From f224c3f26535c5b8c7530f32af933697c9678fb2 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <Arne_F@ipfire.org>
Date: Thu, 3 Jan 2013 16:28:21 +0100
Subject: [PATCH] red.up: add script to cleanup conntrack-table if red ip has
 changed.

---
 config/rootfiles/common/armv5tel/initscripts  |  1 +
 config/rootfiles/common/i586/initscripts      |  1 +
 config/rootfiles/core/66/filelists/files      |  1 +
 .../networking/red.up/01-conntrack-cleanup    | 25 +++++++++++++++++++
 4 files changed, 28 insertions(+)
 create mode 100644 src/initscripts/init.d/networking/red.up/01-conntrack-cleanup

diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 90f9be161a..1a613ac34a 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -73,6 +73,7 @@ etc/rc.d/init.d/networking/red.down/10-ovpn
 etc/rc.d/init.d/networking/red.down/20-RL-firewall
 etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
 #etc/rc.d/init.d/networking/red.up
+etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
 etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
 etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 737e87847d..f26e2446dc 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -75,6 +75,7 @@ etc/rc.d/init.d/networking/red.down/10-ovpn
 etc/rc.d/init.d/networking/red.down/20-RL-firewall
 etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
 #etc/rc.d/init.d/networking/red.up
+etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
 etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
 etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
diff --git a/config/rootfiles/core/66/filelists/files b/config/rootfiles/core/66/filelists/files
index bf51301d74..91142e0c4f 100644
--- a/config/rootfiles/core/66/filelists/files
+++ b/config/rootfiles/core/66/filelists/files
@@ -7,6 +7,7 @@ etc/rc.d/init.d/halt
 etc/rc.d/init.d/leds
 etc/rc.d/init.d/mountfs
 etc/rc.d/init.d/network
+etc/rc.d/init.d/networking/red.up/01-conntrack-cleanup
 etc/rc.d/init.d/networking/red.up/98-leds
 etc/rc.d/init.d/partresize
 etc/rc.d/init.d/reboot
diff --git a/src/initscripts/init.d/networking/red.up/01-conntrack-cleanup b/src/initscripts/init.d/networking/red.up/01-conntrack-cleanup
new file mode 100644
index 0000000000..4bb43b9ed5
--- /dev/null
+++ b/src/initscripts/init.d/networking/red.up/01-conntrack-cleanup
@@ -0,0 +1,25 @@
+#!/bin/bash
+############################################################################
+# conntrack-cleanup - remove conntrack entries with the last red ipaddress #
+############################################################################
+#
+
+curr_ip=`cat /var/ipfire/red/local-ipaddress 2>/dev/null`
+last_ip=`cat /var/lock/last-ipaddress 2>/dev/null`
+
+if [ "$curr_ip" == "$last_ip" ]; then
+	exit 0
+fi
+
+if [ -z "$curr_ip" ]; then
+	echo ERROR: cannot read current IP.
+	exit 1
+fi
+
+if [ ! -z "$last_ip" ]; then
+	conntrack -D -s $last_ip 2>&1 > /dev/null
+	conntrack -D -d $last_ip 2>&1 > /dev/null
+	conntrack -D -r $last_ip 2>&1 > /dev/null
+	conntrack -D -q $last_ip 2>&1 > /dev/null
+fi
+echo $curr_ip > /var/lock/last-ipaddress
-- 
2.39.2