rc.ipfw 1.76 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
#!/bin/sh
#    Copyright (c) 2015 Deciso B.V.
#    All rights reserved.
#
#    Redistribution and use in source and binary forms, with or without
#    modification, are permitted provided that the following conditions are met:
#
#    1. Redistributions of source code must retain the above copyright notice,
#     this list of conditions and the following disclaimer.
#
#    2. Redistributions in binary form must reproduce the above copyright
#     notice, this list of conditions and the following disclaimer in the
#     documentation and/or other materials provided with the distribution.
#
#    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
#    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
#    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
#    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
#    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
#    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
#    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
#    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
#    POSSIBILITY OF SUCH DAMAGE.

#    script to glue standard ipfw rc scripting to OPNsense ruleset
#    see auto generated file /etc/rc.conf.d/ipfw for details

29

Ad Schellevis's avatar
Ad Schellevis committed
30 31 32 33
# sysctl settings
/sbin/sysctl net.inet.ip.dummynet.io_fast=1
/sbin/sysctl net.inet.ip.dummynet.hash_size=256

34 35
# reload ipfw rules
/sbin/ipfw -f /usr/local/etc/ipfw.rules
36 37 38 39 40 41 42

if [ ! -f /tmp/ipfw.firstload ]; then
    # we need to make sure ipfw is loaded as last,
    /sbin/pfctl -d
    /sbin/pfctl -e
    touch /tmp/ipfw.firstload
fi