misc/123119: rc script for ipfw does not handle IPv6

[Kevin at es.net]

>Number:         123119
>Category:       misc
>Synopsis:       rc script for ipfw does not handle IPv6
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Apr 26 19:50:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Kevin Oberman
>Release:        FreeBSD 7.0-STABLE i386
>Organization:
ESnet--The Energy Sciences Network
>Environment:
System: FreeBSD slan.es.net 7.0-STABLE FreeBSD 7.0-STABLE #0: Fri Apr 25 11:32:19 PDT 2008 root at slan.es.net:/usr/obj/usr/src/sys/IBM-T43 i386


	
>Description:
	/etc/rc.d/ipfw only sets and clears the sysctl to enable or disable
       IPv4. A check for ipv6_eanble and the IPv6 sysctl need to be added.
>How-To-Repeat:
       On a system running IPv6 and IPv4, stop IPFW. It only stops for IPv4
>Fix:
There might be better ways to check on IPv6, but this was the obvious one.

# diff -u ipfw.orig ipfw
--- ipfw.orig	2008-04-26 12:34:16.000000000 -0700
+++ ipfw	2008-04-25 15:39:41.000000000 -0700
@@ -44,6 +44,9 @@
 	# Enable the firewall
 	#
 	${SYSCTL_W} net.inet.ip.fw.enable=1
+	if checkyesno ipv6_enable; then
+		sysctl net.inet6.ip6.fw.enable=1 >/dev/null
+	fi
 }
 
 ipfw_stop()
@@ -51,6 +54,10 @@
 	# Disable the firewall
 	#
 	${SYSCTL_W} net.inet.ip.fw.enable=0
+	if checkyesno ipv6_enable; then
+		sysctl net.inet6.ip6.fw.enable=0
+	fi
+
 	if [ -f /etc/rc.d/natd ] ; then
 		/etc/rc.d/natd stop
 	fi
@@ -58,4 +65,3 @@
 
 load_rc_config $name
 run_rc_command "$1"

	


>Release-Note:
>Audit-Trail:
>Unformatted: