NetBSD/dist/ipf/BSD/ipfadm-rcd
2007-04-14 20:17:19 +00:00

351 lines
4.4 KiB
Bash

#!/bin/sh
#
# Copyright (C) 2006 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
prog=$0
RCD=/etc/rc.conf.d
# This script is an interface to the following rc.d scripts:
# /etc/rc.d/ipfilter
# /etc/rc.d/ipfs
# /etc/rc.d/ipnat
# /etc/rc.d/ipmon
running=`ipf -V 2>/dev/null|sed -ne 's/Running: \(.*\)/\1/p'`
usage() {
echo "$prog status"
echo "$prog ipfilter <enable|disable|reload|resync|start|status|stop>"
echo "$prog ipfs <enable|disable|status|start|stop>"
echo "$prog ipmon <enable|disable|restart|start|status|stop>"
echo "$prog ipnat <enable|disable|reload|start|status|stop>"
exit 1
}
enable() {
old=${RCD}/$1.old
new=${RCD}/$1
mkdir ${RCD}/$1.d
if [ $? -eq 0 ] ; then
if [ -f ${RCD}/$1 ] ; then
cp ${RCD}/$1 ${RCD}/$1.old
sed -e "s/^${1} *\=.*/${1}\=YES/" ${old} > ${new}
/bin/rm ${old}
else
echo "$1=YES" > ${RCD}/$1
chmod go-wx ${RCD}/$1
fi
rmdir ${RCD}/$1.d
fi
}
disable() {
old=${RCD}/$1.old
new=${RCD}/$1
mkdir ${RCD}/$1.d
if [ $? -eq 0 ] ; then
if [ -f ${RCD}/$1 ] ; then
cp ${RCD}/$1 ${RCD}/$1.old
sed -e "s/^${1} *\=.*/${1}\=NO/" ${old} > ${new}
/bin/rm ${old}
else
echo "$1=NO" > ${RCD}/$1
chmod go-wx ${RCD}/$1
fi
rmdir ${RCD}/$1.d
fi
}
status() {
active=`/etc/rc.d/$1 rcvar|sed -ne "s/^$""${1}\=\(.*\)$/\1/p"`
case $active in
NO)
return 0
;;
YES)
return 1
;;
esac
return 2
}
status_ipmon() {
echo -n "ipmon "
pid=`pgrep ipmon`
status ipmon
case $? in
0)
if [ -n "$pid" ] ; then
echo "disabled-but-running"
else
echo "disabled"
fi
;;
1)
if [ -n "$pid" ] ; then
echo "enabled"
else
echo "enabled-not-running"
fi
;;
2)
if [ -n "$pid" ] ; then
echo "unknown-state-running"
else
echo "unknown-state"
fi
;;
esac
}
status_ipfilter() {
if [ -z "$running" ] ; then
rules=
emsg="-not-in-kernel"
dmsg=
else
case $running in
yes)
emsg=
dmsg="-rules-loaded"
rules=`ipfstat -io 2>/dev/null`
if [ -z "$rules" ] ; then
rules=`ipfstat -aio 2>/dev/null`
if [ -z "$rules" ] ; then
emsg="-no-rules"
dmsg=
fi
fi
;;
no)
rules=
emsg="-not-running"
dmsg=
;;
esac
fi
echo -n "ipfilter "
status ipfilter
case $? in
0)
echo "disabled${dmsg}"
;;
1)
echo "enabled${emsg}"
;;
2)
if [ -n "$rules" ] ; then
echo "unknown${dmsg}"
else
echo "unknown-state"
fi
;;
esac
}
status_ipnat() {
if [ -z "$running" ] ; then
rules=
emsg="-not-in-kernel"
dmsg=
else
case $running in
yes)
emsg=
dmsg="-rules-loaded"
rules=`ipnat -l 2>/dev/null | egrep '^map|rdr' 2>/dev/null`
if [ -z "$rules" ] ; then
emsg="-no-rules"
dmsg=
fi
;;
no)
rules=
emsg="-not-running"
dmsg=
;;
esac
fi
echo -n "ipnat "
status ipnat
case $? in
0)
echo "disabled${dmsg}"
;;
1)
echo "enabled${dmsg}"
;;
2)
if [ -n "$rules" ] ; then
echo "unknown${dmsg}"
else
echo "unknown-state"
fi
;;
esac
}
status_ipfs() {
status ipfs
report ipfs $?
}
report() {
echo -n "$1 "
case $2 in
0)
echo "disabled"
;;
1)
echo "enabled"
;;
2)
echo "unknown-status"
;;
*)
echo "$2"
;;
esac
}
do_ipfilter() {
case $1 in
enable)
enable ipfilter
;;
disable)
disable ipfilter
;;
reload)
/etc/rc.d/ipfilter reload
;;
resync)
/etc/rc.d/ipfilter resync
;;
start)
/etc/rc.d/ipfilter start
;;
status)
status_ipfilter
;;
stop)
/etc/rc.d/ipfilter stop
;;
*)
usage
;;
esac
}
do_ipfs() {
case $1 in
enable)
enable ipfs
;;
disable)
disble ipfs
;;
start)
/etc/rc.d/ipfs start
;;
status)
status_ipfs
;;
stop)
/etc/rc.d/ipfs stop
;;
*)
usage
;;
esac
}
do_ipmon() {
case $1 in
enable)
enable ipmon
;;
disable)
disble ipmon
;;
restart)
/etc/rc.d/ipmon restart
;;
start)
/etc/rc.d/ipmon start
;;
status)
status_ipmon
;;
stop)
/etc/rc.d/ipmon stop
;;
*)
usage
;;
esac
}
do_ipnat() {
case $1 in
enable)
enable ipnat
;;
disable)
disable ipnat
;;
reload)
/etc/rc.d/ipnat reload
;;
restart)
/etc/rc.d/ipnat restart
;;
start)
/etc/rc.d/ipnat start
;;
status)
status_ipnat
;;
stop)
/etc/rc.d/ipnat stop
;;
*)
usage
;;
esac
}
do_status_all() {
status_ipfilter
status_ipfs
status_ipmon
status_ipnat
}
case $1 in
status)
do_status_all
;;
ipfilter)
do_ipfilter $2
;;
ipfs)
do_ipfs $2
;;
ipmon)
do_ipmon $2
;;
ipnat)
do_ipnat $2
;;
*)
usage
;;
esac
exit 0