#
# Authors : Michael Tremer - m.s.tremer@googlemail.com
#
-# Version : 00.00
+# Version : 01.00
#
# Notes : Written for IPFire by its team
#
. /etc/sysconfig/rc
. ${rc_functions}
-. /var/ipfire/ethernet/settings
-. /var/ipfire/dhcp/settings
-. /var/ipfire/ppp/settings
-. /var/ipfire/vpn/settings
-
-# This is a small wrapper for dhcpcd.exe
-if ( echo $0 | /bin/grep -q 'dhcpcd.exe' ); then
- /etc/rc.d/init.d/network red update $1 $2
-fi
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/vpn/settings)
case "${1}" in
start)
- boot_mesg "Loading MASQ helper modules"
- modprobe iptable_nat
- modprobe ip_conntrack
- modprobe ip_conntrack_ftp
- modprobe ip_nat_ftp
- modprobe ip_conntrack_h323
- modprobe ip_nat_h323
- modprobe ip_conntrack_irc
- modprobe ip_nat_irc
- modprobe ip_conntrack_mms
- modprobe ip_nat_mms
- modprobe ip_conntrack_pptp
- modprobe ip_nat_pptp
- modprobe ip_conntrack_sip
- modprobe ip_nat_sip
+ boot_mesg "Loading iptables helper modules"
+ modprobe iptable_nat || failed=1
+ modprobe ip_conntrack || failed=1
+ modprobe ip_conntrack_ftp || failed=1
+ modprobe ip_nat_ftp || failed=1
+ modprobe ip_conntrack_h323 || failed=1
+ modprobe ip_nat_h323 || failed=1
+ modprobe ip_conntrack_irc || failed=1
+ modprobe ip_nat_irc || failed=1
+ modprobe ip_conntrack_mms || failed=1
+ modprobe ip_nat_mms || failed=1
+ modprobe ip_conntrack_pptp || failed=1
+ modprobe ip_nat_pptp || failed=1
+ modprobe ip_conntrack_sip || failed=1
+ modprobe ip_nat_sip || failed=1
+ (exit ${failed})
+ evaluate_retval
# Remove possible leftover files
- rm -f CONFIG_ROOT/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
-
- # The 'for' loop force driver loading order
- for NIC in 0 1 2 3; do
- ETHX="eth${NIC}"
- if [ "$GREEN_DEV" == "$ETHX" ]; then
- if [ "$GREEN_DRIVER" != "" ]; then
- modprobe $GREEN_DRIVER $GREEN_DRIVER_OPTIONS
- evaluate_retval
- fi
- fi
- if [ "$ORANGE_DEV" == "$ETHX" ]; then
- if [ "$ORANGE_DRIVER" != "" ]; then
- modprobe $ORANGE_DRIVER $ORANGE_DRIVER_OPTIONS
- evaluate_retval
- fi
- fi
- if [ "$BLUE_DEV" == "$ETHX" ]; then
- if [ "$BLUE_DRIVER" != "" ]; then
- modprobe $BLUE_DRIVER $BLUE_DRIVER_OPTIONS
- evaluate_retval
- fi
- fi
- if [ "$RED_DEV" == "$ETHX" ]; then
- if [ "$RED_DRIVER" != "" ]; then
- modprobe $RED_DRIVER $RED_DRIVER_OPTIONS
- evaluate_retval
- fi
- fi
- done
-
+ rm -f /var/ipfire/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
+
boot_mesg "Setting up IPFire firewall rules"
/etc/rc.d/init.d/firewall start; evaluate_retval
boot_mesg "Setting up IP Accounting"
- /etc/rc.d/helper/writeipac.pl
- /usr/sbin/fetchipac -S; evaluate_retval
+ /etc/rc.d/helper/writeipac.pl || failed=1
+ /usr/sbin/fetchipac -S || failed=1
+ (exit ${failed})
+ evaluate_retval
boot_mesg "Setting IPFire DMZ pinholes"
/usr/local/bin/setdmzholes; evaluate_retval
- if [ "$BLUE_DEV" != "" ]; then
+ if [ "$CONFIG_TYPE" = "4" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
boot_mesg "Setting up wireless firewall rules"
/usr/local/bin/restartwireless; evaluate_retval
fi
-
- # Bringing interfaces up...
- $0 green up
- $0 orange up
- $0 blue up
- $0 red up
-
- ;;
+
+ # Starting interfaces...
+ # GREEN
+ name=green /etc/rc.d/init.d/net/ifup
+
+ # BLUE
+ if [ "$CONFIG_TYPE" = "4" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
+ name=blue /etc/rc.d/init.d/net/ifup
+ fi
+
+ # ORANGE
+ if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "7" ]; then
+ name=orange /etc/rc.d/init.d/net/ifup
+ fi
+
+ # RED
+ if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
+ name=red /etc/rc.d/init.d/net/ifup
+ fi
stop)
- # Stopping all interfaces...
- $0 red down
- $0 blue down
- $0 orange down
- $0 green down
+
;;
restart)
${0} start
;;
- #
- # Every interface has its own context to start/stop/restart.
- #
- green)
- case "${2}" in
- up)
- boot_mesg "Bringing green network up..."
- if [ "$GREEN_DEV" != "" ]; then
- ifconfig $GREEN_DEV $GREEN_ADDRESS netmask $GREEN_NETMASK broadcast $GREEN_BROADCAST up
- evaluate_retval
- else
- echo "WARNING: No driver set for GREEN"
- fi
- ;;
- down)
- boot_mesg "Bringing green network down..."
- ifconfig $GREEN_DEV down 2> /dev/null; evaluate_retval
- ;;
- esac
- ;;
-
- orange)
- case "${2}" in
- up)
- if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "7" ]; then
- if [ "$ORANGE_DEV" != "" ]; then
- boot_mesg "Bringing orange network up..."
- ifconfig $ORANGE_DEV $ORANGE_ADDRESS netmask $ORANGE_NETMASK broadcast $ORANGE_BROADCAST up
- evaluate_retval
- fi
- fi
- ;;
- down)
- if [ "$ORANGE_DEV" != "" ]; then
- boot_mesg "Bringing orange network down..."
- ifconfig $ORANGE_DEV down 2> /dev/null; evaluate_retval
- fi
- ;;
- esac
- ;;
-
- blue)
- case "${2}" in
- up)
- if [ "$CONFIG_TYPE" = "4" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
- if [ "$BLUE_DEV" != "" ]; then
- boot_mesg "Bringing blue network up..."
- ifconfig $BLUE_DEV $BLUE_ADDRESS netmask $BLUE_NETMASK broadcast $BLUE_BROADCAST up
- evaluate_retval
- fi
- fi
- ;;
- down)
- if [ "$BLUE_DEV" != "" ]; then
- boot_mesg "Bringing blue network down..."
- ifconfig $BLUE_DEV down 2> /dev/null; evaluate_retval
- fi
- ;;
- esac
- ;;
-
- red)
- case "${2}" in
- up)
- boot_mesg "Bringing red network up..."
- # If RED is ethernet then check furthur...
- if [ "$CONFIG_TYPE" == "2" -o "$CONFIG_TYPE" == "3" -o "$CONFIG_TYPE" == "6" -o "$CONFIG_TYPE" == "7" ]; then
- # If we are DHCP or STATIC we have to start automatically
- if [ "$RED_TYPE" == "DHCP" -o "$RED_TYPE" == "STATIC" ]; then
- AUTOCONNECT="on"
- fi
- fi
-
- # Start DNSMASQ with defaults
- if [ "$DOMAIN_NAME_GREEN" == "" ]; then
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases
- else
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases -s "$DOMAIN_NAME_GREEN"
- fi
-
- # Only when AUTOCONNECT is on
- if [ "$AUTOCONNECT" == "on" ]; then
- /etc/rc.d/init.d/red start; evaluate_retval
- fi
- ;;
- down)
- boot_mesg "Bringing red network down..."
- /etc/rc.d/init.d/red stop
- sleep 3
- /etc/rc.d/init.d/red clear; evaluate_retval
- ;;
- update)
- if [ ! -e /var/lock/rc.updatered.lock ]; then
- /usr/bin/touch /var/lock/rc.updatered.lock
- /usr/bin/logger -s -p local0.info -t rc.updatered "$0 locking for $$"
- else
- count=0
- while [ ! $count = 5 ]; do
- sleep 3
- if [ ! -e /var/lock/rc.updatered.lock ]; then
- break
- else
- /usr/bin/logger -s -p local0.info -t rc.updatered "$0 $$ waiting unlock"
- fi
- ((++count))
- done
- fi
-
- IFACE=`/bin/cat /var/ipfire/red/iface 2>/dev/null | /usr/bin/tr -d '\012'`
- REMOTE=`/bin/cat /var/ipfire/red/remote-ipaddress 2>/dev/null | /usr/bin/tr -d '\012'`
-
- ###
- ### Retrieve DHCP Settings
- ###
- if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
- if [ "$RED_TYPE" = "DHCP" ]; then
- unset DNS1 DNS2
- eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
- if [ "$DNS1" = "" ]; then
- echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > /var/ipfire/red/dns1
- echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > /var/ipfire/red/dns2
- else
- echo "$DNS1" > /var/ipfire/red/dns1
- echo "$DNS2" > /var/ipfire/red/dns2
- fi
- . /var/ipfire/dhcpc/dhcpcd-${RED_DEV}.info
- echo "$IPADDR" > /var/ipfire/red/local-ipaddress
- echo "$GATEWAY" > /var/ipfire/red/remote-ipaddress
- fi
- else
- if [ "$PROTOCOL" = "RFC1483" -a "$METHOD" = "DHCP" ]; then
- unset DNS1 DNS2
- eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
- if [ "$DNS" = "Automatic" ]; then
- echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > /var/ipfire/red/dns1
- echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > /var/ipfire/red/dns2
- else
- echo "$DNS1" > /var/ipfire/red/dns1
- echo "$DNS2" > /var/ipfire/red/dns2
- fi
- . /var/ipfire/dhcpc/dhcpcd-${IFACE}.info
- echo $IPADDR > /var/ipfire/red/local-ipaddress
- echo $GATEWAY > /var/ipfire/red/remote-ipaddress
- fi
- fi
-
- ###
- ### Retrieve DNS settings
- ###
- DNS1=`/bin/cat /var/ipfire/red/dns1 2>/dev/null | /usr/bin/tr -d '\012'`
- DNS2=`/bin/cat /var/ipfire/red/dns2 2>/dev/null | /usr/bin/tr -d '\012'`
- echo > /var/ipfire/red/resolv.conf #clear it
- [ "$DNS1" != "" ] && echo "nameserver $DNS1" > /var/ipfire/red/resolv.conf
- [ "$DNS2" != "" ] && echo "nameserver $DNS2" >> /var/ipfire/red/resolv.conf
-
-
- ###
- ### Restart DNSMASQ
- ###
- /bin/killall -KILL dnsmasq 2> /dev/null
- sleep 1
-
- DOMopt=""
- [ "$DOMAIN_NAME_GREEN" ] && DOMopt="-s $DOMAIN_NAME_GREEN"
- if [ -e "/var/ipfire/red/dial-on-demand" -a "$DIALONDEMANDDNS" == "on" -a ! -e "/var/ipfire/red/active" ]; then
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipfire/ppp/fake-resolv.conf
- else
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipfire/red/resolv.conf
- fi
- unset DOMopt
-
- # Reset default route to ippp0 for dial on demand
- if [ -e "/var/ipfire/red/dial-on-demand" -a "$TYPE" == "isdn" -a ! -e "/var/ipfire/red/active" ]; then
- /sbin/route del default 2> /dev/null
- if [ ! -z "$REMOTE" ]; then
- /sbin/route add default gw $REMOTE 2> /dev/null
- else
- /sbin/route add default dev ippp0 2> /dev/null
- fi
- fi
-
- if [ "$3" ]; then
- eval $(/usr/local/bin/readhash "$3")
- case "$4" in
- up)
- /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with old IP=${IPADDR}"
- if [ "$RED_TYPE" != 'PPTP' ]; then
- /usr/bin/touch /var/ipfire/red/active
- fi
- ;;
- new)
- /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with new IP=${IPADDR}"
- if [ -e "/var/ipfire/red/active" ]; then
- /usr/local/bin/setfilters
- /usr/local/bin/setportfw
- /usr/local/bin/setxtaccess
- /usr/local/bin/setddns.pl -f
- /usr/local/bin/restartsnort red
- sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
- /bin/rm -f /var/lock/rc.updatered.lock
- /usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$"
- exit 0
- else
- if [ "$RED_TYPE" != 'PPTP' ]; then
- /usr/bin/touch /var/ipfire/red/active
- fi
- fi
- ;;
- down)
- /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been brought down"
- rm -f /var/ipfire/red/active
- ;;
- esac
- fi
-
- if [ -e "/var/ipfire/red/active" ]; then
- [ "$IFACE" != "" ] && /sbin/ifconfig $IFACE -multicast
- /etc/rc.d/init.d/firewall reload
- /usr/local/bin/setfilters
- /usr/local/bin/restartsnort red
- /usr/local/bin/qosctrl restart
- /usr/local/bin/setportfw
- /usr/local/bin/setxtaccess
- /usr/local/bin/setddns.pl -f
- /etc/rc.d/helper/writeipac.pl
- /usr/sbin/fetchipac -S
- sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
- else
- /usr/local/bin/ipsecctrl D
- /etc/rc.d/init.d/firewall reload
- fi
- /bin/rm -f /var/lock/rc.updatered.lock
- /usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$"
- ;;
- esac
- ;;
-
*)
echo "Usage: ${0} {start|stop|restart}"
- echo " or: ${0} {green|orange|blue|red} {up|down}"
exit 1
;;
esac
projects / people / pmueller / ipfire-2.x.git / blobdiff