diff --git a/lisa/tools/firewall.py b/lisa/tools/firewall.py
index 3c2329523b..0515a7ce81 100644
--- a/lisa/tools/firewall.py
+++ b/lisa/tools/firewall.py
@@ -1,8 +1,10 @@
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
+import re
from lisa.base_tools import Service
from lisa.executable import Tool
+from lisa.tools import Sed
class Firewall(Tool):
@@ -35,6 +37,11 @@ def stop(self) -> None:
iptables = self.node.tools[Iptables]
iptables.stop()
return
+ cmd_result = self.node.execute("command -v ipf", shell=True)
+ if 0 == cmd_result.exit_code:
+ ipf = self.node.tools[Ipf]
+ ipf.stop()
+ return
class Ufw(Tool):
@@ -149,3 +156,47 @@ def can_install(self) -> bool:
def stop(self) -> None:
service = self.node.tools[Service]
service.stop_service("firewalld")
+
+
+class Ipf(Tool):
+ _ipf_enable_pattern = re.compile(
+ r"(?Pipfilter_enable=):*(?P.*)$", re.MULTILINE
+ )
+
+ @property
+ def command(self) -> str:
+ return "ipf"
+
+ @property
+ def can_install(self) -> bool:
+ return False
+
+ def stop(self) -> None:
+ cmd_result = self.run("cat /etc/rc.conf", shell=True, sudo=True, force_run=True)
+ ipf_enable_found = re.search(self._ipf_enable_pattern, cmd_result.stdout)
+ if ipf_enable_found:
+ self.run(
+ "sed '/ipfilter_enable/s/YES/NO/g' /etc/rc.conf",
+ shell=True,
+ sudo=True,
+ force_run=True,
+ )
+
+ def start(self) -> None:
+ cmd_result = self.run("cat /etc/rc.conf", shell=True, sudo=True, force_run=True)
+ ipf_enable_found = re.search(self._ipf_enable_pattern, cmd_result.stdout)
+ if ipf_enable_found:
+ self.node.tools[Sed].substitute(
+ regexp="NO",
+ replacement="YES",
+ file="/etc/rc.conf",
+ match_lines="ipfilter_enable"
+ sudo=True,
+ )
+ else:
+ self.run(
+ 'echo "ipf_enable="YES"" | sudo tee -a /etc/rc.conf >/dev/null',
+ shell=True,
+ sudo=True,
+ force_run=True,
+ )