#!/bin/sh
#
# $NetBSD: ipnat,v 1.6 2000/09/19 13:04:38 lukem Exp $
# $FreeBSD$
#

# PROVIDE: ipnat
# REQUIRE: ipfilter mountcritremote
# BEFORE:  DAEMON
# KEYWORD: FreeBSD NetBSD

. /etc/rc.subr

name="ipnat"
rcvar=`set_rcvar`

case ${OSTYPE} in
FreeBSD)
	IPNATDIR="/sbin"
	start_precmd="ipnat_precmd"
	reload_cmd="ipnat_start"
	;;
NetBSD)
	IPNATDIR="/usr/sbin"
	config="/etc/ipnat.conf"
	reload_cmd="/usr/sbin/ipnat -F -C -f ${config}"
	start_precmd=
	;;
esac

start_cmd="ipnat_start"
stop_cmd="${ipnat_program:-${IPNATDIR}/${name}} -F -C"
extra_commands="reload"

ipnat_precmd()
{
	# Make sure ipfilter is loaded before continuing
	if ! ${SYSCTL} net.inet.ipf.fr_pass >/dev/null 2>&1; then
		err 1 'ipnat requires ipfilter be loaded'
	fi
	return 0
}

ipnat_start()
{
	case ${OSTYPE} in
	FreeBSD)
		echo -n 'Installing NAT rules ... '
		if [ -r "${ipnat_rules}" ]; then
			${ipnat_program:-/sbin/ipnat} -CF -f \
			    "${ipnat_rules}" ${ipnat_flags}
		else
			echo -n ' NO IPNAT RULES'
		fi
		echo '.'

		# restore filter/NAT state tables after loading the rules
		if checkyesno ipfs_enable; then
			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
				echo -n ' ipfs'
				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
				# remove files to avoid reloading old state
				# after an ungraceful shutdown
				rm -f /var/db/ipf/ipstate.ipf
				rm -f /var/db/ipf/ipnat.ipf
			fi
		fi
		;;
	NetBSD)
		if [ ! -f ${config} ]; then
			return 0
		fi
		if ! checkyesno ipfilter || [ ! -f /etc/ipf.conf ]; then
			echo "Enabling ipfilter for NAT."
			/sbin/ipf -E -Fa
		fi
		echo -n "Installing NAT rules ... "
		/usr/sbin/ipnat -F -f ${config}
		;;
	esac
}

load_rc_config $name
run_rc_command "$1"