#
# Description : Network Control Script
#
-# Authors : Michael Tremer - m.s.tremer@googlemail.com
+# Authors : Michael Tremer - mitch@ipfire.org
#
# Version : 01.00
#
. ${rc_functions}
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+init_networking() {
+ boot_mesg "Loading firewall modules into the kernel"
+ modprobe iptable_nat || failed=1
+ for i in $(find /lib/modules/$(uname -r) -name nf_conntrack*); do
+ modprobe $(basename $i | cut -d. -f1) || failed=1
+ done
+ for i in $(find /lib/modules/$(uname -r) -name nf_nat*); do
+ modprobe $(basename $i | cut -d. -f1) || failed=1
+ done
+ (exit ${failed})
+ evaluate_retval
+
+ # Enable netfilter accounting
+ sysctl net.netfilter.nf_conntrack_acct=1 > /dev/null
+
+ if [ -e /var/ipfire/main/disable_nf_sip ]; then
+ rmmod nf_nat_sip
+ rmmod nf_conntrack_sip
+ rmmod nf_nat_h323
+ rmmod nf_conntrack_h323
+ fi
+
+ boot_mesg "Setting up firewall"
+ /etc/rc.d/init.d/firewall start; evaluate_retval
+
+ /etc/rc.d/init.d/dnsmasq start
+ /etc/rc.d/init.d/static-routes start
+}
+
DO="${1}"
shift
if [ -n "${1}" ]; then
ALL=0
- for i in green red blue orange; do
+ for i in green red blue orange; do
eval "${i}=0"
done
else
case "${DO}" in
start)
- if [ "${ALL}" == "1" ]; then
- boot_mesg "Loading iptables helper modules"
- modprobe iptable_nat || failed=1
- modprobe ip_conntrack || failed=1
- modprobe ip_conntrack_ftp || failed=1
- modprobe ip_nat_ftp || failed=1
- modprobe ip_conntrack_h323 || failed=1
- modprobe ip_nat_h323 || failed=1
- modprobe ip_conntrack_irc || failed=1
- modprobe ip_nat_irc || failed=1
- modprobe ip_conntrack_mms || failed=1
- modprobe ip_nat_mms || failed=1
- modprobe ip_conntrack_pptp || failed=1
- modprobe ip_nat_pptp || failed=1
- modprobe ip_conntrack_sip || failed=1
- modprobe ip_nat_sip || failed=1
- (exit ${failed})
- evaluate_retval
-
- boot_mesg "Setting up IPFire firewall rules"
- /etc/rc.d/init.d/firewall start; evaluate_retval
-
- boot_mesg "Setting up IP Accounting"
- /etc/rc.d/helper/writeipac.pl || failed=1
- /usr/sbin/fetchipac -S || failed=1
- (exit ${failed})
- evaluate_retval
-
- boot_mesg "Setting IPFire DMZ pinholes"
- /usr/local/bin/setdmzholes; evaluate_retval
-
- if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
- boot_mesg "Setting up wireless firewall rules"
- /usr/local/bin/restartwireless; evaluate_retval
- fi
-
- # Start DNSMASQ with defaults
- killall -KILL dnsmasq 2> /dev/null
- sleep 1
- if [ "$DOMAIN_NAME_GREEN" == "" ]; then
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases
- else
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases -s "$DOMAIN_NAME_GREEN"
- fi
- fi
-
+ [ "${ALL}" == "1" ] && init_networking
+
# Starting interfaces...
# GREEN
- if [ "$green" == "1" ]; then
- name=green /etc/rc.d/init.d/net/ifup
- fi
-
+ [ "$green" == "1" ] && /etc/rc.d/init.d/networking/green start
+
# BLUE
- if [ "$blue" == "1" ]; then
- if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
- name=blue /etc/rc.d/init.d/net/ifup
- fi
- fi
-
+ [ "$blue" == "1" ] && [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ] && \
+ /etc/rc.d/init.d/networking/blue start
+
# ORANGE
- if [ "$orange" == "1" ]; then
- if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ]; then
- name=orange /etc/rc.d/init.d/net/ifup
- fi
- fi
-
+ [ "$orange" == "1" ] && [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ] && \
+ /etc/rc.d/init.d/networking/orange start
+
# RED
if [ "$red" == "1" ]; then
if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
# Remove possible leftover files
rm -f /var/ipfire/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
- if [ "$AUTOCONNECT" == "off" ]; then
- echo -n # Do anything
- else
- name=red /etc/rc.d/init.d/net/ifup
- fi
+ [ "$AUTOCONNECT" == "off" ] || /etc/rc.d/init.d/networking/red start
fi
- fi
-
- boot_mesg "Setting OVPN Rules if enabled"
- /etc/rc.d/init.d/firewall startovpn; evaluate_retval
+ fi
;;
stop)
# Stopping interfaces...
# GREEN
- if [ "$green" == "1" ]; then
- name=green /etc/rc.d/init.d/net/ifdown
- fi
-
+ [ "$green" == "1" ] && /etc/rc.d/init.d/networking/green stop
+
# BLUE
- if [ "$blue" == "1" ]; then
- if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
- name=blue /etc/rc.d/init.d/net/ifdown
- fi
- fi
-
+ [ "$blue" == "1" ] && [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ] && \
+ /etc/rc.d/init.d/networking/blue stop
+
# ORANGE
- if [ "$orange" == "1" ]; then
- if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ]; then
- name=orange /etc/rc.d/init.d/net/ifdown
- fi
- fi
-
+ [ "$orange" == "1" ] && [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ] && \
+ /etc/rc.d/init.d/networking/orange stop
+
# RED
if [ "$red" == "1" ]; then
if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
- name=red /etc/rc.d/init.d/net/ifdown
+ /etc/rc.d/init.d/networking/red stop
fi
fi
-
- boot_mesg "Deleting OVPN Rules if enabled"
- /etc/rc.d/init.d/firewall stopovpn; evaluate_retval
+
+ # Stopping dnsmasq if network all networks shutdown
+ [ "${ALL}" == "1" ] && /etc/rc.d/init.d/dnsmasq stop
+
+ exit 0
;;
restart)
;;
*)
- echo "Usage: ${0} {start|stop|restart}"
+ echo "Usage: ${0} {start|stop|restart} [device(s)]"
exit 1
;;
esac
projects / people / teissler / ipfire-2.x.git / blobdiff