1#!/sbin/sh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24# Use is subject to license terms. 25# 26 27. /lib/svc/share/smf_include.sh 28 29PATH=${PATH}:/usr/sbin:/usr/lib/ipf 30PIDFILE=/var/run/ipmon.pid 31IPFILCONF=/etc/ipf/ipf.conf 32IP6FILCONF=/etc/ipf/ipf6.conf 33IPNATCONF=/etc/ipf/ipnat.conf 34IPPOOLCONF=/etc/ipf/ippool.conf 35PFILCHECKED=no 36 37zone=`smf_zonename` 38ipfid=`/usr/sbin/modinfo 2>&1 | awk '/ipf/ { print $1 } ' - 2>/dev/null` 39if [ -f $PIDFILE ] ; then 40 pid=`cat $PIDFILE 2>/dev/null` 41else 42 pid=`pgrep -z $zone ipmon` 43fi 44 45logmsg() 46{ 47 logger -p daemon.warning -t ipfilter "$1" 48 echo "$1" >&2 49} 50 51load_ipf() { 52 bad=0 53 if [ -r ${IPFILCONF} ]; then 54 ipf -IFa -f ${IPFILCONF} 55 if [ $? != 0 ]; then 56 echo "$0: load of ${IPFILCONF} into alternate set failed" 57 bad=1 58 fi 59 fi 60 if [ -r ${IP6FILCONF} ]; then 61 ipf -6IFa -f ${IP6FILCONF} 62 if [ $? != 0 ]; then 63 echo "$0: load of ${IP6FILCONF} into alternate set failed" 64 bad=1 65 fi 66 fi 67 if [ $bad -eq 0 ] ; then 68 ipf -s -y 69 return 0 70 else 71 echo "Not switching config due to load error." 72 return 1 73 fi 74} 75 76 77load_ipnat() { 78 if [ -r ${IPNATCONF} ]; then 79 ipnat -CF -f ${IPNATCONF} 80 if [ $? != 0 ]; then 81 echo "$0: load of ${IPNATCONF} failed" 82 return 1 83 else 84 ipf -y 85 return 0 86 fi 87 else 88 return 0 89 fi 90} 91 92 93load_ippool() { 94 if [ -r ${IPPOOLCONF} ]; then 95 ippool -F 96 ippool -f ${IPPOOLCONF} 97 if [ $? != 0 ]; then 98 echo "$0: load of ${IPPOOLCONF} failed" 99 return 1 100 else 101 return 0 102 fi 103 else 104 return 0 105 fi 106} 107 108 109case "$1" in 110 start) 111 [ ! -f ${IPFILCONF} -a ! -f ${IPNATCONF} ] && exit 0 112 ipf -E 113 [ -n "$pid" ] && kill -TERM $pid 114 if load_ippool && load_ipf && load_ipnat ; then 115 /usr/sbin/ipmon -Ds 116 else 117 exit $SMF_EXIT_ERR_CONFIG 118 fi 119 ;; 120 121 stop) 122 [ -n "$pid" ] && kill -TERM $pid 123 ipf -D 124 [ -n "$ipfid" ] && modunload -i $ipfid 125 ;; 126 127 pause) 128 ipfs -l 129 ipfs -d /var/db/ipf -W 130 ipf -D 131 if [ -f $PIDFILE ] ; then 132 if kill -0 $pid; then 133 kill -TERM $pid 134 else 135 cp /dev/null $PIDFILE 136 fi 137 fi 138 ;; 139 140 resume) 141 ipf -E 142 ipfs -R 143 load_ippool 144 load_ipf 145 load_ipnat 146 if [ -f $PIDFILE -a -n "$pid" ] ; then 147 /usr/sbin/ipmon -Ds 148 fi 149 ;; 150 151 reload) 152 load_ippool 153 load_ipf 154 load_ipnat 155 ;; 156 157 reipf) 158 load_ipf 159 ;; 160 161 reipnat) 162 load_ipnat 163 ;; 164 165 *) 166 echo "Usage: $0 \c" >&2 167 echo "(start|stop|reload|reipf|reipnat|pause|resume)" >&2 168 exit 1 169 ;; 170 171esac 172exit $SMF_EXIT_OK 173