Editing Firewall

Jump to: navigation, search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 19: Line 19:
 
If you run <code>[[Rc-update|rc-update]]</code> it shows all running services, ipfw included.  
 
If you run <code>[[Rc-update|rc-update]]</code> it shows all running services, ipfw included.  
 
   
 
   
 +
==Settings==
 +
 +
 +
name="ipfw"
 +
description="Firewall, traffic shaper, packet scheduler, in-kernel NAT"
 +
firewall_coscripts="natd ${firewall_coscripts}"
 +
SYSCTL="/sbin/sysctl"
 +
 +
. /etc/network.subr
 +
 +
depend() {
 +
before net
 +
provide firewall
 +
keyword -jail -stop -shutdown
 +
}
 +
 +
load_kld(){
 +
kldload -nq $1
 +
}
 +
 +
start_pre()
 +
{
 +
load_kld ipfw
 +
if yesno dummynet_enable; then
 +
load_kld "dummynet"
 +
fi
 +
if yesno natd_enable; then
 +
load_kld "ipdivert"
 +
fi
 +
if yesno firewall_nat_enable; then
 +
load_kld "ipfw_nat"
 +
fi
 +
}
 +
 +
start()
 +
{
 +
local  _firewall_type
 +
 +
_firewall_type=$1
 +
 +
ebegin "Starting $name"
 +
# set the firewall rules script if none was specified
 +
[ -z "${firewall_script}" ] && firewall_script=/etc/ipfw.rules
 +
 +
if [ -r "${firewall_script}" ]; then
 +
/bin/sh "${firewall_script}" "${_firewall_type}"
 +
elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then
 +
ewarn 'Warning: kernel has firewall functionality, but' \
 +
    ' firewall rules are not enabled.'
 +
ewarn '          All ip services are disabled.'
 +
fi
 +
 +
# Firewall logging
 +
#
 +
if yesno firewall_logging; then
 +
sysctl net.inet.ip.fw.verbose=1 >/dev/null
 +
fi
 +
if yesno firewall_logif; then
 +
ifconfig ipfw0 create
 +
fi
 +
eend 0
 +
}
 +
 +
start_post()
 +
{
 +
local _coscript
 +
 +
# Start firewall coscripts
 +
#
 +
for _coscript in ${firewall_coscripts} ; do
 +
if [ -f "${_coscript}" ]; then
 +
service ${_coscript} start >/dev/null 2>/dev/null
 +
fi
 +
done
 +
 +
# Enable the firewall
 +
#
 +
if ! ${SYSCTL} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then
 +
ewarn "failed to enable IPv4 firewall"
 +
fi
 +
if afexists inet6; then
 +
if ! ${SYSCTL} net.inet6.ip6.fw.enable=1 1>/dev/null 2>&1
 +
then
 +
ewarn "failed to enable IPv6 firewall"
 +
fi
 +
fi
 +
}
 +
 +
reverse_list()
 +
{
 +
_revlist=
 +
for _revfile; do
 +
_revlist="$_revfile $_revlist"
 +
done
 +
echo $_revlist
 +
}
 +
 +
stop()
 +
{
 +
local _coscript
 +
 +
# Disable the firewall
 +
#
 +
ebegin "Stopping $name"
 +
${SYSCTL} net.inet.ip.fw.enable=0
 +
if afexists inet6; then
 +
${SYSCTL} net.inet6.ip6.fw.enable=0
 +
fi
 +
 +
# Stop firewall coscripts
 +
#
 +
for _coscript in `reverse_list ${firewall_coscripts}` ; do
 +
if [ -f "${_coscript}" ]; then
 +
service ${_coscript} stop >/dev/null 2>/dev/null
 +
fi
 +
done
 +
eend 0
 +
}
 +
  
 
[[OpenRC]] manages how ipfw (/etc/[[Init.d|init.d]]/ipfw) configuration is initialized. <br/>
 
[[OpenRC]] manages how ipfw (/etc/[[Init.d|init.d]]/ipfw) configuration is initialized. <br/>

Please note that all contributions to GhostBSD Wiki are considered to be released under the Creative Commons Attribution (see GhostBSD Wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To edit this page, please answer the question that appears below (more info):

Cancel | Editing help (opens in new window)

Template used on this page: