mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-30 15:38:06 +01:00
e3c46a3332
with theirs, so this information doesn't need to be in the live file. Having it in our CVS history is enough.
60 lines
1.0 KiB
Bash
Executable File
60 lines
1.0 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: ipsec
|
|
# REQUIRE: FILESYSTEMS
|
|
# BEFORE: DAEMON mountcritremote
|
|
# KEYWORD: nojail
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="ipsec"
|
|
rcvar=`set_rcvar`
|
|
start_precmd="ipsec_prestart"
|
|
start_cmd="ipsec_start"
|
|
stop_precmd="test -f $ipsec_file"
|
|
stop_cmd="ipsec_stop"
|
|
reload_cmd="ipsec_reload"
|
|
extra_commands="reload"
|
|
ipsec_program="/sbin/setkey"
|
|
# ipsec_file is set by rc.conf
|
|
|
|
ipsec_prestart()
|
|
{
|
|
if [ ! -f "$ipsec_file" ]; then
|
|
warn "$ipsec_file not readable; ipsec start aborted."
|
|
stop_boot
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
ipsec_start()
|
|
{
|
|
echo "Installing ipsec manual keys/policies."
|
|
${ipsec_program} -f $ipsec_file
|
|
}
|
|
|
|
ipsec_stop()
|
|
{
|
|
echo "Clearing ipsec manual keys/policies."
|
|
|
|
# still not 100% sure if we would like to do this.
|
|
# it is very questionable to do this during shutdown session, since
|
|
# it can hang any of remaining IPv4/v6 session.
|
|
#
|
|
${ipsec_program} -F
|
|
${ipsec_program} -FP
|
|
}
|
|
|
|
ipsec_reload()
|
|
{
|
|
echo "Reloading ipsec manual keys/policies."
|
|
${ipsec_program} -f "$ipsec_file"
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|