| #!/bin/sh |
| # |
| # Copyright (C) 2007 by Darren Reed. |
| # |
| # See the IPFILTER.LICENCE file for details on licencing. |
| # |
| prog=$0 |
| |
| RCD=/etc/rc.conf.d |
| |
| # This script is an interface to the following rc.d scripts: |
| # /etc/rc.d/ipfilter |
| # /etc/rc.d/ipfs |
| # /etc/rc.d/ipnat |
| # /etc/rc.d/ipmon |
| |
| running=`ipf -V 2>/dev/null|sed -ne 's/Running: \(.*\)/\1/p'` |
| |
| usage() { |
| echo "$prog status" |
| echo "$prog ipfilter <enable|disable|reload|resync|start|status|stop>" |
| echo "$prog ipfs <enable|disable|status|start|stop>" |
| echo "$prog ipmon <enable|disable|restart|start|status|stop>" |
| echo "$prog ipnat <enable|disable|reload|start|status|stop>" |
| exit 1 |
| } |
| |
| enable() { |
| old=${RCD}/$1.old |
| new=${RCD}/$1 |
| mkdir ${RCD}/$1.d |
| if [ $? -eq 0 ] ; then |
| if [ -f ${RCD}/$1 ] ; then |
| cp ${RCD}/$1 ${RCD}/$1.old |
| sed -e "s/^${1} *\=.*/${1}\=YES/" ${old} > ${new} |
| /bin/rm ${old} |
| else |
| echo "$1=YES" > ${RCD}/$1 |
| chmod go-wx ${RCD}/$1 |
| fi |
| rmdir ${RCD}/$1.d |
| fi |
| } |
| |
| disable() { |
| old=${RCD}/$1.old |
| new=${RCD}/$1 |
| mkdir ${RCD}/$1.d |
| if [ $? -eq 0 ] ; then |
| if [ -f ${RCD}/$1 ] ; then |
| cp ${RCD}/$1 ${RCD}/$1.old |
| sed -e "s/^${1} *\=.*/${1}\=NO/" ${old} > ${new} |
| /bin/rm ${old} |
| else |
| echo "$1=NO" > ${RCD}/$1 |
| chmod go-wx ${RCD}/$1 |
| fi |
| rmdir ${RCD}/$1.d |
| fi |
| } |
| |
| status() { |
| active=`/etc/rc.d/$1 rcvar|sed -ne "s/^$""${1}\=\(.*\)$/\1/p"` |
| case $active in |
| NO) |
| return 0 |
| ;; |
| YES) |
| return 1 |
| ;; |
| esac |
| return 2 |
| } |
| |
| status_ipmon() { |
| echo -n "ipmon " |
| pid=`pgrep ipmon` |
| status ipmon |
| case $? in |
| 0) |
| if [ -n "$pid" ] ; then |
| echo "disabled-but-running" |
| else |
| echo "disabled" |
| fi |
| ;; |
| 1) |
| if [ -n "$pid" ] ; then |
| echo "enabled" |
| else |
| echo "enabled-not-running" |
| fi |
| ;; |
| 2) |
| if [ -n "$pid" ] ; then |
| echo "unknown-state-running" |
| else |
| echo "unknown-state" |
| fi |
| ;; |
| esac |
| } |
| |
| status_ipfilter() { |
| if [ -z "$running" ] ; then |
| rules= |
| emsg="-not-in-kernel" |
| dmsg= |
| else |
| case $running in |
| yes) |
| emsg= |
| dmsg="-rules-loaded" |
| rules=`ipfstat -io 2>/dev/null` |
| if [ -z "$rules" ] ; then |
| rules=`ipfstat -aio 2>/dev/null` |
| if [ -z "$rules" ] ; then |
| emsg="-no-rules" |
| dmsg= |
| fi |
| fi |
| ;; |
| no) |
| rules= |
| emsg="-not-running" |
| dmsg= |
| ;; |
| esac |
| fi |
| |
| echo -n "ipfilter " |
| status ipfilter |
| case $? in |
| 0) |
| echo "disabled${dmsg}" |
| ;; |
| 1) |
| echo "enabled${emsg}" |
| ;; |
| 2) |
| if [ -n "$rules" ] ; then |
| echo "unknown${dmsg}" |
| else |
| echo "unknown-state" |
| fi |
| ;; |
| esac |
| } |
| |
| status_ipnat() { |
| if [ -z "$running" ] ; then |
| rules= |
| emsg="-not-in-kernel" |
| dmsg= |
| else |
| case $running in |
| yes) |
| emsg= |
| dmsg="-rules-loaded" |
| rules=`ipnat -l 2>/dev/null | egrep '^map|rdr' 2>/dev/null` |
| if [ -z "$rules" ] ; then |
| emsg="-no-rules" |
| dmsg= |
| fi |
| ;; |
| no) |
| rules= |
| emsg="-not-running" |
| dmsg= |
| ;; |
| esac |
| fi |
| |
| echo -n "ipnat " |
| status ipnat |
| case $? in |
| 0) |
| echo "disabled${dmsg}" |
| ;; |
| 1) |
| echo "enabled${dmsg}" |
| ;; |
| 2) |
| if [ -n "$rules" ] ; then |
| echo "unknown${dmsg}" |
| else |
| echo "unknown-state" |
| fi |
| ;; |
| esac |
| } |
| |
| status_ipfs() { |
| status ipfs |
| report ipfs $? |
| } |
| |
| report() { |
| echo -n "$1 " |
| case $2 in |
| 0) |
| echo "disabled" |
| ;; |
| 1) |
| echo "enabled" |
| ;; |
| 2) |
| echo "unknown-status" |
| ;; |
| *) |
| echo "$2" |
| ;; |
| esac |
| } |
| |
| do_ipfilter() { |
| case $1 in |
| enable) |
| enable ipfilter |
| ;; |
| disable) |
| disable ipfilter |
| ;; |
| reload) |
| /etc/rc.d/ipfilter reload |
| ;; |
| resync) |
| /etc/rc.d/ipfilter resync |
| ;; |
| start) |
| /etc/rc.d/ipfilter start |
| ;; |
| status) |
| status_ipfilter |
| ;; |
| stop) |
| /etc/rc.d/ipfilter stop |
| ;; |
| *) |
| usage |
| ;; |
| esac |
| } |
| |
| do_ipfs() { |
| case $1 in |
| enable) |
| enable ipfs |
| ;; |
| disable) |
| disble ipfs |
| ;; |
| start) |
| /etc/rc.d/ipfs start |
| ;; |
| status) |
| status_ipfs |
| ;; |
| stop) |
| /etc/rc.d/ipfs stop |
| ;; |
| *) |
| usage |
| ;; |
| esac |
| } |
| |
| do_ipmon() { |
| case $1 in |
| enable) |
| enable ipmon |
| ;; |
| disable) |
| disble ipmon |
| ;; |
| restart) |
| /etc/rc.d/ipmon restart |
| ;; |
| start) |
| /etc/rc.d/ipmon start |
| ;; |
| status) |
| status_ipmon |
| ;; |
| stop) |
| /etc/rc.d/ipmon stop |
| ;; |
| *) |
| usage |
| ;; |
| esac |
| } |
| |
| do_ipnat() { |
| case $1 in |
| enable) |
| enable ipnat |
| ;; |
| disable) |
| disable ipnat |
| ;; |
| reload) |
| /etc/rc.d/ipnat reload |
| ;; |
| restart) |
| /etc/rc.d/ipnat restart |
| ;; |
| start) |
| /etc/rc.d/ipnat start |
| ;; |
| status) |
| status_ipnat |
| ;; |
| stop) |
| /etc/rc.d/ipnat stop |
| ;; |
| *) |
| usage |
| ;; |
| esac |
| } |
| |
| do_status_all() { |
| status_ipfilter |
| status_ipfs |
| status_ipmon |
| status_ipnat |
| } |
| |
| case $1 in |
| status) |
| do_status_all |
| ;; |
| ipfilter) |
| do_ipfilter $2 |
| ;; |
| ipfs) |
| do_ipfs $2 |
| ;; |
| ipmon) |
| do_ipmon $2 |
| ;; |
| ipnat) |
| do_ipnat $2 |
| ;; |
| *) |
| usage |
| ;; |
| esac |
| exit 0 |