HardenedBSD/etc/rc.d/natd
Kristof Provost 2ca5f390c4 Allow more services to run in vnet jails
After some tests, here are the services that run into a vnet jail:
  - defaultroute
  - dhclient
  - ip6addrctl
  - natd
  - pf
  - pfsync
  - pflog (deamon runs, pflog0 interface usable, but /var/log/pflog not filled)
  - rarpd
  - route6d (do nothing anyway because obsolete)
  - routed (do nothing anyway because obsolete)
  - rtsold
  - static_arp
  - static_ndp

PR:		220530
Submitted by:	olivier@freebsd.org
2017-07-08 09:28:31 +00:00

45 lines
762 B
Bash
Executable File

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: natd
# KEYWORD: nostart nojailvnet
. /etc/rc.subr
. /etc/network.subr
name="natd"
desc="Network Address Translation daemon"
rcvar="natd_enable"
command="/sbin/${name}"
pidfile="/var/run/${name}.pid"
start_precmd="natd_precmd"
required_modules="ipdivert"
natd_precmd()
{
if [ -n "${natd_interface}" ]; then
dhcp_list="`list_net_interfaces dhcp`"
for ifn in ${dhcp_list}; do
case "${natd_interface}" in
${ifn})
rc_flags="$rc_flags -dynamic"
;;
esac
done
if echo "${natd_interface}" | \
grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
rc_flags="$rc_flags -a ${natd_interface}"
else
rc_flags="$rc_flags -n ${natd_interface}"
fi
fi
return 0
}
load_rc_config $name
run_rc_command "$1"