IPTables in Kernel aktiviert.

Netzwork-Script Phase 1 git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@359 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
2026-04-09 18:45:54 +02:00 · 2006-12-08 16:27:26 +00:00
parent 65998e0a05
commit 3fd5feeb3e
4 changed files with 253 additions and 4 deletions
--- a/config/kernel/kernel.config.i586
+++ b/config/kernel/kernel.config.i586
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Linux kernel version: 2.6.16
-# Tue Nov 28 17:01:09 2006
+# Tue Nov 28 19:31:51 2006
 #
 CONFIG_X86_32=y
 CONFIG_SEMAPHORE_SLEEPERS=y
@@ -378,7 +378,29 @@ CONFIG_BRIDGE_NETFILTER=y
 CONFIG_NETFILTER_NETLINK=m
 CONFIG_NETFILTER_NETLINK_QUEUE=m
 CONFIG_NETFILTER_NETLINK_LOG=m
-# CONFIG_NETFILTER_XTABLES is not set
+CONFIG_NETFILTER_XTABLES=m
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
+# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
+CONFIG_NETFILTER_XT_TARGET_MARK=m
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
+# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
+CONFIG_NETFILTER_XT_MATCH_COMMENT=m
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
+CONFIG_NETFILTER_XT_MATCH_DCCP=m
+CONFIG_NETFILTER_XT_MATCH_HELPER=m
+CONFIG_NETFILTER_XT_MATCH_LENGTH=m
+CONFIG_NETFILTER_XT_MATCH_LIMIT=m
+CONFIG_NETFILTER_XT_MATCH_MAC=m
+CONFIG_NETFILTER_XT_MATCH_MARK=m
+CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
+CONFIG_NETFILTER_XT_MATCH_REALM=m
+CONFIG_NETFILTER_XT_MATCH_SCTP=m
+CONFIG_NETFILTER_XT_MATCH_STATE=m
+CONFIG_NETFILTER_XT_MATCH_STRING=m
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=m

 #
 # IP: Netfilter Configuration
@@ -396,6 +418,46 @@ CONFIG_IP_NF_IRC=m
 # CONFIG_IP_NF_AMANDA is not set
 CONFIG_IP_NF_PPTP=m
 CONFIG_IP_NF_QUEUE=m
+CONFIG_IP_NF_IPTABLES=m
+CONFIG_IP_NF_MATCH_IPRANGE=m
+CONFIG_IP_NF_MATCH_LAYER7=m
+# CONFIG_IP_NF_MATCH_LAYER7_DEBUG is not set
+CONFIG_IP_NF_MATCH_MULTIPORT=m
+CONFIG_IP_NF_MATCH_TOS=m
+CONFIG_IP_NF_MATCH_RECENT=m
+CONFIG_IP_NF_MATCH_ECN=m
+CONFIG_IP_NF_MATCH_DSCP=m
+CONFIG_IP_NF_MATCH_AH_ESP=m
+CONFIG_IP_NF_MATCH_TTL=m
+CONFIG_IP_NF_MATCH_OWNER=m
+CONFIG_IP_NF_MATCH_ADDRTYPE=m
+CONFIG_IP_NF_MATCH_HASHLIMIT=m
+CONFIG_IP_NF_MATCH_POLICY=m
+CONFIG_IP_NF_FILTER=m
+CONFIG_IP_NF_TARGET_REJECT=m
+CONFIG_IP_NF_TARGET_LOG=m
+CONFIG_IP_NF_TARGET_ULOG=m
+CONFIG_IP_NF_TARGET_TCPMSS=m
+CONFIG_IP_NF_NAT=m
+CONFIG_IP_NF_NAT_NEEDED=y
+CONFIG_IP_NF_TARGET_MASQUERADE=m
+CONFIG_IP_NF_TARGET_REDIRECT=m
+CONFIG_IP_NF_TARGET_NETMAP=m
+CONFIG_IP_NF_TARGET_SAME=m
+CONFIG_IP_NF_NAT_SNMP_BASIC=m
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
+CONFIG_IP_NF_NAT_PPTP=m
+CONFIG_IP_NF_MANGLE=m
+CONFIG_IP_NF_TARGET_TOS=m
+CONFIG_IP_NF_TARGET_ECN=m
+CONFIG_IP_NF_TARGET_DSCP=m
+CONFIG_IP_NF_TARGET_TTL=m
+CONFIG_IP_NF_TARGET_CLUSTERIP=m
+CONFIG_IP_NF_RAW=m
+CONFIG_IP_NF_ARPTABLES=m
+CONFIG_IP_NF_ARPFILTER=m
+CONFIG_IP_NF_ARP_MANGLE=m

 #
 # Bridge: Netfilter Configuration
--- a/config/kernel/kernel.config.i586.smp
+++ b/config/kernel/kernel.config.i586.smp
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Linux kernel version: 2.6.16
-# Tue Nov 28 17:01:34 2006
+# Tue Nov 28 19:33:09 2006
 #
 CONFIG_X86_32=y
 CONFIG_SEMAPHORE_SLEEPERS=y
@@ -384,7 +384,29 @@ CONFIG_BRIDGE_NETFILTER=y
 CONFIG_NETFILTER_NETLINK=m
 CONFIG_NETFILTER_NETLINK_QUEUE=m
 CONFIG_NETFILTER_NETLINK_LOG=m
-# CONFIG_NETFILTER_XTABLES is not set
+CONFIG_NETFILTER_XTABLES=m
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
+# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
+CONFIG_NETFILTER_XT_TARGET_MARK=m
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
+# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
+CONFIG_NETFILTER_XT_MATCH_COMMENT=m
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
+CONFIG_NETFILTER_XT_MATCH_DCCP=m
+CONFIG_NETFILTER_XT_MATCH_HELPER=m
+CONFIG_NETFILTER_XT_MATCH_LENGTH=m
+CONFIG_NETFILTER_XT_MATCH_LIMIT=m
+CONFIG_NETFILTER_XT_MATCH_MAC=m
+CONFIG_NETFILTER_XT_MATCH_MARK=m
+CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
+CONFIG_NETFILTER_XT_MATCH_REALM=m
+CONFIG_NETFILTER_XT_MATCH_SCTP=m
+CONFIG_NETFILTER_XT_MATCH_STATE=m
+CONFIG_NETFILTER_XT_MATCH_STRING=m
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=m

 #
 # IP: Netfilter Configuration
@@ -402,6 +424,46 @@ CONFIG_IP_NF_IRC=m
 # CONFIG_IP_NF_AMANDA is not set
 CONFIG_IP_NF_PPTP=m
 CONFIG_IP_NF_QUEUE=m
+CONFIG_IP_NF_IPTABLES=m
+CONFIG_IP_NF_MATCH_IPRANGE=m
+CONFIG_IP_NF_MATCH_LAYER7=m
+# CONFIG_IP_NF_MATCH_LAYER7_DEBUG is not set
+CONFIG_IP_NF_MATCH_MULTIPORT=m
+CONFIG_IP_NF_MATCH_TOS=m
+CONFIG_IP_NF_MATCH_RECENT=m
+CONFIG_IP_NF_MATCH_ECN=m
+CONFIG_IP_NF_MATCH_DSCP=m
+CONFIG_IP_NF_MATCH_AH_ESP=m
+CONFIG_IP_NF_MATCH_TTL=m
+CONFIG_IP_NF_MATCH_OWNER=m
+CONFIG_IP_NF_MATCH_ADDRTYPE=m
+CONFIG_IP_NF_MATCH_HASHLIMIT=m
+CONFIG_IP_NF_MATCH_POLICY=m
+CONFIG_IP_NF_FILTER=m
+CONFIG_IP_NF_TARGET_REJECT=m
+CONFIG_IP_NF_TARGET_LOG=m
+CONFIG_IP_NF_TARGET_ULOG=m
+CONFIG_IP_NF_TARGET_TCPMSS=m
+CONFIG_IP_NF_NAT=m
+CONFIG_IP_NF_NAT_NEEDED=y
+CONFIG_IP_NF_TARGET_MASQUERADE=m
+CONFIG_IP_NF_TARGET_REDIRECT=m
+CONFIG_IP_NF_TARGET_NETMAP=m
+CONFIG_IP_NF_TARGET_SAME=m
+CONFIG_IP_NF_NAT_SNMP_BASIC=m
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
+CONFIG_IP_NF_NAT_PPTP=m
+CONFIG_IP_NF_MANGLE=m
+CONFIG_IP_NF_TARGET_TOS=m
+CONFIG_IP_NF_TARGET_ECN=m
+CONFIG_IP_NF_TARGET_DSCP=m
+CONFIG_IP_NF_TARGET_TTL=m
+CONFIG_IP_NF_TARGET_CLUSTERIP=m
+CONFIG_IP_NF_RAW=m
+CONFIG_IP_NF_ARPTABLES=m
+CONFIG_IP_NF_ARPFILTER=m
+CONFIG_IP_NF_ARP_MANGLE=m

 #
 # Bridge: Netfilter Configuration
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -88,6 +88,9 @@ $(TARGET) :
 	ln -sf ../init.d/fcron       /etc/rc.d/rc0.d/K08fcron
 	ln -sf ../init.d/fcron       /etc/rc.d/rc3.d/S40fcron
 	ln -sf ../init.d/fcron       /etc/rc.d/rc6.d/K08fcron
+	ln -sf ../init.d/network     /etc/rc.d/rc0.d/K80network
+	ln -sf ../init.d/network     /etc/rc.d/rc3.d/S20network
+	ln -sf ../init.d/network     /etc/rc.d/rc6.d/K80network

 	ln -sf ../init.d/mountkernfs /etc/rc.d/rcsysinit.d/S00mountkernfs
 	ln -sf ../init.d/modules     /etc/rc.d/rcsysinit.d/S05modules
--- a/src/initscripts/init.d/network
+++ b/src/initscripts/init.d/network
@@ -0,0 +1,122 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/network
+#
+# Description : Network Control Script
+#
+# Authors     : Michael Tremer - m.s.tremer@googlemail.com
+#
+# Version     : 00.00
+#
+# Notes       : Written for IPFire by its team
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+. /var/ipfire/ethernet/settings
+
+case "${1}" in
+	start)
+		boot_mesg "Loading MASQ helper modules"
+		modprobe iptable_nat
+		modprobe ip_conntrack
+		modprobe ip_conntrack_ftp
+		modprobe ip_nat_ftp
+		modprobe ip_conntrack_h323
+		modprobe ip_nat_h323
+		modprobe ip_conntrack_irc
+		modprobe ip_nat_irc
+		modprobe ip_conntrack_mms
+		modprobe ip_nat_mms
+		modprobe ip_conntrack_pptp
+		modprobe ip_nat_pptp
+		modprobe ip_conntrack_proto_gre
+		modprobe ip_nat_proto_gre
+		modprobe ip_conntrack_quake3
+		modprobe ip_nat_quake3
+
+		# Remove possible leftover files
+		rm -f CONFIG_ROOT/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
+
+		# This won't actually do anything unless a PCMCIA controller was
+		# detected at install time, because /etc/pcmcia.conf won't exist.
+		/etc/rc.d/rc.pcmcia start
+		# Now, just in case we found a PCMCIA USB controller, we'll need to reload
+		# the USB here.
+		/usr/local/bin/resetusb
+
+		# The 'for' loop force driver loading order
+		for NIC in 0 1 2 3; do
+		    ETHX="eth${NIC}"
+		    if [ "$GREEN_DEV" == "$ETHX" ]; then
+			if [ "$GREEN_DRIVER" != "" ]; then
+			    modprobe $GREEN_DRIVER $GREEN_DRIVER_OPTIONS
+			    evaluate_retval
+		       fi
+		    fi
+		    if [ "$ORANGE_DEV" == "$ETHX" ]; then
+		        if [ "$ORANGE_DRIVER" != "" ]; then
+			    modprobe $ORANGE_DRIVER $ORANGE_DRIVER_OPTIONS
+			    evaluate_retval
+			fi
+		    fi
+		    if [ "$BLUE_DEV" == "$ETHX" ]; then
+			if [ "$BLUE_DRIVER" != "" ]; then
+			    modprobe $BLUE_DRIVER $BLUE_DRIVER_OPTIONS
+			    evaluate_retval
+			fi
+		    fi
+		    if [ "$RED_DEV" == "$ETHX" ]; then
+			if [ "$RED_DRIVER" != "" ]; then
+			    modprobe $RED_DRIVER $RED_DRIVER_OPTIONS
+			    evaluate_retval
+		    	fi
+		    fi
+		done
+
+		if [ -d /proc/bus/pccard ]; then
+			boot_mesg "Initializing PCMCIA cardbus modems"
+			modprobe serial_cb
+			evaluate_retval
+		fi
+
+		boot_mesg "Setting up IPFire firewall rules"
+		/etc/rc.d/rc.firewall start
+		evaluate_retval
+		boot_mesg "Setting up IP Accounting"
+		/etc/rc.d/helper/writeipac.pl
+		/usr/sbin/fetchipac -S
+		evaluate_retval
+		boot_mesg "Setting IPFire DMZ pinholes"
+		/usr/local/bin/setdmzholes
+		evaluate_retval
+
+		if [ "$BLUE_DEV" != "" ]; then
+			boot_mesg "Setting up wireless firewall rules"
+			/usr/local/bin/restartwireless
+			evaluate_retval
+		fi
+
+		boot_mesg "Bringing network up..."
+		. /etc/rc.d/rc.netaddress.up
+
+		;;
+
+	stop)
+
+		;;
+
+	restart)
+		${0} stop
+		sleep 1
+		${0} start
+		;;
+
+	*)
+		echo "Usage: ${0} {start|stop|restart}"
+		exit 1
+		;;
+esac
+
+# End /etc/rc.d/init.d/network