1 #!/sbin/sh
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22 #
23 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26
27 . /lib/svc/share/ipf_include.sh
28
29 create_ipf_rules()
30 {
31 FMRI=$1
32 ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
33 nat_file=`fmri_to_file ${FMRI} $NAT_SUFFIX`
34 policy=`get_policy ${FMRI}`
35
36 #
37 # Ftp uses two ports, ftp and ftp-data, see /etc/services which
38 # is why it's necessary to have this custom method.
39 #
40 conn_port=`$SERVINFO -p -t -s ftp 2>/dev/null`
41 data_port=`$SERVINFO -p -t -s ftp-data 2>/dev/null`
42
43 echo "# $FMRI" >$ipf_file
44 generate_rules $FMRI $policy "tcp" "any" $conn_port $ipf_file
45 generate_rules $FMRI $policy "tcp" "any" $data_port $ipf_file
46
47 # Generate a custom NAT rule here to use the ftp-proxy
48 #
49 echo "# $FMRI" >$nat_file
50 echo "rdr * any -> 0/32 proxy port ftp ftp/tcp" >>$nat_file
51 }
52
53 case "$1" in
54 'ipfilter')
55 create_ipf_rules $2
56 ;;
57
58 *)
59 echo "Usage: $0 ipfilter"
60 ;;
61 esac
62 exit 0