]>
git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - src/misc-progs/restartwireless.c
1 /* IPCop helper program - restartwireless
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
6 * (c) Alan Hourihane, 2003
8 * $Id: restartwireless.c,v 1.2.2.5 2005/07/11 10:56:47 franck78 Exp $
12 #include "libsmooth.h"
18 #include <sys/types.h>
24 char blue_dev
[STRING_SIZE
] = "";
25 char command
[STRING_SIZE
];
27 void exithandler(void)
31 snprintf(command
, STRING_SIZE
-1, "/sbin/iptables -A WIRELESSINPUT -i %s -j LOG_DROP", blue_dev
);
33 snprintf(command
, STRING_SIZE
-1, "/sbin/iptables -A WIRELESSFORWARD -i %s -j LOG_DROP", blue_dev
);
43 char green_dev
[STRING_SIZE
] = "";
44 char buffer
[STRING_SIZE
];
45 char *index
, *ipaddress
, *macaddress
, *enabled
;
46 struct keyvalue
*kv
= NULL
;
51 /* flush wireless iptables */
52 safe_system("/sbin/iptables -F WIRELESSINPUT > /dev/null 2> /dev/null");
53 safe_system("/sbin/iptables -F WIRELESSFORWARD > /dev/null 2> /dev/null");
55 memset(buffer
, 0, STRING_SIZE
);
57 /* Init the keyvalue structure */
60 /* Read in the current values */
61 if (!readkeyvalues(kv
, CONFIG_ROOT
"/ethernet/settings"))
63 fprintf(stderr
, "Cannot read ethernet settings\n");
67 /* Get the GREEN interface details */
68 if(!findkey(kv
, "GREEN_DEV", green_dev
))
70 fprintf(stderr
, "Cannot read GREEN_DEV\n");
73 if (!VALID_DEVICE(green_dev
))
75 fprintf(stderr
, "Bad GREEN_DEV: %s\n", green_dev
);
78 /* Get the BLUE interface details */
79 if(!findkey(kv
, "BLUE_DEV", blue_dev
))
81 fprintf(stderr
, "Cannot read BLUE_DEV\n");
84 if (strlen(blue_dev
) && !VALID_DEVICE(blue_dev
))
86 fprintf(stderr
, "Bad BLUE_DEV: %s\n", blue_dev
);
89 if(! strlen(blue_dev
) > 0)
91 fprintf(stderr
, "No BLUE interface\n");
95 /* register exit handler to ensure the block rule is always present */
98 if (!(fd
= fopen(CONFIG_ROOT
"/wireless/config", "r")))
102 while (fgets(buffer
, STRING_SIZE
, fd
))
104 buffer
[strlen(buffer
) - 1] = 0;
106 index
= strtok(buffer
, ",");
107 ipaddress
= strtok(NULL
, ",");
108 macaddress
= strtok(NULL
, ",");
109 enabled
= strtok(NULL
, ",");
111 if (!strncmp(enabled
, "on", 2)) {
113 /* both specified, added security */
114 if ((strlen(macaddress
) == 17) &&
115 (VALID_IP(ipaddress
))) {
116 snprintf(command
, STRING_SIZE
-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress
, ipaddress
, blue_dev
);
117 safe_system(command
);
118 snprintf(command
, STRING_SIZE
-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -o ! %s -j ACCEPT", macaddress
, ipaddress
, blue_dev
, green_dev
);
119 safe_system(command
);
120 snprintf(command
, STRING_SIZE
-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress
, ipaddress
, blue_dev
);
121 safe_system(command
);
124 /* correctly formed mac address is 17 chars */
125 if (strlen(macaddress
) == 17) {
126 snprintf(command
, STRING_SIZE
-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress
, blue_dev
);
127 safe_system(command
);
128 snprintf(command
, STRING_SIZE
-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -o ! %s -j ACCEPT", macaddress
, blue_dev
, green_dev
);
129 safe_system(command
);
130 snprintf(command
, STRING_SIZE
-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress
, blue_dev
);
131 safe_system(command
);
134 if (VALID_IP(ipaddress
)) {
135 snprintf(command
, STRING_SIZE
-1, "/sbin/iptables -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress
, blue_dev
);
136 safe_system(command
);
137 snprintf(command
, STRING_SIZE
-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -o ! %s -j ACCEPT", ipaddress
, blue_dev
, green_dev
);
138 safe_system(command
);
139 snprintf(command
, STRING_SIZE
-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress
, blue_dev
);
140 safe_system(command
);
projects / people / teissler / ipfire-2.x.git / blob