1#!/bin/sh 2# 3# 4 5# PROVIDE: ipsec 6# REQUIRE: FILESYSTEMS 7# BEFORE: DAEMON mountcritremote 8# KEYWORD: nojailvnet 9 10. /etc/rc.subr 11 12name="ipsec" 13desc="Internet Protocol Security protocol" 14rcvar="ipsec_enable" 15start_precmd="ipsec_prestart" 16start_cmd="ipsec_start" 17stop_precmd="test -f $ipsec_file" 18stop_cmd="ipsec_stop" 19reload_cmd="ipsec_reload" 20extra_commands="reload" 21ipsec_program="/sbin/setkey" 22required_modules="ipsec" 23# ipsec_file is set by rc.conf 24 25ipsec_prestart() 26{ 27 if [ ! -f "$ipsec_file" ]; then 28 warn "$ipsec_file not readable; ipsec start aborted." 29 stop_boot 30 return 1 31 fi 32 return 0 33} 34 35ipsec_start() 36{ 37 echo "Installing ipsec manual keys/policies." 38 ${ipsec_program} -f $ipsec_file 39} 40 41ipsec_stop() 42{ 43 echo "Clearing ipsec manual keys/policies." 44 45 # Still not 100% sure if we would like to do this. 46 # It is very questionable to do this during shutdown session 47 # since it can hang any of the remaining IPv4/v6 sessions. 48 # 49 ${ipsec_program} -F 50 ${ipsec_program} -FP 51} 52 53ipsec_reload() 54{ 55 echo "Reloading ipsec manual keys/policies." 56 ${ipsec_program} -f "$ipsec_file" 57} 58 59load_rc_config $name 60 61# doesn't make sense to run in a svcj: config setting 62ipsec_svcj="NO" 63 64run_rc_command "$1" 65