xref: /freebsd/libexec/rc/rc.d/ipfw_netflow (revision 037479ff5ee18977b1c48e1e59770aad2f200a5a)
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: ipfw_netflow
7# REQUIRE: ipfw
8# KEYWORD: nojailvnet
9
10. /etc/rc.subr
11. /etc/network.subr
12
13name="ipfw_netflow"
14desc="firewall, ipfw, netflow"
15rcvar="${name}_enable"
16start_cmd="${name}_start"
17stop_cmd="${name}_stop"
18start_precmd="${name}_test"
19status_cmd="${name}_status"
20required_modules="ipfw ng_netflow ng_ipfw"
21extra_commands="status"
22
23: ${ipfw_netflow_hook:=9995}
24: ${ipfw_netflow_rule:=01000}
25: ${ipfw_netflow_ip:=127.0.0.1}
26: ${ipfw_netflow_port:=9995}
27: ${ipfw_netflow_version:=}
28
29ipfw_netflow_test()
30{
31    if [ "${ipfw_netflow_version}" != "" ] && [ "${ipfw_netflow_version}" != 9 ]; then
32	err 1 "Unknown netflow version \'${ipfw_netflow_version}\'"
33    fi
34    case "${ipfw_netflow_hook}" in
35	[!0-9]*)
36	    err 1 "Bad value \"${ipfw_netflow_hook}\": Hook must be numerical"
37    esac
38    case "${ipfw_netflow_rule}" in
39	[!0-9]*)
40	    err 1 "Bad value \"${ipfw_netflow_rule}\": Rule number must be numerical"
41    esac
42}
43
44ipfw_netflow_is_running()
45{
46	ngctl show netflow: > /dev/null 2>&1 && return 0 || return 1
47}
48
49ipfw_netflow_status()
50{
51	ipfw_netflow_is_running && echo "ipfw_netflow is active" || echo "ipfw_netflow is not active"
52}
53
54ipfw_netflow_start()
55{
56	ipfw_netflow_is_running && err 1 "ipfw_netflow is already active"
57	ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any ${ipfw_netflow_fib:+fib ${ipfw_netflow_fib}}
58	ngctl -f - <<-EOF
59	mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0
60	name ipfw:${ipfw_netflow_hook} netflow
61	mkpeer netflow: ksocket export${ipfw_netflow_version} inet/dgram/udp
62	msg netflow: setdlt {iface=0 dlt=12}
63	name netflow:export${ipfw_netflow_version} netflow_export
64	msg netflow:export${ipfw_netflow_version} connect inet/${ipfw_netflow_ip}:${ipfw_netflow_port}
65EOF
66}
67
68ipfw_netflow_stop()
69{
70    ipfw_netflow_is_running || err 1 "ipfw_netflow is not active"
71    ngctl shutdown netflow:
72    ipfw delete ${ipfw_netflow_rule}
73}
74
75load_rc_config $name
76
77run_rc_command $*
78