echo "$1" >&2
51}
52
53load_ipf() {
54	bad=0
55	if [ -r ${IPFILCONF} ]; then
56		ipf -IFa -f ${IPFILCONF} >/dev/null
57		if [ $? != 0 ]; then
58			echo "$0: load of ${IPFILCONF} into alternate set failed"
59			bad=1
60		fi
61	fi
62	if [ -r ${IP6FILCONF} ]; then
63		ipf -6IFa -f ${IP6FILCONF} >/dev/null
64		if [ $? != 0 ]; then
65			echo "$0: load of ${IP6FILCONF} into alternate set failed"
66			bad=1
67		fi
68	fi
69	if [ $bad -eq 0 ] ; then
70		ipf -s -y >/dev/null
71		return 0
72	else
73		echo "Not switching config due to load error."
74		return 1
75	fi
76}
77
78
79load_ipnat() {
80	if [ -r ${IPNATCONF} ]; then
81		ipnat -CF -f ${IPNATCONF} >/dev/null
82		if [ $? != 0 ]; then
83			echo "$0: load of ${IPNATCONF} failed"
84			return 1
85		else
86			ipf -y >/dev/null
87			return 0
88		fi
89	else
90		return 0
91	fi
92}
93
94
95load_ippool() {
96	if [ -r ${IPPOOLCONF} ]; then
97		ippool -F >/dev/null
98		ippool -f ${IPPOOLCONF} >/dev/null
99		if [ $? != 0 ]; then
100			echo "$0: load of ${IPPOOLCONF} failed"
101			return 1
102		else
103			return 0
104		fi
105	else
106		return 0
107	fi
108}
109
110
111case "$1" in
112	start)
113		[ ! -f ${IPFILCONF} -a ! -f ${IPNATCONF} ] && exit 0
114		ipf -E
115		[ -n "$pid" ] && kill -TERM $pid 2>/dev/null
116		if load_ippool && load_ipf && load_ipnat ; then
117			/usr/sbin/ipmon -Ds
118		else
119			exit $SMF_EXIT_ERR_CONFIG
120		fi
121		;;
122
123	stop)
124		[ -n "$pid" ] && kill -TERM $pid
125		ipf -D
126		[ -n "$ipfid" ] && modunload -i $ipfid
127		;;
128
129	pause)
130		ipfs -l
131		ipfs -NS -w
132		ipf -D
133		if [ -f $PIDFILE ] ; then
134			if kill -0 $pid; then
135				kill -TERM $pid
136			else
137				cp /dev/null $PIDFILE
138			fi
139		fi
140		;;
141
142	resume)
143		ipf -E
144		ipfs -R
145		load_ippool
146		load_ipf
147		load_ipnat
148		if [ -f $PIDFILE -a -n "$pid" ] ; then
149			/usr/sbin/ipmon -Ds
150		fi
151		;;
152
153	reload)
154		load_ippool
155		load_ipf
156		load_ipnat
157		;;
158
159	reipf)
160		load_ipf
161		;;
162
163	reipnat)
164		load_ipnat
165		;;
166
167	*)
168		echo "Usage: $0 \c" >&2
169		echo "(start|stop|reload|reipf|reipnat|pause|resume)" >&2
170		exit 1
171		;;
172
173esac
174exit $SMF_EXIT_OK
175