| #!/sbin/sh |
| # |
| # CDDL HEADER START |
| # |
| # The contents of this file are subject to the terms of the |
| # Common Development and Distribution License (the "License"). |
| # You may not use this file except in compliance with the License. |
| # |
| # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
| # or http://www.opensolaris.org/os/licensing. |
| # See the License for the specific language governing permissions |
| # and limitations under the License. |
| # |
| # When distributing Covered Code, include this CDDL HEADER in each |
| # file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
| # If applicable, add the following below this CDDL HEADER, with the |
| # fields enclosed by brackets "[]" replaced with your own identifying |
| # information: Portions Copyright [yyyy] [name of copyright owner] |
| # |
| # CDDL HEADER END |
| # |
| # |
| # ident "%Z%%M% %I% %E% SMI" |
| # |
| # Copyright 2007 Sun Microsystems, Inc. All rights reserved. |
| # Use is subject to license terms. |
| # |
| |
| . /lib/svc/share/smf_include.sh |
| |
| PATH=${PATH}:/usr/sbin:/usr/lib/ipf |
| PIDFILE=/var/run/ipmon.pid |
| IPFILCONF=/etc/ipf/ipf.conf |
| IP6FILCONF=/etc/ipf/ipf6.conf |
| IPNATCONF=/etc/ipf/ipnat.conf |
| IPPOOLCONF=/etc/ipf/ippool.conf |
| PFILCHECKED=no |
| |
| zone=`smf_zonename` |
| ipfid=`/usr/sbin/modinfo 2>&1 | awk '/ipf/ { print $1 } ' - 2>/dev/null` |
| if [ -f $PIDFILE ] ; then |
| pid=`cat $PIDFILE 2>/dev/null` |
| else |
| pid=`pgrep -z $zone ipmon` |
| fi |
| |
| logmsg() |
| { |
| logger -p daemon.warning -t ipfilter "$1" |
| echo "$1" >&2 |
| } |
| |
| load_ipf() { |
| bad=0 |
| if [ -r ${IPFILCONF} ]; then |
| ipf -IFa -f ${IPFILCONF} >/dev/null |
| if [ $? != 0 ]; then |
| echo "$0: load of ${IPFILCONF} into alternate set failed" |
| bad=1 |
| fi |
| fi |
| if [ -r ${IP6FILCONF} ]; then |
| ipf -6IFa -f ${IP6FILCONF} >/dev/null |
| if [ $? != 0 ]; then |
| echo "$0: load of ${IP6FILCONF} into alternate set failed" |
| bad=1 |
| fi |
| fi |
| if [ $bad -eq 0 ] ; then |
| ipf -s -y >/dev/null |
| return 0 |
| else |
| echo "Not switching config due to load error." |
| return 1 |
| fi |
| } |
| |
| |
| load_ipnat() { |
| if [ -r ${IPNATCONF} ]; then |
| ipnat -CF -f ${IPNATCONF} >/dev/null |
| if [ $? != 0 ]; then |
| echo "$0: load of ${IPNATCONF} failed" |
| return 1 |
| else |
| ipf -y >/dev/null |
| return 0 |
| fi |
| else |
| return 0 |
| fi |
| } |
| |
| |
| load_ippool() { |
| if [ -r ${IPPOOLCONF} ]; then |
| ippool -F >/dev/null |
| ippool -f ${IPPOOLCONF} >/dev/null |
| if [ $? != 0 ]; then |
| echo "$0: load of ${IPPOOLCONF} failed" |
| return 1 |
| else |
| return 0 |
| fi |
| else |
| return 0 |
| fi |
| } |
| |
| |
| case "$1" in |
| start) |
| [ ! -f ${IPFILCONF} -a ! -f ${IPNATCONF} ] && exit 0 |
| ipf -E |
| [ -n "$pid" ] && kill -TERM $pid 2>/dev/null |
| if load_ippool && load_ipf && load_ipnat ; then |
| /usr/sbin/ipmon -Ds |
| else |
| exit $SMF_EXIT_ERR_CONFIG |
| fi |
| ;; |
| |
| stop) |
| [ -n "$pid" ] && kill -TERM $pid |
| ipf -D |
| [ -n "$ipfid" ] && modunload -i $ipfid |
| ;; |
| |
| pause) |
| ipfs -l |
| ipfs -NS -w |
| ipf -D |
| if [ -f $PIDFILE ] ; then |
| if kill -0 $pid; then |
| kill -TERM $pid |
| else |
| cp /dev/null $PIDFILE |
| fi |
| fi |
| ;; |
| |
| resume) |
| ipf -E |
| ipfs -R |
| load_ippool |
| load_ipf |
| load_ipnat |
| if [ -f $PIDFILE -a -n "$pid" ] ; then |
| /usr/sbin/ipmon -Ds |
| fi |
| ;; |
| |
| reload) |
| load_ippool |
| load_ipf |
| load_ipnat |
| ;; |
| |
| reipf) |
| load_ipf |
| ;; |
| |
| reipnat) |
| load_ipnat |
| ;; |
| |
| *) |
| echo "Usage: $0 \c" >&2 |
| echo "(start|stop|reload|reipf|reipnat|pause|resume)" >&2 |
| exit 1 |
| ;; |
| |
| esac |
| exit $SMF_EXIT_OK |