Date: Tue, 16 Feb 2010 19:00:48 +0000 (UTC) From: Maksim Yevmenkin <emax@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r203962 - in stable/8: etc/defaults etc/rc.d share/man/man5 Message-ID: <201002161900.o1GJ0mV3007369@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emax Date: Tue Feb 16 19:00:47 2010 New Revision: 203962 URL: http://svn.freebsd.org/changeset/base/203962 Log: MFC: r203676 Introduce new rc.conf variable firewall_coscripts. It can be used to specify list of executables and/or rc scripts that should be executed after firewall starts/stops. Submitted by: Yuri Kurenkov <y dot kurenkov at init dot ru> Reviewed by: rhodes, rc@ Modified: stable/8/etc/defaults/rc.conf stable/8/etc/rc.d/ipfw stable/8/share/man/man5/rc.conf.5 Directory Properties: stable/8/etc/ (props changed) stable/8/share/man/man5/ (props changed) Modified: stable/8/etc/defaults/rc.conf ============================================================================== --- stable/8/etc/defaults/rc.conf Tue Feb 16 18:10:35 2010 (r203961) +++ stable/8/etc/defaults/rc.conf Tue Feb 16 19:00:47 2010 (r203962) @@ -118,6 +118,8 @@ firewall_type="UNKNOWN" # Firewall type firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="NO" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file +firewall_coscripts="" # List of executables/scripts to run after + # firewall starts/stops firewall_client_net="192.0.2.0/24" # Network address for "client" firewall. firewall_simple_iif="ed1" # Inside network interface for "simple" # firewall. Modified: stable/8/etc/rc.d/ipfw ============================================================================== --- stable/8/etc/rc.d/ipfw Tue Feb 16 18:10:35 2010 (r203961) +++ stable/8/etc/rc.d/ipfw Tue Feb 16 19:00:47 2010 (r203962) @@ -14,6 +14,7 @@ name="ipfw" rcvar="firewall_enable" start_cmd="ipfw_start" start_precmd="ipfw_prestart" +start_postcmd="ipfw_poststart" stop_cmd="ipfw_stop" required_modules="ipfw" @@ -40,9 +41,6 @@ ipfw_start() [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall if [ -r "${firewall_script}" ]; then - if [ -f /etc/rc.d/natd ] ; then - /etc/rc.d/natd quietstart - fi /bin/sh "${firewall_script}" "${_firewall_type}" echo 'Firewall rules loaded.' elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then @@ -57,6 +55,19 @@ ipfw_start() echo 'Firewall logging enabled.' sysctl net.inet.ip.fw.verbose=1 >/dev/null fi +} + +ipfw_poststart() +{ + local _coscript + + # Start firewall coscripts + # + for _coscript in ${firewall_coscripts} ; do + if [ -f "${_coscript}" ]; then + ${_coscript} quietstart + fi + done # Enable the firewall # @@ -67,13 +78,22 @@ ipfw_start() ipfw_stop() { + local _coscript + # Disable the firewall # ${SYSCTL_W} net.inet.ip.fw.enable=0 - if [ -f /etc/rc.d/natd ] ; then - /etc/rc.d/natd quietstop - fi + + # Stop firewall coscripts + # + for _coscript in `reverse_list ${firewall_coscripts}` ; do + if [ -f "${_coscript}" ]; then + ${_coscript} quietstop + fi + done } load_rc_config $name +firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}" + run_rc_command $* Modified: stable/8/share/man/man5/rc.conf.5 ============================================================================== --- stable/8/share/man/man5/rc.conf.5 Tue Feb 16 18:10:35 2010 (r203961) +++ stable/8/share/man/man5/rc.conf.5 Tue Feb 16 19:00:47 2010 (r203962) @@ -512,6 +512,10 @@ specifies a filename. .Pq Vt str The IPv6 equivalent of .Va firewall_flags . +.It Va firewall_coscripts +.Pq Vt str +List of executables and/or rc scripts to run after firewall starts/stops. +Default is empty. .\" ----- firewall_nat_enable setting -------------------------------- .It Va firewall_nat_enable .Pq Vt bool
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002161900.o1GJ0mV3007369>