X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Finit.d%2Fnetwork;h=27686d1f3f831920cd094d7444a192d2906cdbd6;hp=6669b28a1c7e9a7ef84bd816ec7587c47ec136bc;hb=e7c5b9dabb9dbd724b04b01a627573727c6d23f2;hpb=97de2cae62f9d8bf61681561211fa8170d0808e2 diff --git a/src/initscripts/init.d/network b/src/initscripts/init.d/network index 6669b28a1..27686d1f3 100644 --- a/src/initscripts/init.d/network +++ b/src/initscripts/init.d/network @@ -4,9 +4,9 @@ # # Description : Network Control Script # -# Authors : Michael Tremer - m.s.tremer@googlemail.com +# Authors : Michael Tremer - mitch@ipfire.org # -# Version : 00.00 +# Version : 01.00 # # Notes : Written for IPFire by its team # @@ -15,342 +15,125 @@ . /etc/sysconfig/rc . ${rc_functions} eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) -eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings) -eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings) -eval $(/usr/local/bin/readhash /var/ipfire/vpn/settings) -# This is a small wrapper for dhcpcd.exe -if ( echo $0 | /bin/grep -q 'dhcpcd.exe' ); then - /etc/rc.d/init.d/network red update $1 $2 +init_networking() { + boot_mesg "Loading firewall modules into the kernel" + modprobe iptable_nat || failed=1 + for i in $(find /lib/modules/$(uname -r) -name nf_conntrack*); do + modprobe $(basename $i | cut -d. -f1) || failed=1 + done + for i in $(find /lib/modules/$(uname -r) -name nf_nat*); do + modprobe $(basename $i | cut -d. -f1) || failed=1 + done + (exit ${failed}) + evaluate_retval + + # Enable netfilter accounting + sysctl net.netfilter.nf_conntrack_acct=1 > /dev/null + + if [ -e /var/ipfire/main/disable_nf_sip ]; then + rmmod nf_nat_sip + rmmod nf_conntrack_sip + rmmod nf_nat_h323 + rmmod nf_conntrack_h323 + fi + + boot_mesg "Setting up firewall" + /etc/rc.d/init.d/firewall start; evaluate_retval + + /etc/rc.d/init.d/dnsmasq start + /etc/rc.d/init.d/static-routes start +} + +DO="${1}" +shift + +if [ -n "${1}" ]; then + ALL=0 + for i in green red blue orange; do + eval "${i}=0" + done +else + ALL=1 + for i in green red blue orange; do + eval "${i}=1" + done fi -case "${1}" in - start) - boot_mesg "Loading MASQ helper modules" - modprobe iptable_nat - modprobe ip_conntrack - modprobe ip_conntrack_ftp - modprobe ip_nat_ftp - modprobe ip_conntrack_h323 - modprobe ip_nat_h323 - modprobe ip_conntrack_irc - modprobe ip_nat_irc - modprobe ip_conntrack_mms - modprobe ip_nat_mms - modprobe ip_conntrack_pptp - modprobe ip_nat_pptp - modprobe ip_conntrack_sip - modprobe ip_nat_sip - - # Remove possible leftover files - rm -f CONFIG_ROOT/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf} +while [ ! $# = 0 ]; do + for i in green red blue orange; do + if [ "${i}" == "${1}" ]; then + eval "${i}=1" + shift + fi + done +done - # The 'for' loop force driver loading order - for NIC in 0 1 2 3; do - ETHX="eth${NIC}" - if [ "$GREEN_DEV" == "$ETHX" ]; then - if [ "$GREEN_DRIVER" != "" ]; then - modprobe $GREEN_DRIVER $GREEN_DRIVER_OPTIONS - evaluate_retval - fi - fi - if [ "$ORANGE_DEV" == "$ETHX" ]; then - if [ "$ORANGE_DRIVER" != "" ]; then - modprobe $ORANGE_DRIVER $ORANGE_DRIVER_OPTIONS - evaluate_retval - fi - fi - if [ "$BLUE_DEV" == "$ETHX" ]; then - if [ "$BLUE_DRIVER" != "" ]; then - modprobe $BLUE_DRIVER $BLUE_DRIVER_OPTIONS - evaluate_retval +case "${DO}" in + start) + [ "${ALL}" == "1" ] && init_networking + + # Starting interfaces... + # GREEN + [ "$green" == "1" ] && /etc/rc.d/init.d/networking/green start + + # BLUE + [ "$blue" == "1" ] && [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ] && \ + /etc/rc.d/init.d/networking/blue start + + # ORANGE + [ "$orange" == "1" ] && [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ] && \ + /etc/rc.d/init.d/networking/orange start + + # RED + if [ "$red" == "1" ]; then + if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then + # Remove possible leftover files + rm -f /var/ipfire/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf} + [ "$AUTOCONNECT" == "off" ] || /etc/rc.d/init.d/networking/red start fi - fi - if [ "$RED_DEV" == "$ETHX" ]; then - if [ "$RED_DRIVER" != "" ]; then - modprobe $RED_DRIVER $RED_DRIVER_OPTIONS - evaluate_retval - fi - fi - done - - boot_mesg "Setting up IPFire firewall rules" - /etc/rc.d/init.d/firewall start; evaluate_retval - - boot_mesg "Setting up IP Accounting" - /etc/rc.d/helper/writeipac.pl - /usr/sbin/fetchipac -S; evaluate_retval - - boot_mesg "Setting IPFire DMZ pinholes" - /usr/local/bin/setdmzholes; evaluate_retval + fi + ;; - if [ "$BLUE_DEV" != "" ]; then - boot_mesg "Setting up wireless firewall rules" - /usr/local/bin/restartwireless; evaluate_retval + stop) + # Stopping interfaces... + # GREEN + [ "$green" == "1" ] && /etc/rc.d/init.d/networking/green stop + + # BLUE + [ "$blue" == "1" ] && [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ] && \ + /etc/rc.d/init.d/networking/blue stop + + # ORANGE + [ "$orange" == "1" ] && [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ] && \ + /etc/rc.d/init.d/networking/orange stop + + # RED + if [ "$red" == "1" ]; then + if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then + /etc/rc.d/init.d/networking/red stop + fi fi - # Bringing interfaces up... - $0 green up - $0 orange up - $0 blue up - $0 red up + # Stopping dnsmasq if network all networks shutdown + [ "${ALL}" == "1" ] && /etc/rc.d/init.d/dnsmasq stop - ;; - - stop) - # Stopping all interfaces... - $0 red down - $0 blue down - $0 orange down - $0 green down + exit 0 ;; restart) - ${0} stop + for i in green red blue orange; do + if [ "${!i}" == "1" ]; then + ARGS+=" ${i}" + fi + done + ${0} stop ${ARGS} sleep 1 - ${0} start - ;; - - # - # Every interface has its own context to start/stop/restart. - # - green) - case "${2}" in - up) - boot_mesg "Bringing green network up..." - if [ "$GREEN_DEV" != "" ]; then - ifconfig $GREEN_DEV $GREEN_ADDRESS netmask $GREEN_NETMASK broadcast $GREEN_BROADCAST up - evaluate_retval - else - echo "WARNING: No driver set for GREEN" - fi - ;; - down) - boot_mesg "Bringing green network down..." - ifconfig $GREEN_DEV down 2> /dev/null; evaluate_retval - ;; - esac - ;; - - orange) - case "${2}" in - up) - if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "7" ]; then - if [ "$ORANGE_DEV" != "" ]; then - boot_mesg "Bringing orange network up..." - ifconfig $ORANGE_DEV $ORANGE_ADDRESS netmask $ORANGE_NETMASK broadcast $ORANGE_BROADCAST up - evaluate_retval - fi - fi - ;; - down) - if [ "$ORANGE_DEV" != "" ]; then - boot_mesg "Bringing orange network down..." - ifconfig $ORANGE_DEV down 2> /dev/null; evaluate_retval - fi - ;; - esac - ;; - - blue) - case "${2}" in - up) - if [ "$CONFIG_TYPE" = "4" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then - if [ "$BLUE_DEV" != "" ]; then - boot_mesg "Bringing blue network up..." - ifconfig $BLUE_DEV $BLUE_ADDRESS netmask $BLUE_NETMASK broadcast $BLUE_BROADCAST up - evaluate_retval - fi - fi - ;; - down) - if [ "$BLUE_DEV" != "" ]; then - boot_mesg "Bringing blue network down..." - ifconfig $BLUE_DEV down 2> /dev/null; evaluate_retval - fi - ;; - esac - ;; - - red) - case "${2}" in - up) - boot_mesg "Bringing red network up..." - # If RED is ethernet then check furthur... - if [ "$CONFIG_TYPE" == "2" -o "$CONFIG_TYPE" == "3" -o "$CONFIG_TYPE" == "6" -o "$CONFIG_TYPE" == "7" ]; then - # If we are DHCP or STATIC we have to start automatically - if [ "$RED_TYPE" == "DHCP" -o "$RED_TYPE" == "STATIC" ]; then - AUTOCONNECT="on" - fi - fi - - # Start DNSMASQ with defaults - if [ "$DOMAIN_NAME_GREEN" == "" ]; then - /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases - else - /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases -s "$DOMAIN_NAME_GREEN" - fi - - # Only when AUTOCONNECT is on - if [ "$AUTOCONNECT" == "on" ]; then - /etc/rc.d/init.d/red start; evaluate_retval - fi - ;; - down) - boot_mesg "Bringing red network down..." - /etc/rc.d/init.d/red stop - sleep 3 - /etc/rc.d/init.d/red clear; evaluate_retval - ;; - update) - if [ ! -e /var/lock/rc.updatered.lock ]; then - /usr/bin/touch /var/lock/rc.updatered.lock - /usr/bin/logger -s -p local0.info -t rc.updatered "$0 locking for $$" - else - count=0 - while [ ! $count = 5 ]; do - sleep 3 - if [ ! -e /var/lock/rc.updatered.lock ]; then - break - else - /usr/bin/logger -s -p local0.info -t rc.updatered "$0 $$ waiting unlock" - fi - ((++count)) - done - fi - - IFACE=`/bin/cat /var/ipfire/red/iface 2>/dev/null | /usr/bin/tr -d '\012'` - REMOTE=`/bin/cat /var/ipfire/red/remote-ipaddress 2>/dev/null | /usr/bin/tr -d '\012'` - - ### - ### Retrieve DHCP Settings - ### - if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then - if [ "$RED_TYPE" = "DHCP" ]; then - unset DNS1 DNS2 - eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) - if [ "$DNS1" = "" ]; then - echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > /var/ipfire/red/dns1 - echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > /var/ipfire/red/dns2 - else - echo "$DNS1" > /var/ipfire/red/dns1 - echo "$DNS2" > /var/ipfire/red/dns2 - fi - . /var/ipfire/dhcpc/dhcpcd-${RED_DEV}.info - echo "$IPADDR" > /var/ipfire/red/local-ipaddress - echo "$GATEWAY" > /var/ipfire/red/remote-ipaddress - fi - else - if [ "$PROTOCOL" = "RFC1483" -a "$METHOD" = "DHCP" ]; then - unset DNS1 DNS2 - eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings) - if [ "$DNS" = "Automatic" ]; then - echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > /var/ipfire/red/dns1 - echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > /var/ipfire/red/dns2 - else - echo "$DNS1" > /var/ipfire/red/dns1 - echo "$DNS2" > /var/ipfire/red/dns2 - fi - . /var/ipfire/dhcpc/dhcpcd-${IFACE}.info - echo $IPADDR > /var/ipfire/red/local-ipaddress - echo $GATEWAY > /var/ipfire/red/remote-ipaddress - fi - fi - - ### - ### Retrieve DNS settings - ### - DNS1=`/bin/cat /var/ipfire/red/dns1 2>/dev/null | /usr/bin/tr -d '\012'` - DNS2=`/bin/cat /var/ipfire/red/dns2 2>/dev/null | /usr/bin/tr -d '\012'` - echo > /var/ipfire/red/resolv.conf #clear it - [ "$DNS1" != "" ] && echo "nameserver $DNS1" > /var/ipfire/red/resolv.conf - [ "$DNS2" != "" ] && echo "nameserver $DNS2" >> /var/ipfire/red/resolv.conf - - - ### - ### Restart DNSMASQ - ### - /bin/killall -KILL dnsmasq 2> /dev/null - sleep 1 - - DOMopt="" - [ "$DOMAIN_NAME_GREEN" ] && DOMopt="-s $DOMAIN_NAME_GREEN" - if [ -e "/var/ipfire/red/dial-on-demand" -a "$DIALONDEMANDDNS" == "on" -a ! -e "/var/ipfire/red/active" ]; then - /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipfire/ppp/fake-resolv.conf - else - /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipfire/red/resolv.conf - fi - unset DOMopt - - # Reset default route to ippp0 for dial on demand - if [ -e "/var/ipfire/red/dial-on-demand" -a "$TYPE" == "isdn" -a ! -e "/var/ipfire/red/active" ]; then - /sbin/route del default 2> /dev/null - if [ ! -z "$REMOTE" ]; then - /sbin/route add default gw $REMOTE 2> /dev/null - else - /sbin/route add default dev ippp0 2> /dev/null - fi - fi - - if [ "$3" ]; then - eval $(/usr/local/bin/readhash "$3") - case "$4" in - up) - /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with old IP=${IPADDR}" - if [ "$RED_TYPE" != 'PPTP' ]; then - /usr/bin/touch /var/ipfire/red/active - fi - ;; - new) - /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with new IP=${IPADDR}" - if [ -e "/var/ipfire/red/active" ]; then - /usr/local/bin/setfilters - /usr/local/bin/setportfw - /usr/local/bin/setxtaccess - /usr/local/bin/setddns.pl -f - /usr/local/bin/restartsnort red - sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S & - /bin/rm -f /var/lock/rc.updatered.lock - /usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$" - exit 0 - else - if [ "$RED_TYPE" != 'PPTP' ]; then - /usr/bin/touch /var/ipfire/red/active - fi - fi - ;; - down) - /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been brought down" - rm -f /var/ipfire/red/active - ;; - esac - fi - - if [ -e "/var/ipfire/red/active" ]; then - [ "$IFACE" != "" ] && /sbin/ifconfig $IFACE -multicast - /etc/rc.d/init.d/firewall reload - /usr/local/bin/setfilters - /usr/local/bin/restartsnort red - /usr/local/bin/qosctrl restart - /usr/local/bin/setportfw - /usr/local/bin/setxtaccess - /usr/local/bin/setddns.pl -f - /etc/rc.d/helper/writeipac.pl - /usr/sbin/fetchipac -S - sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S & - else - /usr/local/bin/ipsecctrl D - /etc/rc.d/init.d/firewall reload - fi - /bin/rm -f /var/lock/rc.updatered.lock - /usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$" - ;; - esac + ${0} start ${ARGS} ;; *) - echo "Usage: ${0} {start|stop|restart}" - echo " or: ${0} {green|orange|blue|red} {up|down}" + echo "Usage: ${0} {start|stop|restart} [device(s)]" exit 1 ;; esac