diff options
Diffstat (limited to 'sbin/init/rc.d/ipfw_netflow')
| -rwxr-xr-x | sbin/init/rc.d/ipfw_netflow | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/sbin/init/rc.d/ipfw_netflow b/sbin/init/rc.d/ipfw_netflow new file mode 100755 index 000000000000..b9523db9eb5a --- /dev/null +++ b/sbin/init/rc.d/ipfw_netflow @@ -0,0 +1,77 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfw_netflow +# REQUIRE: ipfw +# KEYWORD: nojailvnet + +. /etc/rc.subr +. /etc/network.subr + +name="ipfw_netflow" +desc="firewall, ipfw, netflow" +rcvar="${name}_enable" +start_cmd="${name}_start" +stop_cmd="${name}_stop" +start_precmd="${name}_test" +status_cmd="${name}_status" +required_modules="ipfw ng_netflow ng_ipfw" +extra_commands="status" + +: ${ipfw_netflow_hook:=9995} +: ${ipfw_netflow_rule:=01000} +: ${ipfw_netflow_ip:=127.0.0.1} +: ${ipfw_netflow_port:=9995} +: ${ipfw_netflow_version:=} + +ipfw_netflow_test() +{ + if [ "${ipfw_netflow_version}" != "" ] && [ "${ipfw_netflow_version}" != 9 ]; then + err 1 "Unknown netflow version \'${ipfw_netflow_version}\'" + fi + case "${ipfw_netflow_hook}" in + [!0-9]*) + err 1 "Bad value \"${ipfw_netflow_hook}\": Hook must be numerical" + esac + case "${ipfw_netflow_rule}" in + [!0-9]*) + err 1 "Bad value \"${ipfw_netflow_rule}\": Rule number must be numerical" + esac +} + +ipfw_netflow_is_running() +{ + ngctl show netflow: > /dev/null 2>&1 && return 0 || return 1 +} + +ipfw_netflow_status() +{ + ipfw_netflow_is_running && echo "ipfw_netflow is active" || echo "ipfw_netflow is not active" +} + +ipfw_netflow_start() +{ + ipfw_netflow_is_running && err 1 "ipfw_netflow is already active" + ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any ${ipfw_netflow_fib:+fib ${ipfw_netflow_fib}} + ngctl -f - <<-EOF + mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0 + name ipfw:${ipfw_netflow_hook} netflow + mkpeer netflow: ksocket export${ipfw_netflow_version} inet/dgram/udp + msg netflow: setdlt {iface=0 dlt=12} + name netflow:export${ipfw_netflow_version} netflow_export + msg netflow:export${ipfw_netflow_version} connect inet/${ipfw_netflow_ip}:${ipfw_netflow_port} +EOF +} + +ipfw_netflow_stop() +{ + ipfw_netflow_is_running || err 1 "ipfw_netflow is not active" + ngctl shutdown netflow: + ipfw delete ${ipfw_netflow_rule} +} + +load_rc_config $name + +run_rc_command $* |