. $rc_functions
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+function flush_chains() {
+ iptables -F DHCPGREENINPUT
+ iptables -F DHCPGREENOUTPUT
+ iptables -F DHCPBLUEINPUT
+ iptables -F DHCPBLUEOUTPUT
+}
+
case "$1" in
start)
- iptables -F DHCPBLUEINPUT
+ flush_chains
+
if [ -e /var/ipfire/dhcp/enable_green ]; then
devices="${GREEN_DEV}"
+
+ iptables -A DHCPGREENINPUT -i "${GREEN_DEV}" -j DHCPINPUT
+ iptables -A DHCPGREENOUTPUT -o "${GREEN_DEV}" -j DHCPOUTPUT
fi
if [ -e /var/ipfire/dhcp/enable_blue ]; then
devices+=" ${BLUE_DEV}"
-
- iptables -A DHCPBLUEINPUT -p tcp --source-port 68 --destination-port 67 -i ${BLUE_DEV} -j ACCEPT > /dev/null 2>&1
- iptables -A DHCPBLUEINPUT -p udp --source-port 68 --destination-port 67 -i ${BLUE_DEV} -j ACCEPT > /dev/null 2>&1
- fi
-
+
+ iptables -A DHCPBLUEINPUT -i "${BLUE_DEV}" -j DHCPINPUT
+ iptables -A DHCPBLUEOUTPUT -o "${BLUE_DEV}" -j DHCPOUTPUT
+ fi
+
boot_mesg "Starting DHCP Server..."
loadproc /usr/sbin/dhcpd -q ${devices}
;;
stop)
+ flush_chains
+
boot_mesg "Stopping DHCP Server..."
killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd
if [ "$(ps -A | grep " dhcpd")" != "" ] ; then
iptables -A ${i} -j CONNTRACK
done
+ # Allow DHCP
+ iptables -N DHCPINPUT
+ iptables -A DHCPINPUT -p udp --sport 68 --dport 67 -j ACCEPT
+ iptables -A DHCPINPUT -p tcp --sport 68 --dport 67 -j ACCEPT
+
+ iptables -N DHCPOUTPUT
+ iptables -A DHCPOUTPUT -p udp --sport 67 --dport 68 -j ACCEPT
+ iptables -A DHCPOUTPUT -p tcp --sport 67 --dport 68 -j ACCEPT
+
+ # Allow DHCP on GREEN
+ iptables -N DHCPGREENINPUT
+ iptables -N DHCPGREENOUTPUT
+ if [ -n "${GREEN_DEV}" ]; then
+ iptables -A INPUT -i "${GREEN_DEV}" -j DHCPGREENINPUT
+ iptables -A OUTPUT -o "${GREEN_DEV}" -j DHCPGREENOUTPUT
+ fi
+
+ # allow DHCP on BLUE to be turned on/off
+ iptables -N DHCPBLUEINPUT
+ iptables -N DHCPBLUEOUTPUT
+ if [ -n "${BLUE_DEV}" ]; then
+ iptables -A INPUT -i "${BLUE_DEV}" -j DHCPBLUEINPUT
+ iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT
+ fi
+
# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
iptables -N IPSECINPUT
iptables -N IPSECFORWARD
# localhost and ethernet.
iptables -A INPUT -i $GREEN_DEV -m conntrack --ctstate NEW -j ACCEPT ! -p icmp
-
- # allow DHCP on BLUE to be turned on/off
- iptables -N DHCPBLUEINPUT
- iptables -A INPUT -j DHCPBLUEINPUT
-
+
# WIRELESS chains
iptables -N WIRELESSINPUT
iptables -A INPUT -m conntrack --ctstate NEW -j WIRELESSINPUT