2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 .
/usr
/lib
/network
/header-config
24 # Allow multiple instances of this hook
33 hook_check_config_settings
() {
34 local protocol
="$(ip_detect_protocol "${ADDRESS}")"
38 assert ipv6_is_valid
"${ADDRESS}"
39 assert ipv6_prefix_is_valid
"${PREFIX}"
41 isset GATEWAY
&& assert ipv6_is_valid
"${GATEWAY}"
45 assert ipv4_is_valid
"${ADDRESS}"
46 assert ipv4_prefix_is_valid
"${PREFIX}"
48 isset GATEWAY
&& assert ipv4_is_valid
"${GATEWAY}"
52 error
"Could not determine protocol: ${protocol}"
53 return ${EXIT_CONF_ERROR}
60 hook_parse_cmdline
() {
65 while [ $# -gt 0 ]; do
71 ADDRESS
="$(ip_split_prefix "${1}")"
72 PREFIX
="$(ip_get_prefix "${1}")"
75 if ! ipv6_is_valid
"${ADDRESS}"; then
76 error
"Invalid IP address: ${ADDRESS}"
77 return ${EXIT_CONF_ERROR}
81 if ! ipv6_prefix_is_valid
"${PREFIX}"; then
82 error
"Invalid prefix: ${PREFIX}"
83 return ${EXIT_CONF_ERROR}
86 # Store the IPv6 address in its shortest format
87 ADDRESS
="$(ipv6_format "${ADDRESS}")"
94 ADDRESS
="$(ip_split_prefix "${1}")"
95 PREFIX
="$(ip_get_prefix "${1}")"
98 if ! ipv4_is_valid
"${ADDRESS}"; then
99 error
"Invalid IP address: ${ADDRESS}"
100 return ${EXIT_CONF_ERROR}
104 if ! ipv4_prefix_is_valid
"${PREFIX}"; then
105 # This might be a netmask instead
106 local prefix_from_netmask
="$(ipv4_netmask2prefix "${PREFIX}")"
108 if ! ipv4_prefix_is_valid
"${prefix_from_netmask}"; then
109 PREFIX
="${prefix_from_netmask}"
111 error
"Invalid prefix or netmask: ${PREFIX}"
112 return ${EXIT_CONF_ERROR}
119 GATEWAY
="$(cli_get_val "${1}")"
122 if isset GATEWAY
&& ! ip_is_valid
"${GATEWAY}"; then
123 error
"Invalid gateway IP address: ${GATEWAY}"
124 return ${EXIT_CONF_ERROR}
129 error
"Invalid argument: ${1}"
130 return ${EXIT_CONF_ERROR}
136 # Check if an address has been set
137 if ! isset ADDRESS
; then
138 error
"No IP address provided"
139 return ${EXIT_CONF_ERROR}
142 # Check if a prefix has been set
143 if ! isset PREFIX
; then
144 error
"No prefix provided"
145 return ${EXIT_CONF_ERROR}
148 # More gateway validation
149 if isset GATEWAY
; then
150 local gateway_protocol
="$(ip_detect_protocol "${GATEWAY}")"
152 # Make sure that the prefix is of the same protocol version
153 if [ "${gateway_protocol}" != "${protocol}" ]; then
154 error
"The gateway is of a wrong protocol: ${GATEWAY}"
155 return ${EXIT_CONF_ERROR}
158 # Make IP address as short as possible
159 if [ "${gateway_protocol}" = "ipv6" ]; then
160 GATEWAY
="$(ipv6_format "${GATEWAY}")"
164 # Check any conflicts
165 if zone_config_check_same_setting
"${zone}" "static" "${id}" "ADDRESS" "${ADDRESS}"; then
166 error
"A static configuration with the same address is already configured"
167 return ${EXIT_CONF_ERROR}
175 local id
=$
(zone_config_get_new_id
${zone})
176 log DEBUG
"ID for the config is: ${id}"
178 if ! hook_parse_cmdline
"${id}" "$@"; then
179 # Return an error if the parsing of the cmd line fails
183 zone_config_settings_write
"${zone}" "${HOOK}" "${id}"
193 # Check if the device exists
194 if ! device_exists
${zone}; then
195 error
"Zone ${zone} doesn't exist"
200 if ! zone_config_settings_read
"${zone}" "${config}"; then
201 error
"Could not read configuration for ${zone} ${config}"
205 # Add IP address to the interface
206 if ! ip_address_add
"${zone}" "${ADDRESS}/${PREFIX}"; then
210 local protocol
="$(ip_detect_protocol "${ADDRESS}")"
211 assert isset protocol
213 db_set
"${zone}/${protocol}/type" "${HOOK}"
214 db_set
"${zone}/${protocol}/local-ip-address" "${ADDRESS}/${PREFIX}"
215 db_set
"${zone}/${protocol}/remote-ip-address" "${GATEWAY}"
216 db_set
"${zone}/${protocol}/active" 1
218 # Update routing tables
219 routing_update
"${zone}" "${protocol}"
220 routing_default_update
230 if ! device_exists
${zone}; then
231 error
"Zone ${zone} doesn't exist"
236 if ! zone_config_settings_read
"${zone}" "${config}"; then
240 # Remove routing information from database
241 local protocol
="$(ip_detect_protocol "${ADDRESS}")"
242 assert isset protocol
243 db_delete
"${zone}/${protocol}"
245 # Remove the IP address
246 ip_address_del
"${zone}" "${ADDRESS}/${PREFIX}"
248 # Update routing tables
249 routing_update
"${zone}" "${protocol}"
250 routing_default_update
260 if ! device_exists
${zone}; then
261 error
"Zone ${zone} doesn't exist"
266 if ! zone_config_settings_read
"${zone}" "${config}"; then
270 local status
=${MSG_HOOK_UP}
271 if ! zone_has_ip
"${zone}" "${ADDRESS}/${PREFIX}"; then
272 status
=${MSG_HOOK_DOWN}
274 cli_statusline
3 "${HOOK}" "${status}"
276 cli_print_fmt1
3 "IP Address" "${ADDRESS}/${PREFIX}"
277 if [ -n "${GATEWAY}" ]; then
278 cli_print_fmt1
3 "Gateway" "${GATEWAY}"