| author | Vitaliy Gusev <gusev.vitaliy@nexenta.com> |
| Tue, 05 Jun 2012 10:19:22 -0700 | |
| changeset 13711 | 0765d0ec4e2a |
| parent 13092 | fcc1e406c13f |
| child 13714 | e2f6dabb84ef |
| permissions | -rw-r--r-- |
| 0 | 1 |
#!/sbin/sh |
2 |
# |
|
3 |
# CDDL HEADER START |
|
4 |
# |
|
5 |
# The contents of this file are subject to the terms of the |
|
| 1573 | 6 |
# Common Development and Distribution License (the "License"). |
7 |
# You may not use this file except in compliance with the License. |
|
| 0 | 8 |
# |
9 |
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
10 |
# or http://www.opensolaris.org/os/licensing. |
|
11 |
# See the License for the specific language governing permissions |
|
12 |
# and limitations under the License. |
|
13 |
# |
|
14 |
# When distributing Covered Code, include this CDDL HEADER in each |
|
15 |
# file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
16 |
# If applicable, add the following below this CDDL HEADER, with the |
|
17 |
# fields enclosed by brackets "[]" replaced with your own identifying |
|
18 |
# information: Portions Copyright [yyyy] [name of copyright owner] |
|
19 |
# |
|
20 |
# CDDL HEADER END |
|
21 |
# |
|
22 |
# |
|
|
13092
fcc1e406c13f
6975309 PSARC2007_393 Move /etc/default/{nfs/autofs} parameters to SMF
Pavan Mettu - Oracle Corporation - Menlo Park United States <Pavan.Mettu@Oracle.COM>
parents:
8823
diff
changeset
|
23 |
# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. |
|
13711
0765d0ec4e2a
2614 nfs logging works incorrectly
Vitaliy Gusev <gusev.vitaliy@nexenta.com>
parents:
13092
diff
changeset
|
24 |
# Copyright 2012 Nexenta Systems, Inc. All rights reserved. |
| 0 | 25 |
# |
26 |
||
27 |
# Start/stop processes required for server NFS |
|
28 |
||
29 |
. /lib/svc/share/smf_include.sh |
|
|
8823
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
30 |
. /lib/svc/share/ipf_include.sh |
| 1573 | 31 |
zone=`smf_zonename` |
| 0 | 32 |
|
|
8823
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
33 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
34 |
# Handling a corner case here. If we were in offline state due to an |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
35 |
# unsatisfied dependency, the ipf_method process wouldn't have generated |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
36 |
# the ipfilter configuration. When we transition to online because the |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
37 |
# dependency is satisfied, the start method will have to generate the |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
38 |
# ipfilter configuration. To avoid all possible deadlock scenarios, |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
39 |
# we restart ipfilter which will regenerate the ipfilter configuration |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
40 |
# for the entire system. |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
41 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
42 |
# The ipf_method process signals that it didn't generate ipf rules by |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
43 |
# removing the service's ipf file. Thus we only restart network/ipfilter |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
44 |
# when the file is missing. |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
45 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
46 |
configure_ipfilter() |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
47 |
{
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
48 |
ipfile=`fmri_to_file $SMF_FMRI $IPF_SUFFIX` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
49 |
[ -f "$ipfile" ] && return 0 |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
50 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
51 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
52 |
# Nothing to do if: |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
53 |
# - ipfilter isn't online |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
54 |
# - global policy is 'custom' |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
55 |
# - service's policy is 'use_global' |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
56 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
57 |
service_check_state $IPF_FMRI $SMF_ONLINE || return 0 |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
58 |
[ "`get_global_def_policy`" = "custom" ] && return 0 |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
59 |
[ "`get_policy $SMF_FMRI`" = "use_global" ] && return 0 |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
60 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
61 |
svcadm restart $IPF_FMRI |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
62 |
} |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
63 |
|
| 0 | 64 |
case "$1" in |
65 |
'start') |
|
66 |
# The NFS server is not supported in a local zone |
|
| 1573 | 67 |
if smf_is_nonglobalzone; then |
|
330
7bb3a56921ae
6207451 Rebooting does not share the FS in Solaris 10
thurlow
parents:
0
diff
changeset
|
68 |
/usr/sbin/svcadm disable -t svc:/network/nfs/server |
| 0 | 69 |
echo "The NFS server is not supported in a local zone" |
70 |
sleep 5 & |
|
71 |
exit $SMF_EXIT_OK |
|
72 |
fi |
|
73 |
||
| 3034 | 74 |
# Share all file systems enabled for sharing. sharemgr understands |
75 |
# regular shares and ZFS shares and will handle both. Technically, |
|
76 |
# the shares would have been started long before getting here since |
|
77 |
# nfsd has a dependency on them. |
|
| 0 | 78 |
|
79 |
startnfsd=0 |
|
80 |
||
| 3034 | 81 |
# restart stopped shares from the repository |
82 |
/usr/sbin/sharemgr start -P nfs -a |
|
| 789 | 83 |
|
84 |
# Start up mountd and nfsd if anything is exported. |
|
85 |
||
| 0 | 86 |
if /usr/bin/grep -s nfs /etc/dfs/sharetab >/dev/null; then |
87 |
startnfsd=1 |
|
88 |
fi |
|
89 |
||
|
3377
a2fa338530c1
6393525 vdev_reopen() should verify that it's still the same device
eschrock
parents:
3034
diff
changeset
|
90 |
# If auto-enable behavior is disabled, always start nfsd |
|
a2fa338530c1
6393525 vdev_reopen() should verify that it's still the same device
eschrock
parents:
3034
diff
changeset
|
91 |
|
|
a2fa338530c1
6393525 vdev_reopen() should verify that it's still the same device
eschrock
parents:
3034
diff
changeset
|
92 |
if [ `svcprop -p application/auto_enable nfs/server` = "false" ]; then |
|
a2fa338530c1
6393525 vdev_reopen() should verify that it's still the same device
eschrock
parents:
3034
diff
changeset
|
93 |
startnfsd=1 |
|
a2fa338530c1
6393525 vdev_reopen() should verify that it's still the same device
eschrock
parents:
3034
diff
changeset
|
94 |
fi |
|
a2fa338530c1
6393525 vdev_reopen() should verify that it's still the same device
eschrock
parents:
3034
diff
changeset
|
95 |
|
|
13092
fcc1e406c13f
6975309 PSARC2007_393 Move /etc/default/{nfs/autofs} parameters to SMF
Pavan Mettu - Oracle Corporation - Menlo Park United States <Pavan.Mettu@Oracle.COM>
parents:
8823
diff
changeset
|
96 |
# Options for nfsd are now set in SMF |
| 0 | 97 |
if [ $startnfsd -ne 0 ]; then |
98 |
/usr/lib/nfs/mountd |
|
|
6859
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
99 |
rc=$? |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
100 |
if [ $rc != 0 ]; then |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
101 |
/usr/sbin/svcadm mark -t maintenance svc:/network/nfs/server |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
102 |
echo "$0: mountd failed with $rc" |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
103 |
sleep 5 & |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
104 |
exit $SMF_EXIT_ERR_FATAL |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
105 |
fi |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
106 |
|
| 0 | 107 |
/usr/lib/nfs/nfsd |
|
6859
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
108 |
rc=$? |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
109 |
if [ $rc != 0 ]; then |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
110 |
/usr/sbin/svcadm mark -t maintenance svc:/network/nfs/server |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
111 |
echo "$0: nfsd failed with $rc" |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
112 |
sleep 5 & |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
113 |
exit $SMF_EXIT_ERR_FATAL |
|
6e6aa02c10f0
6691702 nfsd startup is full of silent failure modes
th199096
parents:
3957
diff
changeset
|
114 |
fi |
|
8823
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
115 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
116 |
configure_ipfilter |
| 0 | 117 |
else |
|
330
7bb3a56921ae
6207451 Rebooting does not share the FS in Solaris 10
thurlow
parents:
0
diff
changeset
|
118 |
/usr/sbin/svcadm disable -t svc:/network/nfs/server |
| 0 | 119 |
echo "No NFS filesystems are shared" |
120 |
sleep 5 & |
|
121 |
fi |
|
122 |
||
123 |
;; |
|
124 |
||
|
330
7bb3a56921ae
6207451 Rebooting does not share the FS in Solaris 10
thurlow
parents:
0
diff
changeset
|
125 |
'refresh') |
| 3034 | 126 |
/usr/sbin/sharemgr start -P nfs -a |
|
330
7bb3a56921ae
6207451 Rebooting does not share the FS in Solaris 10
thurlow
parents:
0
diff
changeset
|
127 |
;; |
|
7bb3a56921ae
6207451 Rebooting does not share the FS in Solaris 10
thurlow
parents:
0
diff
changeset
|
128 |
|
| 0 | 129 |
'stop') |
130 |
/usr/bin/pkill -x -u 0,1 -z $zone '(nfsd|mountd)' |
|
131 |
||
| 3034 | 132 |
# Unshare all shared file systems using NFS |
| 789 | 133 |
|
| 3034 | 134 |
/usr/sbin/sharemgr stop -P nfs -a |
| 0 | 135 |
|
136 |
# Kill any processes left in service contract |
|
137 |
smf_kill_contract $2 TERM 1 |
|
138 |
[ $? -ne 0 ] && exit 1 |
|
139 |
;; |
|
|
330
7bb3a56921ae
6207451 Rebooting does not share the FS in Solaris 10
thurlow
parents:
0
diff
changeset
|
140 |
|
|
8823
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
141 |
'ipfilter') |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
142 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
143 |
# NFS related services are RPC. nfs/server has nfsd which has |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
144 |
# well-defined port number but mountd is an RPC daemon. |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
145 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
146 |
# Essentially, we generate rules for the following "services" |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
147 |
# - nfs/server which has nfsd and mountd |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
148 |
# - nfs/rquota |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
149 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
150 |
# The following services are enabled for both nfs client and |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
151 |
# server so we'll treat them as client services and simply |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
152 |
# allow incoming traffic. |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
153 |
# - nfs/status |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
154 |
# - nfs/nlockmgr |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
155 |
# - nfs/cbd |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
156 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
157 |
NFS_FMRI="svc:/network/nfs/server:default" |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
158 |
RQUOTA_FMRI="svc:/network/nfs/rquota:default" |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
159 |
FMRI=$2 |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
160 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
161 |
file=`fmri_to_file $FMRI $IPF_SUFFIX` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
162 |
echo "# $FMRI" >$file |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
163 |
policy=`get_policy $NFS_FMRI` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
164 |
ip="any" |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
165 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
166 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
167 |
# nfs/server configuration is processed in the start method. |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
168 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
169 |
if [ "$FMRI" = "$NFS_FMRI" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
170 |
service_check_state $FMRI $SMF_ONLINE |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
171 |
if [ $? -ne 0 ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
172 |
rm $file |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
173 |
exit $SMF_EXIT_OK |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
174 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
175 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
176 |
nfs_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
177 |
tport=`$SERVINFO -p -t -s $nfs_name 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
178 |
if [ -n "$tport" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
179 |
generate_rules $FMRI $policy "tcp" $ip $tport $file |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
180 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
181 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
182 |
uport=`$SERVINFO -p -u -s $nfs_name 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
183 |
if [ -n "$uport" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
184 |
generate_rules $FMRI $policy "udp" $ip $uport $file |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
185 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
186 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
187 |
tports=`$SERVINFO -R -p -t -s "mountd" 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
188 |
if [ -n "$tports" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
189 |
for tport in $tports; do |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
190 |
generate_rules $FMRI $policy "tcp" $ip \ |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
191 |
$tport $file |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
192 |
done |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
193 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
194 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
195 |
uports=`$SERVINFO -R -p -u -s "mountd" 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
196 |
if [ -n "$uports" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
197 |
for uport in $uports; do |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
198 |
generate_rules $FMRI $policy "udp" $ip \ |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
199 |
$uport $file |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
200 |
done |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
201 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
202 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
203 |
elif [ "$FMRI" = "$RQUOTA_FMRI" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
204 |
iana_name=`svcprop -p inetd/name $FMRI` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
205 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
206 |
tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
207 |
if [ -n "$tports" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
208 |
for tport in $tports; do |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
209 |
generate_rules $NFS_FMRI $policy "tcp" \ |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
210 |
$ip $tport $file |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
211 |
done |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
212 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
213 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
214 |
uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
215 |
if [ -n "$uports" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
216 |
for uport in $uports; do |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
217 |
generate_rules $NFS_FMRI $policy "udp" \ |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
218 |
$ip $uport $file |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
219 |
done |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
220 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
221 |
else |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
222 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
223 |
# Handle the client services here |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
224 |
# |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
225 |
restarter=`svcprop -p general/restarter $FMRI 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
226 |
if [ "$restarter" = "$INETDFMRI" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
227 |
iana_name=`svcprop -p inetd/name $FMRI` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
228 |
isrpc=`svcprop -p inetd/isrpc $FMRI` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
229 |
else |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
230 |
iana_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
231 |
isrpc=`svcprop -p $FW_CONTEXT_PG/isrpc $FMRI` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
232 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
233 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
234 |
if [ "$isrpc" = "true" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
235 |
tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
236 |
uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
237 |
else |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
238 |
tports=`$SERVINFO -p -t -s $iana_name 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
239 |
uports=`$SERVINFO -p -u -s $iana_name 2>/dev/null` |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
240 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
241 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
242 |
if [ -n "$tports" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
243 |
for tport in $tports; do |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
244 |
echo "pass in log quick proto tcp from any" \ |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
245 |
"to any port = ${tport} flags S " \
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
246 |
"keep state" >>${file}
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
247 |
done |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
248 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
249 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
250 |
if [ -n "$uports" ]; then |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
251 |
for uport in $uports; do |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
252 |
echo "pass in log quick proto udp from any" \ |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
253 |
"to any port = ${uport}" >>${file}
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
254 |
done |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
255 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
256 |
fi |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
257 |
|
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
258 |
;; |
|
000507e9108d
6761070 PSARC 2008/580 Solaris host-based firewall
Truong Nguyen <Truong.Q.Nguyen@Sun.COM>
parents:
6859
diff
changeset
|
259 |
|
| 0 | 260 |
*) |
|
330
7bb3a56921ae
6207451 Rebooting does not share the FS in Solaris 10
thurlow
parents:
0
diff
changeset
|
261 |
echo "Usage: $0 { start | stop | refresh }"
|
| 0 | 262 |
exit 1 |
263 |
;; |
|
264 |
esac |
|
265 |
exit $SMF_EXIT_OK |