HPUX/ipfboot - net/ipfilter - Rivoreo Source Code Repositories

 #!/sbin/sh
 #
 PATH=/sbin:/usr/bin:/usr/sbin:/opt/ipf/bin
 #
 pid=`ps -e | grep ipmon | awk ' { print $1 } ' -`
 . /etc/rc.config

 block_default_workaround() {
       ipf -F a
       echo "constructing minimal name resolution rules..."
       NAMESERVERS=`cat /etc/resolv.conf | awk '/nameserver/ {printf "%s ", $2}'`
       for NS in $NAMESERVERS
       do
 	      IF_TO_NS=`/usr/sbin/route -n get $NS | awk '/interface/ {print $NF}'`
 	      IP_TO_NS=any
 	      echo "pass out quick proto udp from $IP_TO_NS to $NS port = 53 keep state" | \
 		      ipf -f -
       done
 }

 set_device_files() {
 	input=`kmadmin -Q ipf | grep 'Character Major'`
 	set $input
 	major=$3
 	/bin/rm -f /dev/ipl /dev/ipnat /dev/ipstate /dev/ipauth
 	/bin/rm -f /dev/ipsync /dev/ipscan /dev/iplookup
 	mknod /dev/ipl c $major 0
 	mknod /dev/ipnat c $major 1
 	mknod /dev/ipstate c $major 2
 	mknod /dev/ipauth c $major 3
 	mknod /dev/ipsync c $major 4
 	mknod /dev/ipscan c $major 5
 	mknod /dev/iplookup c $major 6
 }

 case "$1" in
 	start_msg)
 		echo "Starting IP Filter"
 		;;

 	stop_msg)
 		echo "Stopping IP Filter"
 		;;

 	start)
 		if [ ${IPF_START} -eq 1 ] ; then
 			if [ x$pid != x ] ; then
 				kill -TERM $pid
 			fi
 			kmadmin -L ipf
 			set_device_files
 			if [ -r ${IPF_CONF} ]; then
 				BLOCK_DEFAULT=`/sbin/ipf -V | grep Default | \
 					       awk '{print $2}'`
 				if [ x$BLOCK_DEFAULT = "xblock" ] ; then
 					block_default_workaround
 				fi
 				ipf -IFa -f ${IPF_CONF}
 				if [ $? != 0 ]; then
 					echo "$0: load of ${IPF_CONF} into alternate set failed"
 				else
 					ipf -s
 				fi
 			fi
 			if [ -r ${IPNAT_CONF} ]; then
 				ipnat -CF -f ${IPNAT_CONF}
 				if [ $? != 0 ]; then
 					echo "$0: load of ${IPNAT_CONF} failed"
 				fi
 			fi
 			if [ ${IPMON_START} -eq 1 ] ; then
 				ipmon ${IPMON_FLAGS}
 			fi
 		else
 			exit 2
 		fi
 		;;

 	stop)
 		if [ x$pid != x ] ; then
 			kill -TERM $pid
 		fi
 		kmadmin -U ipf
 		;;

 	reload)
 		if [ -r ${IPF_CONF} ]; then
 			ipf -I -Fa -f ${IPF_CONF}
 			if [ $? != 0 ]; then
 				echo "$0: reload of ${IPF_CONF} into alternate set failed"
 			else
 				ipf -s
 			fi
 		fi
 		if [ -r ${IPNAT_CONF} ]; then
 			ipnat -CF -f ${IPNAT_CONF}
 			if [ $? != 0 ]; then
 				echo "$0: reload of ${IPNAT_CONF} failed"
 			fi
 		fi
 		;;

 	setdevs)
 		set_device_files
 		;;

 	*)
 		echo "Usage: $0 (start|stop|reload)" >&2
 		exit 1
 		;;

 esac
 exit 0
	#!/sbin/sh
	#
	PATH=/sbin:/usr/bin:/usr/sbin:/opt/ipf/bin
	#
	pid=`ps -e \| grep ipmon \| awk ' { print $1 } ' -`
	. /etc/rc.config

	block_default_workaround() {
	ipf -F a
	echo "constructing minimal name resolution rules..."
	NAMESERVERS=`cat /etc/resolv.conf \| awk '/nameserver/ {printf "%s ", $2}'`
	for NS in $NAMESERVERS
	do
	IF_TO_NS=`/usr/sbin/route -n get $NS \| awk '/interface/ {print $NF}'`
	IP_TO_NS=any
	echo "pass out quick proto udp from $IP_TO_NS to $NS port = 53 keep state" \| \
	ipf -f -
	done
	}

	set_device_files() {
	input=`kmadmin -Q ipf \| grep 'Character Major'`
	set $input
	major=$3
	/bin/rm -f /dev/ipl /dev/ipnat /dev/ipstate /dev/ipauth
	/bin/rm -f /dev/ipsync /dev/ipscan /dev/iplookup
	mknod /dev/ipl c $major 0
	mknod /dev/ipnat c $major 1
	mknod /dev/ipstate c $major 2
	mknod /dev/ipauth c $major 3
	mknod /dev/ipsync c $major 4
	mknod /dev/ipscan c $major 5
	mknod /dev/iplookup c $major 6
	}

	case "$1" in
	start_msg)
	echo "Starting IP Filter"
	;;

	stop_msg)
	echo "Stopping IP Filter"
	;;

	start)
	if [ ${IPF_START} -eq 1 ] ; then
	if [ x$pid != x ] ; then
	kill -TERM $pid
	fi
	kmadmin -L ipf
	set_device_files
	if [ -r ${IPF_CONF} ]; then
	BLOCK_DEFAULT=`/sbin/ipf -V \| grep Default \| \
	awk '{print $2}'`
	if [ x$BLOCK_DEFAULT = "xblock" ] ; then
	block_default_workaround
	fi
	ipf -IFa -f ${IPF_CONF}
	if [ $? != 0 ]; then
	echo "$0: load of ${IPF_CONF} into alternate set failed"
	else
	ipf -s
	fi
	fi
	if [ -r ${IPNAT_CONF} ]; then
	ipnat -CF -f ${IPNAT_CONF}
	if [ $? != 0 ]; then
	echo "$0: load of ${IPNAT_CONF} failed"
	fi
	fi
	if [ ${IPMON_START} -eq 1 ] ; then
	ipmon ${IPMON_FLAGS}
	fi
	else
	exit 2
	fi
	;;

	stop)
	if [ x$pid != x ] ; then
	kill -TERM $pid
	fi
	kmadmin -U ipf
	;;

	reload)
	if [ -r ${IPF_CONF} ]; then
	ipf -I -Fa -f ${IPF_CONF}
	if [ $? != 0 ]; then
	echo "$0: reload of ${IPF_CONF} into alternate set failed"
	else
	ipf -s
	fi
	fi
	if [ -r ${IPNAT_CONF} ]; then
	ipnat -CF -f ${IPNAT_CONF}
	if [ $? != 0 ]; then
	echo "$0: reload of ${IPNAT_CONF} failed"
	fi
	fi
	;;

	setdevs)
	set_device_files
	;;

	*)
	echo "Usage: $0 (start\|stop\|reload)" >&2
	exit 1
	;;

	esac
	exit 0