HardenedBSD/etc/rc.d/ipsec
Doug Barton e3c46a3332 Remove $NetBSD$ CVS tags. We no longer attempt to synch our rc.d files
with theirs, so this information doesn't need to be in the live file.
Having it in our CVS history is enough.
2007-12-08 07:20:23 +00:00

60 lines
1.0 KiB
Bash
Executable File

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: ipsec
# REQUIRE: FILESYSTEMS
# BEFORE: DAEMON mountcritremote
# KEYWORD: nojail
. /etc/rc.subr
name="ipsec"
rcvar=`set_rcvar`
start_precmd="ipsec_prestart"
start_cmd="ipsec_start"
stop_precmd="test -f $ipsec_file"
stop_cmd="ipsec_stop"
reload_cmd="ipsec_reload"
extra_commands="reload"
ipsec_program="/sbin/setkey"
# ipsec_file is set by rc.conf
ipsec_prestart()
{
if [ ! -f "$ipsec_file" ]; then
warn "$ipsec_file not readable; ipsec start aborted."
stop_boot
return 1
fi
return 0
}
ipsec_start()
{
echo "Installing ipsec manual keys/policies."
${ipsec_program} -f $ipsec_file
}
ipsec_stop()
{
echo "Clearing ipsec manual keys/policies."
# still not 100% sure if we would like to do this.
# it is very questionable to do this during shutdown session, since
# it can hang any of remaining IPv4/v6 session.
#
${ipsec_program} -F
${ipsec_program} -FP
}
ipsec_reload()
{
echo "Reloading ipsec manual keys/policies."
${ipsec_program} -f "$ipsec_file"
}
load_rc_config $name
run_rc_command "$1"