#
# Description : Network Control Script
#
-# Authors : Michael Tremer - m.s.tremer@googlemail.com
+# Authors : Michael Tremer - mitch@ipfire.org
#
-# Version : 00.00
+# Version : 01.00
#
# Notes : Written for IPFire by its team
#
. /etc/sysconfig/rc
. ${rc_functions}
-. /var/ipfire/ethernet/settings
-. /var/ipfire/dhcp/settings
-. /var/ipfire/ppp/settings
-. /var/ipfire/vpn/settings
-
-# This is a small wrapper for dhcpcd.exe
-if ( echo $0 | /bin/grep -q 'dhcpcd.exe' ); then
- /etc/rc.d/init.d/network red update $1 $2
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+
+init_networking() {
+ boot_mesg "Loading firewall modules into the kernel"
+ modprobe iptable_nat || failed=1
+ for i in $(find /lib/modules/$(uname -r) -name nf_conntrack*); do
+ modprobe $(basename $i | cut -d. -f1) || failed=1
+ done
+ for i in $(find /lib/modules/$(uname -r) -name nf_nat*); do
+ modprobe $(basename $i | cut -d. -f1) || failed=1
+ done
+ (exit ${failed})
+ evaluate_retval
+
+ # Enable netfilter accounting
+ sysctl net.netfilter.nf_conntrack_acct=1 > /dev/null
+
+ if [ -e /var/ipfire/main/disable_nf_sip ]; then
+ rmmod nf_nat_sip
+ rmmod nf_conntrack_sip
+ rmmod nf_nat_h323
+ rmmod nf_conntrack_h323
+ fi
+
+ boot_mesg "Setting up firewall"
+ /etc/rc.d/init.d/firewall start; evaluate_retval
+
+# boot_mesg "Setting up traffic accounting"
+# /etc/rc.d/helper/writeipac.pl || failed=1
+# /usr/sbin/fetchipac -S || failed=1
+# (exit ${failed})
+# evaluate_retval
+
+ boot_mesg "Setting up DMZ pinholes"
+ /usr/local/bin/setdmzholes; evaluate_retval
+
+ if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
+ boot_mesg "Setting up wireless firewall rules"
+ /usr/local/bin/wirelessctrl; evaluate_retval
+ fi
+
+ /etc/rc.d/init.d/dnsmasq start
+ /etc/rc.d/init.d/static-routes start
+}
+
+DO="${1}"
+shift
+
+if [ -n "${1}" ]; then
+ ALL=0
+ for i in green red blue orange; do
+ eval "${i}=0"
+ done
+else
+ ALL=1
+ for i in green red blue orange; do
+ eval "${i}=1"
+ done
fi
-case "${1}" in
- start)
- boot_mesg "Loading MASQ helper modules"
- modprobe iptable_nat
- modprobe ip_conntrack
- modprobe ip_conntrack_ftp
- modprobe ip_nat_ftp
- modprobe ip_conntrack_h323
- modprobe ip_nat_h323
- modprobe ip_conntrack_irc
- modprobe ip_nat_irc
- modprobe ip_conntrack_mms
- modprobe ip_nat_mms
- modprobe ip_conntrack_pptp
- modprobe ip_nat_pptp
- modprobe ip_conntrack_sip
- modprobe ip_nat_sip
-
- # Remove possible leftover files
- rm -f CONFIG_ROOT/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
+while [ ! $# = 0 ]; do
+ for i in green red blue orange; do
+ if [ "${i}" == "${1}" ]; then
+ eval "${i}=1"
+ shift
+ fi
+ done
+done
- # The 'for' loop force driver loading order
- for NIC in 0 1 2 3; do
- ETHX="eth${NIC}"
- if [ "$GREEN_DEV" == "$ETHX" ]; then
- if [ "$GREEN_DRIVER" != "" ]; then
- modprobe $GREEN_DRIVER $GREEN_DRIVER_OPTIONS
- evaluate_retval
- fi
- fi
- if [ "$ORANGE_DEV" == "$ETHX" ]; then
- if [ "$ORANGE_DRIVER" != "" ]; then
- modprobe $ORANGE_DRIVER $ORANGE_DRIVER_OPTIONS
- evaluate_retval
- fi
- fi
- if [ "$BLUE_DEV" == "$ETHX" ]; then
- if [ "$BLUE_DRIVER" != "" ]; then
- modprobe $BLUE_DRIVER $BLUE_DRIVER_OPTIONS
- evaluate_retval
+case "${DO}" in
+ start)
+ [ "${ALL}" == "1" ] && init_networking
+
+ # Starting interfaces...
+ # GREEN
+ [ "$green" == "1" ] && /etc/rc.d/init.d/networking/green start
+
+ # BLUE
+ [ "$blue" == "1" ] && [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ] && \
+ /etc/rc.d/init.d/networking/blue start
+
+ # ORANGE
+ [ "$orange" == "1" ] && [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ] && \
+ /etc/rc.d/init.d/networking/orange start
+
+ # RED
+ if [ "$red" == "1" ]; then
+ if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
+ # Remove possible leftover files
+ rm -f /var/ipfire/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
+ [ "$AUTOCONNECT" == "off" ] || /etc/rc.d/init.d/networking/red start
fi
- fi
- if [ "$RED_DEV" == "$ETHX" ]; then
- if [ "$RED_DRIVER" != "" ]; then
- modprobe $RED_DRIVER $RED_DRIVER_OPTIONS
- evaluate_retval
- fi
- fi
- done
-
- boot_mesg "Setting up IPFire firewall rules"
- /etc/rc.d/init.d/firewall start; evaluate_retval
-
- boot_mesg "Setting up IP Accounting"
- /etc/rc.d/helper/writeipac.pl
- /usr/sbin/fetchipac -S; evaluate_retval
-
- boot_mesg "Setting IPFire DMZ pinholes"
- /usr/local/bin/setdmzholes; evaluate_retval
+ fi
+ ;;
- if [ "$BLUE_DEV" != "" ]; then
- boot_mesg "Setting up wireless firewall rules"
- /usr/local/bin/restartwireless; evaluate_retval
+ stop)
+ # Stopping interfaces...
+ # GREEN
+ [ "$green" == "1" ] && /etc/rc.d/init.d/networking/green stop
+
+ # BLUE
+ [ "$blue" == "1" ] && [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ] && \
+ /etc/rc.d/init.d/networking/blue stop
+
+ # ORANGE
+ [ "$orange" == "1" ] && [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ] && \
+ /etc/rc.d/init.d/networking/orange stop
+
+ # RED
+ if [ "$red" == "1" ]; then
+ if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
+ /etc/rc.d/init.d/networking/red stop
+ fi
fi
- # Bringing interfaces up...
- $0 green up
- $0 orange up
- $0 blue up
- $0 red up
+ # Stopping dnsmasq if network all networks shutdown
+ [ "${ALL}" == "1" ] && /etc/rc.d/init.d/dnsmasq stop
- ;;
-
- stop)
- # Stopping all interfaces...
- $0 red down
- $0 blue down
- $0 orange down
- $0 green down
+ exit 0
;;
restart)
- ${0} stop
+ for i in green red blue orange; do
+ if [ "${!i}" == "1" ]; then
+ ARGS+=" ${i}"
+ fi
+ done
+ ${0} stop ${ARGS}
sleep 1
- ${0} start
- ;;
-
- #
- # Every interface has its own context to start/stop/restart.
- #
- green)
- case "${2}" in
- up)
- boot_mesg "Bringing green network up..."
- if [ "$GREEN_DEV" != "" ]; then
- ifconfig $GREEN_DEV $GREEN_ADDRESS netmask $GREEN_NETMASK broadcast $GREEN_BROADCAST up
- evaluate_retval
- else
- echo "WARNING: No driver set for GREEN"
- fi
- ;;
- down)
- boot_mesg "Bringing green network down..."
- ifconfig $GREEN_DEV down 2> /dev/null; evaluate_retval
- ;;
- esac
- ;;
-
- orange)
- case "${2}" in
- up)
- if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "7" ]; then
- if [ "$ORANGE_DEV" != "" ]; then
- boot_mesg "Bringing orange network up..."
- ifconfig $ORANGE_DEV $ORANGE_ADDRESS netmask $ORANGE_NETMASK broadcast $ORANGE_BROADCAST up
- evaluate_retval
- fi
- fi
- ;;
- down)
- if [ "$ORANGE_DEV" != "" ]; then
- boot_mesg "Bringing orange network down..."
- ifconfig $ORANGE_DEV down 2> /dev/null; evaluate_retval
- fi
- ;;
- esac
- ;;
-
- blue)
- case "${2}" in
- up)
- if [ "$CONFIG_TYPE" = "4" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
- if [ "$BLUE_DEV" != "" ]; then
- boot_mesg "Bringing blue network up..."
- ifconfig $BLUE_DEV $BLUE_ADDRESS netmask $BLUE_NETMASK broadcast $BLUE_BROADCAST up
- evaluate_retval
- fi
- fi
- ;;
- down)
- if [ "$BLUE_DEV" != "" ]; then
- boot_mesg "Bringing blue network down..."
- ifconfig $BLUE_DEV down 2> /dev/null; evaluate_retval
- fi
- ;;
- esac
- ;;
-
- red)
- case "${2}" in
- up)
- boot_mesg "Bringing red network up..."
- # If RED is ethernet then check furthur...
- if [ "$CONFIG_TYPE" == "2" -o "$CONFIG_TYPE" == "3" -o "$CONFIG_TYPE" == "6" -o "$CONFIG_TYPE" == "7" ]; then
- # If we are DHCP or STATIC we have to start automatically
- if [ "$RED_TYPE" == "DHCP" -o "$RED_TYPE" == "STATIC" ]; then
- AUTOCONNECT="on"
- fi
- fi
-
- # Start DNSMASQ with defaults
- if [ "$DOMAIN_NAME_GREEN" == "" ]; then
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases
- else
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases -s "$DOMAIN_NAME_GREEN"
- fi
-
- # Only when AUTOCONNECT is on
- if [ "$AUTOCONNECT" == "on" ]; then
- /etc/rc.d/init.d/red start; evaluate_retval
- fi
- ;;
- down)
- boot_mesg "Bringing red network down..."
- /etc/rc.d/init.d/red stop
- sleep 3
- /etc/rc.d/init.d/red clear; evaluate_retval
- ;;
- update)
- if [ ! -e /var/lock/rc.updatered.lock ]; then
- /usr/bin/touch /var/lock/rc.updatered.lock
- /usr/bin/logger -s -p local0.info -t rc.updatered "$0 locking for $$"
- else
- count=0
- while [ ! $count = 5 ]; do
- sleep 3
- if [ ! -e /var/lock/rc.updatered.lock ]; then
- break
- else
- /usr/bin/logger -s -p local0.info -t rc.updatered "$0 $$ waiting unlock"
- fi
- ((++count))
- done
- fi
-
- IFACE=`/bin/cat /var/ipfire/red/iface 2>/dev/null | /usr/bin/tr -d '\012'`
- REMOTE=`/bin/cat /var/ipfire/red/remote-ipaddress 2>/dev/null | /usr/bin/tr -d '\012'`
-
- ###
- ### Retrieve DHCP Settings
- ###
- if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
- if [ "$RED_TYPE" = "DHCP" ]; then
- unset DNS1 DNS2
- eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
- if [ "$DNS1" = "" ]; then
- echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > /var/ipfire/red/dns1
- echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > /var/ipfire/red/dns2
- else
- echo "$DNS1" > /var/ipfire/red/dns1
- echo "$DNS2" > /var/ipfire/red/dns2
- fi
- . /var/ipfire/dhcpc/dhcpcd-${RED_DEV}.info
- echo "$IPADDR" > /var/ipfire/red/local-ipaddress
- echo "$GATEWAY" > /var/ipfire/red/remote-ipaddress
- fi
- else
- if [ "$PROTOCOL" = "RFC1483" -a "$METHOD" = "DHCP" ]; then
- unset DNS1 DNS2
- eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
- if [ "$DNS" = "Automatic" ]; then
- echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > /var/ipfire/red/dns1
- echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > /var/ipfire/red/dns2
- else
- echo "$DNS1" > /var/ipfire/red/dns1
- echo "$DNS2" > /var/ipfire/red/dns2
- fi
- . /var/ipfire/dhcpc/dhcpcd-${IFACE}.info
- echo $IPADDR > /var/ipfire/red/local-ipaddress
- echo $GATEWAY > /var/ipfire/red/remote-ipaddress
- fi
- fi
-
- ###
- ### Retrieve DNS settings
- ###
- DNS1=`/bin/cat /var/ipfire/red/dns1 2>/dev/null | /usr/bin/tr -d '\012'`
- DNS2=`/bin/cat /var/ipfire/red/dns2 2>/dev/null | /usr/bin/tr -d '\012'`
- echo > /var/ipfire/red/resolv.conf #clear it
- [ "$DNS1" != "" ] && echo "nameserver $DNS1" > /var/ipfire/red/resolv.conf
- [ "$DNS2" != "" ] && echo "nameserver $DNS2" >> /var/ipfire/red/resolv.conf
-
-
- ###
- ### Restart DNSMASQ
- ###
- /bin/killall -KILL dnsmasq 2> /dev/null
- sleep 1
-
- DOMopt=""
- [ "$DOMAIN_NAME_GREEN" ] && DOMopt="-s $DOMAIN_NAME_GREEN"
- if [ -e "/var/ipfire/red/dial-on-demand" -a "$DIALONDEMANDDNS" == "on" -a ! -e "/var/ipfire/red/active" ]; then
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipfire/ppp/fake-resolv.conf
- else
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipfire/red/resolv.conf
- fi
- unset DOMopt
-
- # Reset default route to ippp0 for dial on demand
- if [ -e "/var/ipfire/red/dial-on-demand" -a "$TYPE" == "isdn" -a ! -e "/var/ipfire/red/active" ]; then
- /sbin/route del default 2> /dev/null
- if [ ! -z "$REMOTE" ]; then
- /sbin/route add default gw $REMOTE 2> /dev/null
- else
- /sbin/route add default dev ippp0 2> /dev/null
- fi
- fi
-
- if [ "$3" ]; then
- eval $(/usr/local/bin/readhash "$3")
- case "$4" in
- up)
- /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with old IP=${IPADDR}"
- if [ "$RED_TYPE" != 'PPTP' ]; then
- /usr/bin/touch /var/ipfire/red/active
- fi
- ;;
- new)
- /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with new IP=${IPADDR}"
- if [ -e "/var/ipfire/red/active" ]; then
- /usr/local/bin/setfilters
- /usr/local/bin/setportfw
- /usr/local/bin/setxtaccess
- /usr/local/bin/setddns.pl -f
- /usr/local/bin/restartsnort red
- sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
- /bin/rm -f /var/lock/rc.updatered.lock
- /usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$"
- exit 0
- else
- if [ "$RED_TYPE" != 'PPTP' ]; then
- /usr/bin/touch /var/ipfire/red/active
- fi
- fi
- ;;
- down)
- /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been brought down"
- rm -f /var/ipfire/red/active
- ;;
- esac
- fi
-
- if [ -e "/var/ipfire/red/active" ]; then
- [ "$IFACE" != "" ] && /sbin/ifconfig $IFACE -multicast
- /etc/rc.d/init.d/firewall reload
- /usr/local/bin/setfilters
- /usr/local/bin/restartsnort red
- /usr/local/bin/qosctrl restart
- /usr/local/bin/setportfw
- /usr/local/bin/setxtaccess
- /usr/local/bin/setddns.pl -f
- /etc/rc.d/helper/writeipac.pl
- /usr/sbin/fetchipac -S
- sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
- else
- /usr/local/bin/ipsecctrl D
- /etc/rc.d/init.d/firewall reload
- fi
- /bin/rm -f /var/lock/rc.updatered.lock
- /usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$"
- ;;
- esac
+ ${0} start ${ARGS}
;;
*)
- echo "Usage: ${0} {start|stop|restart}"
- echo " or: ${0} {green|orange|blue|red} {up|down}"
+ echo "Usage: ${0} {start|stop|restart} [device(s)]"
exit 1
;;
esac