-/* IPCop helper program - restartwireless\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence. See the file COPYING for details.\r
- *\r
- * (c) Alan Hourihane, 2003\r
- * \r
- * $Id: restartwireless.c,v 1.2.2.5 2005/07/11 10:56:47 franck78 Exp $\r
- *\r
- */\r
-\r
-#include "libsmooth.h"\r
-#include <stdio.h>\r
-#include <stdlib.h>\r
-#include <unistd.h>\r
-#include <fcntl.h>\r
-#include <string.h>\r
-#include <sys/types.h>\r
-#include <sys/stat.h>\r
-#include <signal.h>\r
-#include "setuid.h"\r
-\r
-FILE *fd = NULL;\r
-char blue_dev[STRING_SIZE] = "";\r
-char command[STRING_SIZE];\r
-\r
-void exithandler(void)\r
-{\r
- if(strlen(blue_dev))\r
- {\r
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -i %s -j LOG_DROP", blue_dev);\r
- safe_system(command);\r
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -i %s -j LOG_DROP", blue_dev);\r
- safe_system(command);\r
- }\r
-\r
- if (fd)\r
- fclose(fd);\r
-}\r
-\r
-int main(void)\r
-{\r
- char green_dev[STRING_SIZE] = "";\r
- char buffer[STRING_SIZE];\r
- char *index, *ipaddress, *macaddress, *enabled;\r
- struct keyvalue *kv = NULL;\r
-\r
- if (!(initsetuid()))\r
- exit(1);\r
-\r
- /* flush wireless iptables */\r
- safe_system("/sbin/iptables -F WIRELESSINPUT > /dev/null 2> /dev/null");\r
- safe_system("/sbin/iptables -F WIRELESSFORWARD > /dev/null 2> /dev/null");\r
-\r
- memset(buffer, 0, STRING_SIZE);\r
-\r
- /* Init the keyvalue structure */\r
- kv=initkeyvalues();\r
-\r
- /* Read in the current values */\r
- if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))\r
- {\r
- fprintf(stderr, "Cannot read ethernet settings\n");\r
- exit(1);\r
- }\r
-\r
- /* Get the GREEN interface details */\r
- if(!findkey(kv, "GREEN_DEV", green_dev))\r
- {\r
- fprintf(stderr, "Cannot read GREEN_DEV\n");\r
- exit(1);\r
- }\r
- if (!VALID_DEVICE(green_dev))\r
- {\r
- fprintf(stderr, "Bad GREEN_DEV: %s\n", green_dev);\r
- exit(1);\r
- }\r
- /* Get the BLUE interface details */\r
- if(!findkey(kv, "BLUE_DEV", blue_dev))\r
- {\r
- fprintf(stderr, "Cannot read BLUE_DEV\n");\r
- exit(1);\r
- }\r
- if (strlen(blue_dev) && !VALID_DEVICE(blue_dev))\r
- {\r
- fprintf(stderr, "Bad BLUE_DEV: %s\n", blue_dev);\r
- exit(1);\r
- }\r
- if(! strlen(blue_dev) > 0)\r
- {\r
- fprintf(stderr, "No BLUE interface\n");\r
- exit(0);\r
- }\r
-\r
- /* register exit handler to ensure the block rule is always present */\r
- atexit(exithandler);\r
-\r
- if (!(fd = fopen(CONFIG_ROOT "/wireless/config", "r")))\r
- {\r
- exit(0);\r
- }\r
- while (fgets(buffer, STRING_SIZE, fd))\r
- {\r
- buffer[strlen(buffer) - 1] = 0;\r
-\r
- index = strtok(buffer, ",");\r
- ipaddress = strtok(NULL, ",");\r
- macaddress = strtok(NULL, ",");\r
- enabled = strtok(NULL, ",");\r
-\r
- if (!strncmp(enabled, "on", 2)) {\r
- \r
- /* both specified, added security */\r
- if ((strlen(macaddress) == 17) && \r
- (VALID_IP(ipaddress))) {\r
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress, ipaddress, blue_dev);\r
- safe_system(command);\r
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -o ! %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);\r
- safe_system(command);\r
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);\r
- safe_system(command);\r
- } else {\r
-\r
- /* correctly formed mac address is 17 chars */\r
- if (strlen(macaddress) == 17) {\r
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress, blue_dev);\r
- safe_system(command);\r
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -o ! %s -j ACCEPT", macaddress, blue_dev, green_dev);\r
- safe_system(command);\r
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);\r
- safe_system(command);\r
- }\r
-\r
- if (VALID_IP(ipaddress)) {\r
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress, blue_dev);\r
- safe_system(command);\r
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -o ! %s -j ACCEPT", ipaddress, blue_dev, green_dev);\r
- safe_system(command);\r
- snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);\r
- safe_system(command);\r
- }\r
- }\r
- }\r
- }\r
-\r
- return 0;\r
-}\r
+/* IPCop helper program - wirelessctrl
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence. See the file COPYING for details.
+ *
+ * (c) Alan Hourihane, 2003
+ *
+ * $Id: wirelessctrl.c,v 1.2.2.5 2005/07/11 10:56:47 franck78 Exp $
+ *
+ */
+
+#include "libsmooth.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <signal.h>
+#include "setuid.h"
+
+FILE *fd = NULL;
+char blue_dev[STRING_SIZE] = "";
+char command[STRING_SIZE];
+
+void exithandler(void)
+{
+ if(strlen(blue_dev))
+ {
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -i %s -j LOG_DROP", blue_dev);
+ safe_system(command);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -i %s -j LOG_DROP", blue_dev);
+ safe_system(command);
+ }
+
+ if (fd)
+ fclose(fd);
+}
+
+int main(void)
+{
+ char green_dev[STRING_SIZE] = "";
+ char buffer[STRING_SIZE];
+ char *index, *ipaddress, *macaddress, *enabled;
+ struct keyvalue *kv = NULL;
+
+ if (!(initsetuid()))
+ exit(1);
+
+ /* flush wireless iptables */
+ safe_system("/sbin/iptables -F WIRELESSINPUT > /dev/null 2> /dev/null");
+ safe_system("/sbin/iptables -F WIRELESSFORWARD > /dev/null 2> /dev/null");
+
+ memset(buffer, 0, STRING_SIZE);
+
+ /* Init the keyvalue structure */
+ kv=initkeyvalues();
+
+ /* Read in the current values */
+ if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
+ {
+ fprintf(stderr, "Cannot read ethernet settings\n");
+ exit(1);
+ }
+
+ /* Get the GREEN interface details */
+ if(!findkey(kv, "GREEN_DEV", green_dev))
+ {
+ fprintf(stderr, "Cannot read GREEN_DEV\n");
+ exit(1);
+ }
+ if (!VALID_DEVICE(green_dev))
+ {
+ fprintf(stderr, "Bad GREEN_DEV: %s\n", green_dev);
+ exit(1);
+ }
+ /* Get the BLUE interface details */
+ if(!findkey(kv, "BLUE_DEV", blue_dev))
+ {
+ fprintf(stderr, "Cannot read BLUE_DEV\n");
+ exit(1);
+ }
+ if (strlen(blue_dev) && !VALID_DEVICE(blue_dev))
+ {
+ fprintf(stderr, "Bad BLUE_DEV: %s\n", blue_dev);
+ exit(1);
+ }
+ if(! strlen(blue_dev) > 0)
+ {
+ fprintf(stderr, "No BLUE interface\n");
+ exit(0);
+ }
+
+ /* register exit handler to ensure the block rule is always present */
+ atexit(exithandler);
+
+ if (!(fd = fopen(CONFIG_ROOT "/wireless/config", "r")))
+ {
+ exit(0);
+ }
+ while (fgets(buffer, STRING_SIZE, fd))
+ {
+ buffer[strlen(buffer) - 1] = 0;
+
+ index = strtok(buffer, ",");
+ ipaddress = strtok(NULL, ",");
+ macaddress = strtok(NULL, ",");
+ enabled = strtok(NULL, ",");
+
+ if (!strncmp(enabled, "on", 2)) {
+
+ /* both specified, added security */
+ if ((strlen(macaddress) == 17) &&
+ (VALID_IP(ipaddress))) {
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -s %s -i %s -j ACCEPT", macaddress, ipaddress, blue_dev);
+ safe_system(command);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -o ! %s -j ACCEPT", macaddress, ipaddress, blue_dev, green_dev);
+ safe_system(command);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -s %s -i %s -j DMZHOLES", macaddress, ipaddress, blue_dev);
+ safe_system(command);
+ } else {
+
+ /* correctly formed mac address is 17 chars */
+ if (strlen(macaddress) == 17) {
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -m mac --mac-source %s -i %s -j ACCEPT", macaddress, blue_dev);
+ safe_system(command);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -o ! %s -j ACCEPT", macaddress, blue_dev, green_dev);
+ safe_system(command);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -m mac --mac-source %s -i %s -j DMZHOLES", macaddress, blue_dev);
+ safe_system(command);
+ }
+
+ if (VALID_IP(ipaddress)) {
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSINPUT -s %s -i %s -j ACCEPT", ipaddress, blue_dev);
+ safe_system(command);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -o ! %s -j ACCEPT", ipaddress, blue_dev, green_dev);
+ safe_system(command);
+ snprintf(command, STRING_SIZE-1, "/sbin/iptables -A WIRELESSFORWARD -s %s -i %s -j DMZHOLES", ipaddress, blue_dev);
+ safe_system(command);
+ }
+ }
+ }
+ }
+
+ return 0;
+}
projects / people / teissler / ipfire-2.x.git / blobdiff