head	1.1;
branch	1.1.1;
access;
symbols
	RELENG_8_4:1.1.1.1.0.32
	RELENG_9_1_0_RELEASE:1.1.1.1
	RELENG_9_1:1.1.1.1.0.30
	RELENG_9_1_BP:1.1.1.1
	RELENG_8_3_0_RELEASE:1.1.1.1
	RELENG_8_3:1.1.1.1.0.28
	RELENG_8_3_BP:1.1.1.1
	RELENG_9_0_0_RELEASE:1.1.1.1
	RELENG_9_0:1.1.1.1.0.26
	RELENG_9_0_BP:1.1.1.1
	RELENG_9:1.1.1.1.0.24
	RELENG_9_BP:1.1.1.1
	RELENG_7_4_0_RELEASE:1.1.1.1
	RELENG_8_2_0_RELEASE:1.1.1.1
	RELENG_7_4:1.1.1.1.0.22
	RELENG_7_4_BP:1.1.1.1
	RELENG_8_2:1.1.1.1.0.20
	RELENG_8_2_BP:1.1.1.1
	RELENG_8_1_0_RELEASE:1.1.1.1
	RELENG_8_1:1.1.1.1.0.18
	RELENG_8_1_BP:1.1.1.1
	RELENG_7_3_0_RELEASE:1.1.1.1
	RELENG_7_3:1.1.1.1.0.16
	RELENG_7_3_BP:1.1.1.1
	RELENG_8_0_0_RELEASE:1.1.1.1
	RELENG_8_0:1.1.1.1.0.14
	RELENG_8_0_BP:1.1.1.1
	RELENG_8:1.1.1.1.0.12
	RELENG_8_BP:1.1.1.1
	RELENG_7_2_0_RELEASE:1.1.1.1
	RELENG_7_2:1.1.1.1.0.10
	RELENG_7_2_BP:1.1.1.1
	RELENG_7_1_0_RELEASE:1.1.1.1
	RELENG_6_4_0_RELEASE:1.1.1.1.4.1
	RELENG_7_1:1.1.1.1.0.8
	RELENG_7_1_BP:1.1.1.1
	RELENG_6_4:1.1.1.1.4.1.0.4
	RELENG_6_4_BP:1.1.1.1.4.1
	RELENG_7_0_0_RELEASE:1.1.1.1
	RELENG_6_3_0_RELEASE:1.1.1.1.4.1
	RELENG_7_0:1.1.1.1.0.6
	RELENG_7_0_BP:1.1.1.1
	RELENG_6_3:1.1.1.1.4.1.0.2
	RELENG_6_3_BP:1.1.1.1.4.1
	RELENG_6:1.1.1.1.0.4
	v4-1-28:1.1.1.1
	RELENG_7:1.1.1.1.0.2
	RELENG_7_BP:1.1.1.1
	v4-1-23:1.1.1.1
	DARRENR:1.1.1;
locks; strict;
comment	@# @;


1.1
date	2007.06.04.02.48.03;	author darrenr;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	2007.06.04.02.48.03;	author darrenr;	state Exp;
branches
	1.1.1.1.4.1
	1.1.1.1.32.1;
next	;

1.1.1.1.4.1
date	2007.11.18.11.03.18;	author darrenr;	state Exp;
branches;
next	;

1.1.1.1.32.1
date	2007.06.04.02.48.03;	author svnexp;	state dead;
branches;
next	1.1.1.1.32.2;

1.1.1.1.32.2
date	2013.03.28.13.01.20;	author svnexp;	state Exp;
branches;
next	;


desc
@@


1.1
log
@Initial revision
@
text
@#!/bin/sh
#
# Copyright (C) 2006 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
prog=$0

RCD=/etc/rc.conf.d

# This script is an interface to the following rc.d scripts:
# /etc/rc.d/ipfilter
# /etc/rc.d/ipfs
# /etc/rc.d/ipnat
# /etc/rc.d/ipmon

running=`ipf -V 2>/dev/null|sed -ne 's/Running: \(.*\)/\1/p'`

usage() {
	echo "$prog status"
	echo "$prog ipfilter <enable|disable|reload|resync|start|status|stop>"
	echo "$prog ipfs <enable|disable|status|start|stop>"
	echo "$prog ipmon <enable|disable|restart|start|status|stop>"
	echo "$prog ipnat <enable|disable|reload|start|status|stop>"
	exit 1
}

enable() {
	old=${RCD}/$1.old
	new=${RCD}/$1
	mkdir ${RCD}/$1.d
	if [ $? -eq 0 ] ; then
		if [ -f ${RCD}/$1 ] ; then
			cp ${RCD}/$1 ${RCD}/$1.old
			sed -e "s/^${1} *\=.*/${1}\=YES/" ${old} > ${new}
			/bin/rm ${old}
		else
			echo "$1=YES" > ${RCD}/$1
			chmod go-wx ${RCD}/$1
		fi
		rmdir ${RCD}/$1.d
	fi
}

disable() {
	old=${RCD}/$1.old
	new=${RCD}/$1
	mkdir ${RCD}/$1.d
	if [ $? -eq 0 ] ; then
		if [ -f ${RCD}/$1 ] ; then
			cp ${RCD}/$1 ${RCD}/$1.old
			sed -e "s/^${1} *\=.*/${1}\=NO/" ${old} > ${new}
			/bin/rm ${old}
		else
			echo "$1=NO" > ${RCD}/$1
			chmod go-wx ${RCD}/$1
		fi
		rmdir ${RCD}/$1.d
	fi
}

status() {
	active=`/etc/rc.d/$1 rcvar|sed -ne "s/^$""${1}\=\(.*\)$/\1/p"`
	case $active in
	NO)
		return 0
		;;
	YES)
		return 1
		;;
	esac
	return 2
}

status_ipmon() {
	echo -n "ipmon "
	pid=`pgrep ipmon`
	status ipmon
	case $? in
	0)
		if [ -n "$pid" ] ; then
			echo "disabled-but-running"
		else
			echo "disabled"
		fi
		;;
	1)
		if [ -n "$pid" ] ; then
			echo "enabled"
		else
			echo "enabled-not-running"
		fi
		;;
	2)
		if [ -n "$pid" ] ; then
			echo "unknown-state-running"
		else
			echo "unknown-state"
		fi
		;;
	esac
}

status_ipfilter() {
	if [ -z "$running" ] ; then
		rules=
		emsg="-not-in-kernel"
		dmsg=
	else
		case $running in
		yes)
			emsg=
			dmsg="-rules-loaded"
			rules=`ipfstat -io 2>/dev/null`
			if [ -z "$rules" ] ; then
				rules=`ipfstat -aio 2>/dev/null`
				if [ -z "$rules" ] ; then
					emsg="-no-rules"
					dmsg=
				fi
			fi
			;;
		no)
			rules=
			emsg="-not-running"
			dmsg=
			;;
		esac
	fi

	echo -n "ipfilter "
	status ipfilter
	case $? in
	0)
		echo "disabled${dmsg}"
		;;
	1)
		echo "enabled${emsg}"
		;;
	2)
		if [ -n "$rules" ] ; then
			echo "unknown${dmsg}"
		else
			echo "unknown-state"
		fi
		;;
	esac
}

status_ipnat() {
	if [ -z "$running" ] ; then
		rules=
		emsg="-not-in-kernel"
		dmsg=
	else
		case $running in
		yes)
			emsg=
			dmsg="-rules-loaded"
			rules=`ipnat -l 2>/dev/null | egrep '^map|rdr' 2>/dev/null`
			if [ -z "$rules" ] ; then
				emsg="-no-rules"
				dmsg=
			fi
			;;
		no)
			rules=
			emsg="-not-running"
			dmsg=
			;;
		esac
	fi

	echo -n "ipnat "
	status ipnat
	case $? in
	0)
		echo "disabled${dmsg}"
		;;
	1)
		echo "enabled${dmsg}"
		;;
	2)
		if [ -n "$rules" ] ; then
			echo "unknown${dmsg}"
		else
			echo "unknown-state"
		fi
		;;
	esac
}

status_ipfs() {
	status ipfs
	report ipfs $?
}

report() {
	echo -n "$1 "
	case $2 in
	0)
		echo "disabled"
		;;
	1)
		echo "enabled"
		;;
	2)
		echo "unknown-status"
		;;
	*)
		echo "$2"
		;;
	esac
}

do_ipfilter() {
	case $1 in
	enable)
		enable ipfilter
		;;
	disable)
		disable ipfilter
		;;
	reload)
		/etc/rc.d/ipfilter reload
		;;
	resync)
		/etc/rc.d/ipfilter resync
		;;
	start)
		/etc/rc.d/ipfilter start
		;;
	status)
		status_ipfilter
		;;
	stop)
		/etc/rc.d/ipfilter stop
		;;
	*)
		usage
		;;
	esac
}

do_ipfs() {
	case $1 in
	enable)
		enable ipfs
		;;
	disable)
		disble ipfs
		;;
	start)
		/etc/rc.d/ipfs start
		;;
	status)
		status_ipfs
		;;
	stop)
		/etc/rc.d/ipfs stop
		;;
	*)
		usage
		;;
	esac
}

do_ipmon() {
	case $1 in
	enable)
		enable ipmon
		;;
	disable)
		disble ipmon
		;;
	restart)
		/etc/rc.d/ipmon restart
		;;
	start)
		/etc/rc.d/ipmon start
		;;
	status)
		status_ipmon
		;;
	stop)
		/etc/rc.d/ipmon stop
		;;
	*)
		usage
		;;
	esac
}

do_ipnat() {
	case $1 in
	enable)
		enable ipnat
		;;
	disable)
		disable ipnat
		;;
	reload)
		/etc/rc.d/ipnat reload
		;;
	restart)
		/etc/rc.d/ipnat restart
		;;
	start)
		/etc/rc.d/ipnat start
		;;
	status)
		status_ipnat
		;;
	stop)
		/etc/rc.d/ipnat stop
		;;
	*)
		usage
		;;
	esac
}

do_status_all() {
	status_ipfilter
	status_ipfs
	status_ipmon
	status_ipnat
}

case $1 in
status)
	do_status_all
	;;
ipfilter)
	do_ipfilter $2
	;;
ipfs)
	do_ipfs $2
	;;
ipmon)
	do_ipmon $2
	;;
ipnat)
	do_ipnat $2
	;;
*)
	usage
	;;
esac
exit 0
@


1.1.1.1
log
@Import IPFilter 4.1.23 to vendor branch.
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
@
text
@@


1.1.1.1.32.1
log
@file ipfadm-rcd was added on branch RELENG_8_4 on 2013-03-28 13:01:20 +0000
@
text
@d1 350
@


1.1.1.1.32.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 350
#!/bin/sh
#
# Copyright (C) 2006 by Darren Reed.
#
# See the IPFILTER.LICENCE file for details on licencing.
#
prog=$0

RCD=/etc/rc.conf.d

# This script is an interface to the following rc.d scripts:
# /etc/rc.d/ipfilter
# /etc/rc.d/ipfs
# /etc/rc.d/ipnat
# /etc/rc.d/ipmon

running=`ipf -V 2>/dev/null|sed -ne 's/Running: \(.*\)/\1/p'`

usage() {
	echo "$prog status"
	echo "$prog ipfilter <enable|disable|reload|resync|start|status|stop>"
	echo "$prog ipfs <enable|disable|status|start|stop>"
	echo "$prog ipmon <enable|disable|restart|start|status|stop>"
	echo "$prog ipnat <enable|disable|reload|start|status|stop>"
	exit 1
}

enable() {
	old=${RCD}/$1.old
	new=${RCD}/$1
	mkdir ${RCD}/$1.d
	if [ $? -eq 0 ] ; then
		if [ -f ${RCD}/$1 ] ; then
			cp ${RCD}/$1 ${RCD}/$1.old
			sed -e "s/^${1} *\=.*/${1}\=YES/" ${old} > ${new}
			/bin/rm ${old}
		else
			echo "$1=YES" > ${RCD}/$1
			chmod go-wx ${RCD}/$1
		fi
		rmdir ${RCD}/$1.d
	fi
}

disable() {
	old=${RCD}/$1.old
	new=${RCD}/$1
	mkdir ${RCD}/$1.d
	if [ $? -eq 0 ] ; then
		if [ -f ${RCD}/$1 ] ; then
			cp ${RCD}/$1 ${RCD}/$1.old
			sed -e "s/^${1} *\=.*/${1}\=NO/" ${old} > ${new}
			/bin/rm ${old}
		else
			echo "$1=NO" > ${RCD}/$1
			chmod go-wx ${RCD}/$1
		fi
		rmdir ${RCD}/$1.d
	fi
}

status() {
	active=`/etc/rc.d/$1 rcvar|sed -ne "s/^$""${1}\=\(.*\)$/\1/p"`
	case $active in
	NO)
		return 0
		;;
	YES)
		return 1
		;;
	esac
	return 2
}

status_ipmon() {
	echo -n "ipmon "
	pid=`pgrep ipmon`
	status ipmon
	case $? in
	0)
		if [ -n "$pid" ] ; then
			echo "disabled-but-running"
		else
			echo "disabled"
		fi
		;;
	1)
		if [ -n "$pid" ] ; then
			echo "enabled"
		else
			echo "enabled-not-running"
		fi
		;;
	2)
		if [ -n "$pid" ] ; then
			echo "unknown-state-running"
		else
			echo "unknown-state"
		fi
		;;
	esac
}

status_ipfilter() {
	if [ -z "$running" ] ; then
		rules=
		emsg="-not-in-kernel"
		dmsg=
	else
		case $running in
		yes)
			emsg=
			dmsg="-rules-loaded"
			rules=`ipfstat -io 2>/dev/null`
			if [ -z "$rules" ] ; then
				rules=`ipfstat -aio 2>/dev/null`
				if [ -z "$rules" ] ; then
					emsg="-no-rules"
					dmsg=
				fi
			fi
			;;
		no)
			rules=
			emsg="-not-running"
			dmsg=
			;;
		esac
	fi

	echo -n "ipfilter "
	status ipfilter
	case $? in
	0)
		echo "disabled${dmsg}"
		;;
	1)
		echo "enabled${emsg}"
		;;
	2)
		if [ -n "$rules" ] ; then
			echo "unknown${dmsg}"
		else
			echo "unknown-state"
		fi
		;;
	esac
}

status_ipnat() {
	if [ -z "$running" ] ; then
		rules=
		emsg="-not-in-kernel"
		dmsg=
	else
		case $running in
		yes)
			emsg=
			dmsg="-rules-loaded"
			rules=`ipnat -l 2>/dev/null | egrep '^map|rdr' 2>/dev/null`
			if [ -z "$rules" ] ; then
				emsg="-no-rules"
				dmsg=
			fi
			;;
		no)
			rules=
			emsg="-not-running"
			dmsg=
			;;
		esac
	fi

	echo -n "ipnat "
	status ipnat
	case $? in
	0)
		echo "disabled${dmsg}"
		;;
	1)
		echo "enabled${dmsg}"
		;;
	2)
		if [ -n "$rules" ] ; then
			echo "unknown${dmsg}"
		else
			echo "unknown-state"
		fi
		;;
	esac
}

status_ipfs() {
	status ipfs
	report ipfs $?
}

report() {
	echo -n "$1 "
	case $2 in
	0)
		echo "disabled"
		;;
	1)
		echo "enabled"
		;;
	2)
		echo "unknown-status"
		;;
	*)
		echo "$2"
		;;
	esac
}

do_ipfilter() {
	case $1 in
	enable)
		enable ipfilter
		;;
	disable)
		disable ipfilter
		;;
	reload)
		/etc/rc.d/ipfilter reload
		;;
	resync)
		/etc/rc.d/ipfilter resync
		;;
	start)
		/etc/rc.d/ipfilter start
		;;
	status)
		status_ipfilter
		;;
	stop)
		/etc/rc.d/ipfilter stop
		;;
	*)
		usage
		;;
	esac
}

do_ipfs() {
	case $1 in
	enable)
		enable ipfs
		;;
	disable)
		disble ipfs
		;;
	start)
		/etc/rc.d/ipfs start
		;;
	status)
		status_ipfs
		;;
	stop)
		/etc/rc.d/ipfs stop
		;;
	*)
		usage
		;;
	esac
}

do_ipmon() {
	case $1 in
	enable)
		enable ipmon
		;;
	disable)
		disble ipmon
		;;
	restart)
		/etc/rc.d/ipmon restart
		;;
	start)
		/etc/rc.d/ipmon start
		;;
	status)
		status_ipmon
		;;
	stop)
		/etc/rc.d/ipmon stop
		;;
	*)
		usage
		;;
	esac
}

do_ipnat() {
	case $1 in
	enable)
		enable ipnat
		;;
	disable)
		disable ipnat
		;;
	reload)
		/etc/rc.d/ipnat reload
		;;
	restart)
		/etc/rc.d/ipnat restart
		;;
	start)
		/etc/rc.d/ipnat start
		;;
	status)
		status_ipnat
		;;
	stop)
		/etc/rc.d/ipnat stop
		;;
	*)
		usage
		;;
	esac
}

do_status_all() {
	status_ipfilter
	status_ipfs
	status_ipmon
	status_ipnat
}

case $1 in
status)
	do_status_all
	;;
ipfilter)
	do_ipfilter $2
	;;
ipfs)
	do_ipfs $2
	;;
ipmon)
	do_ipmon $2
	;;
ipnat)
	do_ipnat $2
	;;
*)
	usage
	;;
esac
exit 0
@


1.1.1.1.4.1
log
@MFC IPFilter update from 4.1.13 to 4.1.28, including additional fixes applied
post 4.1.28 for FreeBSD.  See src/contrib/ipfilter/HISTORY for more details
of the bugs fixed, etc.
@
text
@@

