core/src/etc/rc.ipfw

#!/bin/sh
#    Copyright (c) 2015 Deciso B.V.
#    All rights reserved.
#
#    Redistribution and use in source and binary forms, with or without
#    modification, are permitted provided that the following conditions are met:
#
#    1. Redistributions of source code must retain the above copyright notice,
#     this list of conditions and the following disclaimer.
#
#    2. Redistributions in binary form must reproduce the above copyright
#     notice, this list of conditions and the following disclaimer in the
#     documentation and/or other materials provided with the distribution.
#
#    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
#    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
#    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
#    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
#    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
#    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
#    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
#    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
#    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
#    POSSIBILITY OF SUCH DAMAGE.

#    script to glue standard ipfw rc scripting to OPNsense ruleset
#    see auto generated file /etc/rc.conf.d/ipfw for details


# sysctl settings
/sbin/sysctl net.inet.ip.dummynet.io_fast=1
/sbin/sysctl net.inet.ip.dummynet.hash_size=256

# reload ipfw rules
/sbin/ipfw -f /usr/local/etc/ipfw.rules

if [ ! -f /tmp/ipfw.firstload ]; then
    # we need to make sure ipfw is loaded as last,
    /sbin/pfctl -d
    /sbin/pfctl -e
    touch /tmp/ipfw.firstload
fi