webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Hab mal alles ein wenig bereinigt, da wir die alten Sachen nichtmehr brauchen...

Browse Source 
connections.cgi hab ich gefixt - Die geht jetzt wieder praechtig!
Und irgendwer (wohl mal wieder ich) hat in der lfs/iptables rumgewuetet :D Sowas aber auch... Tztz


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@426 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
This commit is contained in:
ms
2007-02-22 18:42:58 +00:00
parent a18a1013a4
commit c545beb14f
71 changed files with 97 additions and 33229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
config/cfgroot/general-functions.pl
View File

@@ -17,20 +17,27 @@ package General;
use strict;
use Socket;
use IO::Socket;
use Net::SSLeay;
$|=1; # line buffering
$General::version = 'VERSION';
$General::swroot = 'CONFIG_ROOT';
$General::noipprefix = 'noipg-';
$General::adminmanualurl = 'http://users.ipfire.eu';
$General::adminmanualurl = 'http://wiki.ipfire.org';
#
# log ("message") use default 'ipcop' tag
# log ("tag","message") use your tag
#
sub log
{
my $tag='ipfire';
$tag = shift if (@_>1);
my $logmessage = $_[0];
$logmessage =~ /([\w\W]*)/;
$logmessage = $1;
system('/usr/bin/logger', '-t', 'ipfire', $logmessage);
system('/usr/bin/logger', '-t', $tag, $logmessage);
}
sub readhash
@@ -332,6 +339,18 @@ sub IpInSubnet
return (($ip >= $start) && ($ip <= $end));
}
#
# Return the following IP (IP+1) in dotted notation.
# Call: NextIP ('1.1.1.1');
# Return: '1.1.1.2'
#
sub NextIP
{
return &Socket::inet_ntoa( pack("N", 1 + unpack('N', &Socket::inet_aton(shift))
)
);
}
sub validemail {
my $mail = shift;
return 0 if ( $mail !~ /^[0-9a-zA-Z\.\-\_]+\@[0-9a-zA-Z\.\-]+$/ );
@@ -344,6 +363,11 @@ sub validemail {
return 1;
}
#
# Currently only vpnmain use this three procs (readhasharray, writehasharray, findhasharray)
# The 'key' used is numeric but is perfectly unneeded! This will to be removed so don't use
# this code. Vpnmain will be splitted in parts: x509/pki, connection ipsec, connection other,... .
#
sub readhasharray {
my ($filename, $hash) = @_;
%$hash = ();
@@ -354,7 +378,7 @@ sub readhasharray {
my ($key, $rest, @temp);
chomp;
($key, $rest) = split (/,/, $_, 2);
if ($key =~ /^[0-9]+$/ && $rest) {
if ($key =~ /^[0-9]+$/) {
@temp = split (/,/, $rest);
$hash->{$key} = \@temp;
}
@@ -370,13 +394,13 @@ sub writehasharray {
open(FILE, ">$filename") or die "Unable to write to file $filename";
foreach $key (keys %$hash) {
if ( $hash->{$key} ) {
if ($key =~ /^[0-9]+$/) {
print FILE "$key";
foreach $i (0 .. $#{$hash->{$key}}) {
print FILE ",$hash->{$key}[$i]";
}
print FILE "\n";
}
print FILE "\n";
}
close FILE;
return;
@@ -551,4 +575,54 @@ sub GetDyndnsRedIP {
}
return $ip;
}
# Translate ICMP code to text
# ref: http://www.iana.org/assignments/icmp-parameters
sub GetIcmpDescription ($) {
my $index = shift;
my @icmp_description = (
'Echo Reply', #0
'Unassigned',
'Unassigned',
'Destination Unreachable',
'Source Quench',
'Redirect',
'Alternate Host Address',
'Unassigned',
'Echo',
'Router Advertisement',
'Router Solicitation', #10
'Time Exceeded',
'Parameter Problem',
'Timestamp',
'Timestamp Reply',
'Information Request',
'Information Reply',
'Address Mask Request',
'Address Mask Reply',
'Reserved (for Security)',
'Reserved (for Robustness Experiment)', #20
'Reserved',
'Reserved',
'Reserved',
'Reserved',
'Reserved',
'Reserved',
'Reserved',
'Reserved',
'Reserved',
'Traceroute', #30
'Datagram Conversion Error',
'Mobile Host Redirect',
'IPv6 Where-Are-You',
'IPv6 I-Am-Here',
'Mobile Registration Request',
'Mobile Registration Reply',
'Domain Name Request',
'Domain Name Reply',
'SKIP',
'Photur', #40
'Experimental');
if ($index>41) {return 'unknown'} else {return @icmp_description[$index]};
}
1;

14
lfs/iptables
View File

@@ -39,19 +39,19 @@ TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
objects = $(DL_FILE) \
iptables-1.3.0-imq1.diff \
netfilter-layer7-v2.1.tar.gz \
netfilter-layer7-v2.6.tar.gz \
libnfnetlink-0.0.25.tar.bz2 \
libnetfilter_queue-0.0.13.tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
iptables-1.3.0-imq1.diff = http://www.linuximq.net/patchs/iptables-1.3.0-imq1.diff
netfilter-layer7-v2.1.tar.gz = http://mesh.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.1.tar.gz
iptables-1.3.0-imq1.diff = $(URL_IPFIRE)/iptables-1.3.0-imq1.diff
netfilter-layer7-v2.6.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.6.tar.gz
libnfnetlink-0.0.25.tar.bz2 = $(URL_IPFIRE)/libnfnetlink-0.0.25.tar.bz2
libnetfilter_queue-0.0.13.tar.bz2 = $(URL_IPFIRE)/libnetfilter_queue-0.0.13.tar.bz2
$(DL_FILE)_MD5 = 00fb916fa8040ca992a5ace56d905ea5
iptables-1.3.0-imq1.diff_MD5 = 9adae8be9562775a176fc1b275b3cb29
netfilter-layer7-v2.1.tar.gz_MD5 = 551626a158c2a2cbfd937d27ecc7fac1
netfilter-layer7-v2.6.tar.gz_MD5 = 58135cd1aafaf4ae2fa478159206f064
libnfnetlink-0.0.25.tar.bz2_MD5 = fc915a2e66d282e524af6ef939042d7d
libnetfilter_queue-0.0.13.tar.bz2_MD5 = 660cbfd3dc8c10bf9b1803cd2b688256
@@ -83,10 +83,10 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
# iptables-fixed.tar.gz is made in the linux kernel build process
@rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7-v2.1 $(DIR_SRC)/libnetfilter_queue-0.0.13
@rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7-v2.6 $(DIR_SRC)/libnetfilter_queue-0.0.13
@cd $(DIR_SRC) && tar zxf $(DIR_DL)/iptables-fixed.tar.gz
@cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.1.tar.gz
@cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.6.tar.gz
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/netfilter-layer7-v2.6/iptables-layer7-2.6.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_DL)/iptables-1.3.0-imq1.diff
@@ -107,5 +107,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make
cd $(DIR_SRC)/libnetfilter_queue-0.0.13 && make install
@rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7-v2.1 $(DIR_SRC)/libnetfilter_queue-0.0.13
@rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-0.0.25 $(DIR_SRC)/netfilter-layer7-v2.6 $(DIR_SRC)/libnetfilter_queue-0.0.13
@$(POSTBUILD)

7
lfs/pakfire
View File

@@ -50,13 +50,10 @@ md5 :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && cp -fRv src/pakfire $(DIR_APP)
@rm -rf $(DIR_APP)
cd $(DIR_SRC) && cp -fRv src/pakfire $(DIR_APP)
cd $(DIR_APP) && mv -vf pakfire.conf /etc
cd $(DIR_APP) && chown root.root $(DIR_APP) -R && chmod 755 pakfire lib/*
cd /opt && mkdir -p /opt/confire/paks
cd /opt/confire && cp -fRv $(DIR_SRC)/src/confire/* .
cd /opt/confire && chown root.root /opt/confire -R && chmod 755 confire /opt/confire/paks -R
-cd $(DIR_APP) && find $(DIR_APP) -name .svn -exec rm -rf {} \;
-cd $(DIR_APP) && find /opt/confire -name .svn -exec rm -rf {} \;
@$(POSTBUILD)

4
make.sh
View File

@@ -33,7 +33,7 @@ KVER=`grep --max-count=1 VER lfs/linux | awk '{ print $3 }'`
MACHINE=`uname -m`
SVN_REVISION=`svn info | grep Revision | cut -c 11-`
IPFVER="full devel" # Which versions should be compiled? (full|light|voice|devel)
IPFVER="full" # Which versions should be compiled? (full|light|voice|devel)
# Set an information about the build number
if [ -e ./.svn ]; then
@@ -345,6 +345,7 @@ buildipfire() {
# ipfiremake promise-sata-300-tx
ipfiremake zaptel
ipfiremake fuse
ipfiremake pkg-config
ipfiremake expat
ipfiremake gdbm
ipfiremake gmp
@@ -461,7 +462,6 @@ buildipfire() {
ipfiremake spandsp
ipfiremake lzo
ipfiremake openvpn
ipfiremake pkg-config
ipfiremake glib
ipfiremake pammysql
ipfiremake xinetd

29757
src/ROOTFILES.i586
View File

File diff suppressed because it is too large Load Diff

6
src/boot.d/01-unmountinitrd
View File

@@ -1,6 +0,0 @@
#!/bin/sh
# Unmount the initrd, if necessary
if grep -q /initrd /proc/mounts && ! grep -q /initrd/loopfs /proc/mounts ; then
umount /initrd >/dev/null 2>&1
blockdev --flushbufs /dev/ram0 >/dev/null 2>&1
fi

7
src/boot.d/02-sethostname
View File

@@ -1,7 +0,0 @@
#!/bin/sh
echo "Setting hostname"
if [ -z "$DOMAINNAME" ]; then
hostname $HOSTNAME
else
hostname ${HOSTNAME}.${DOMAINNAME}
fi

4
src/boot.d/03-loadkeymap
View File

@@ -1,4 +0,0 @@
#!/bin/sh
if [ "$KEYMAP" != "" ]; then
loadkeys $KEYMAP
fi

11
src/boot.d/04-initpowermanagement
View File

@@ -1,11 +0,0 @@
#!/bin/sh
# Initializing Power Management ACPI first, then APM.
# APM won't load if ACPI is initialized anyway.
echo "Initializing Power Management"
modprobe ac > /dev/null 2>&1
modprobe battery > /dev/null 2>&1
modprobe button > /dev/null 2>&1
modprobe fan > /dev/null 2>&1
modprobe processor > /dev/null 2>&1
modprobe thermal > /dev/null 2>&1
modprobe apm > /dev/null 2>&1

22
src/boot.d/05-initusb
View File

@@ -1,22 +0,0 @@
#!/bin/sh
# Initialize USB controllers
echo "Initializing USB controllers"
aliases=`/sbin/modprobe -c | awk '/^alias usb-controller/ { print $3 }'`
if [ -n "$aliases" -a "$aliases" != "off" ] ; then
modprobe usbcore
mount -n -t usbdevfs usbdevfs /proc/bus/usb
for alias in $aliases ; do
[ "$alias" != "off" ] && modprobe $alias
done
echo "Initializing USB storage devices"
modprobe usb-storage
modprobe sd_mod
echo "Initializing USB keyboard"
modprobe hid
modprobe keybdev
echo "Initializing USB modems"
modprobe acm
fi

29
src/boot.d/06-mountrootfs
View File

@@ -1,29 +0,0 @@
#!/bin/sh
STRING="Checking root filesystem"
fsck -R -T -a -C /
RC=$?
if [ "$RC" = "0" ]; then
echo "$STRING: Success"
elif [ "$RC" = "1" ]; then
echo "$STRING: Passed"
fi
# A return of 2 or higher means there were serious problems.
if [ $RC -gt 1 ]; then
echo "$STRING: Failed"
echo "*** An error occurred during the file system check."
echo "*** Dropping you to a shell; the system will reboot"
echo "*** when you leave the shell."
export PS1="(Repair filesystem) \# # "
sulogin
echo "Unmounting filesystems"
umount -a
mount -n -o remount,ro /
echo "Automatic reboot in progress."
reboot -f
fi
echo "Mounting root read/write"
mount -n -o remount,rw /

34
src/boot.d/07-mountotherfs
View File

@@ -1,34 +0,0 @@
#!/bin/sh
STRING="Checking other filesystems"
fsck -R -T -a -C -A
RC=$?
if [ "$RC" = "0" ]; then
echo "$STRING: Success"
elif [ "$RC" = "1" ]; then
echo "$STRING: Passed"
fi
# A return of 2 or higher means there were serious problems.
if [ $RC -gt 1 ]; then
echo "$STRING: Failed"
echo "*** An error occurred during the file system check."
echo "*** Dropping you to a shell; the system will reboot"
echo "*** when you leave the shell."
export PS1="(Repair filesystem) \# # "
sulogin
echo "Unmounting filesystems"
umount -n -a
mount -n -o remount,ro /
echo "Automatic reboot in progress."
reboot -f
fi
echo "Mounting other filesystems"
mount -a -n
if [ -e /swapfile ]; then
echo "Turning on swap"
chmod 600 /swapfile
swapon /swapfile
fi

9
src/boot.d/08-updatesystem.map
View File

@@ -1,9 +0,0 @@
#!/bin/sh
echo "Updating System.map file location"
if [ -L /boot/System.map -a -r /boot/System.map-`uname -r` -a \
! /boot/System.map -ef /boot/System.map-`uname -r` ]; then
ln -s -f System.map-`uname -r` /boot/System.map
fi
if [ ! -e /boot/System.map -a -r /boot/System.map-`uname -r` ]; then
ln -s -f System.map-`uname -r` /boot/System.map
fi

3
src/boot.d/09-updatefstab
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Updating /etc/fstab to reflect removable devices"
/usr/sbin/updfstab

3
src/boot.d/10-setkernelsettings
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Setting kernel settings"
/sbin/sysctl -e -p /etc/sysctl.conf >/dev/null

7
src/boot.d/11-startflash
View File

@@ -1,7 +0,0 @@
#!/bin/sh
if [ -e /etc/FLASH ]; then
if [ -e /etc/rc.d/rc.flash.up ]; then
echo "Decompressing Flash"
. /etc/rc.d/rc.flash.up
fi
fi

32
src/boot.d/12-setconsole
View File

@@ -1,32 +0,0 @@
#!/bin/sh
echo "Setting locale"
LANG=en_US.utf8
export LANG
echo "Setting consolefonts"
eval $(/usr/local/bin/readhash /var/ipfire/main/settings)
for i in 2 3 4 5 6; do
> /dev/tty$i
done
if [ "$LANGUAGE" = "el" ]; then
/usr/bin/unicode_start iso07u-16
elif [ "$LANGUAGE" = "pt" -o "$LANGUAGE" = "bz" ]; then
/usr/bin/unicode_start lat1-16
elif [ "$LANGUAGE" = "cs" -o "$LANGUAGE" = "hu" -o "$LANGUAGE" = "pl" -o "$LANGUAGE" = "sk" ]; then
/usr/bin/unicode_start lat2-16
elif [ "$LANGUAGE" = "tr" ]; then
/usr/bin/unicode_start lat5-16
elif [ "$LANGUAGE" = "vi" ]; then
/usr/bin/unicode_start viscii10-8x16
else
/usr/bin/unicode_start lat0-16
fi
#/sbin/splash -n -s -u 0 /boot/splash/config/bootsplash-1024x768.cfg
/sbin/splash -n -s -u 1 /boot/splash/config/bootsplash-1024x768.cfg
/sbin/splash -n -s -u 2 /boot/splash/config/bootsplash-1024x768.cfg
/sbin/splash -n -s -u 3 /boot/splash/config/bootsplash-1024x768.cfg
/sbin/splash -n -s -u 4 /boot/splash/config/bootsplash-1024x768.cfg
/sbin/splash -n -s -u 5 /boot/splash/config/bootsplash-1024x768.cfg
/sbin/splash -n -s -u 11 /boot/splash/config/bootsplash-1024x768.cfg

6
src/boot.d/13-depmod
View File

@@ -1,6 +0,0 @@
#!/bin/sh
echo "Update modules dependencies when necessary"
if [ -e /var/run/need-depmod-`uname -r` ]; then
/sbin/depmod -a
/bin/rm -f /var/run/need-depmod-`uname -r`
fi

7
src/boot.d/14-clearoldfiles
View File

@@ -1,7 +0,0 @@
#!/bin/sh
echo "Clearing old files"
rm -f /var/run/{*.pid,*.sem,*.tdb}
rm -f /var/run/dhcpcd-*.pid
rm -f /var/lock/{LCK..tty*,rc.updatered.lock}
rm -f /var/ipfire/dhcpc/{*.pid,*.cache,*.info}
rm -f /var/ipfire/red/{active,eciadsl-synch-done}

3
src/boot.d/15-setclock
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Setting the clock"
/sbin/hwclock --hctosys

6
src/boot.d/16-cleanwtmputmp
View File

@@ -1,6 +0,0 @@
#!/bin/sh
# Cleaning up wtmp/utmp files
>/var/run/utmp
touch /var/log/wtmp
chgrp utmp /var/run/utmp /var/log/wtmp
chmod 0664 /var/run/utmp /var/log/wtmp

5
src/boot.d/17-runisapnp
View File

@@ -1,5 +0,0 @@
#!/bin/sh
if [ -x /usr/sbin/isapnp -a -f /var/ipfire/isapnp/isapnp.conf -a ! -f /proc/isapnp ]; then
echo "Running isapnp"
/usr/sbin/isapnp /var/ipfire/isapnp/isapnp.conf 2>/dev/null
fi

13
src/boot.d/18-sshcerts
View File

@@ -1,13 +0,0 @@
#!/bin/sh
if [ ! -e /etc/ssh/ssh_host_key ]; then
echo "Generating SSH RSA1 key. This may take several minutes."
/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ""
fi
if [ ! -e /etc/ssh/ssh_host_rsa_key ]; then
echo "Generating SSH RSA key. This may take several minutes."
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
fi
if [ ! -e /etc/ssh/ssh_host_dsa_key ]; then
echo "Generating SSH DSA key. This may take several minutes."
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""
fi

7
src/boot.d/19-httpcerts
View File

@@ -1,7 +0,0 @@
#!/bin/sh
# https certificate
if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
/usr/local/bin/httpscert read
else
/usr/local/bin/httpscert new
fi

3
src/boot.d/20-rotatelogs
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Rotating logs"
/usr/sbin/logrotate /etc/logrotate.conf

3
src/boot.d/21-startsyslogd
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Starting syslogd"
/usr/sbin/syslogd -m 0

3
src/boot.d/22-startklogd
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Starting klogd"
/usr/sbin/klogd -u klogd -j /var/empty

4
src/boot.d/23-startnetwork
View File

@@ -1,4 +0,0 @@
#!/bin/sh
echo "Running /etc/rc.d/rc.network"
. /etc/rc.d/rc.network
echo 7200 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established

3
src/boot.d/24-dumpbootmsg
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Dumping boot messages"
dmesg > /var/log/dmesg

21
src/boot.d/25-hddshutdown
View File

@@ -1,21 +0,0 @@
#!/bin/sh
if [ -e /var/log/rrd/disk.rrd ]; then echo "Adjusting graphs to compensate for boot"; \
/usr/bin/perl -e 'use RRDs;RRDs::update("/var/log/rrd/disk.rrd","-t","readsect:writesect","N:U:U");'; fi
if [ -e /var/log/rrd/disk-hda.rrd ]; then \
/usr/bin/perl -e 'use RRDs;RRDs::update("/var/log/rrd/disk-hda.rrd","-t","readsect:writesect:sleeping","N:U:U:U");'; fi
if [ -e /var/log/rrd/disk-hdb.rrd ]; then \
/usr/bin/perl -e 'use RRDs;RRDs::update("/var/log/rrd/disk-hdb.rrd","-t","readsect:writesect:sleeping","N:U:U:U");'; fi
if [ -e /var/log/rrd/disk-hdc.rrd ]; then \
/usr/bin/perl -e 'use RRDs;RRDs::update("/var/log/rrd/disk-hdc.rrd","-t","readsect:writesect:sleeping","N:U:U:U");'; fi
if [ -e /var/log/rrd/disk-hdd.rrd ]; then \
/usr/bin/perl -e 'use RRDs;RRDs::update("/var/log/rrd/disk-hdd.rrd","-t","readsect:writesect:sleeping","N:U:U:U");'; fi
if [ -e /var/log/rrd/disk-hde.rrd ]; then \
/usr/bin/perl -e 'use RRDs;RRDs::update("/var/log/rrd/disk-hde.rrd","-t","readsect:writesect:sleeping","N:U:U:U");'; fi
if [ -e /var/log/rrd/disk-hdf.rrd ]; then \
/usr/bin/perl -e 'use RRDs;RRDs::update("/var/log/rrd/disk-hdf.rrd","-t","readsect:writesect:sleeping","N:U:U:U");'; fi
if [ -e /var/log/rrd/disk-hdg.rrd ]; then \
/usr/bin/perl -e 'use RRDs;RRDs::update("/var/log/rrd/disk-hdg.rrd","-t","readsect:writesect:sleeping","N:U:U:U");'; fi
if [ -e /var/log/rrd/disk-hdh.rrd ]; then \
/usr/bin/perl -e 'use RRDs;RRDs::update("/var/log/rrd/disk-hdh.rrd","-t","readsect:writesect:sleeping","N:U:U:U");'; fi
rm -rf /tmp/hddshutdown-*
/usr/local/bin/hddshutdown

3
src/boot.d/30-startcron
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Starting crond"
/usr/sbin/fcron

3
src/boot.d/31-startsnort
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Starting Snort (if enabled)"
/usr/local/bin/restartsnort red blue orange green

3
src/boot.d/32-starthttpd
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Starting httpd"
/usr/sbin/httpd

3
src/boot.d/33-startdhcp
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Starting dhcpd (if enabled)"
/usr/local/bin/restartdhcp

3
src/boot.d/34-startssh
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Starting sshd (if enabled)"
/usr/local/bin/restartssh

3
src/boot.d/35-startntp
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Starting ntpd (if enabled)"
/usr/local/bin/restartntpd

5
src/boot.d/36-startsquid
View File

@@ -1,5 +0,0 @@
#!/bin/sh
if [ -e "/var/ipfire/proxy/squid.conf" ]; then
echo "Starting squid (if enabled)"
/usr/local/bin/restartsquid
fi

3
src/boot.d/40-startopenvpn
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Starting openvpn (if enabled)"
/usr/local/bin/openvpnctrl --start-daemon-only >& /dev/null

3
src/boot.d/98-xinetd
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Starting xinetd"
/usr/sbin/xinetd -f /var/ipfire/xinetd/xinetd.conf

3
src/boot.d/99-rclocal
View File

@@ -1,3 +0,0 @@
#!/bin/sh
echo "Running rc.local"
. /etc/rc.d/rc.local

17
src/confire/confire
View File

@@ -1,17 +0,0 @@
#!/bin/bash
############################################################################################
# Copyright (C) 2006 by IPFire.org #
# IPFire ist freie Software, die Sie unter bestimmten Bedingungen weitergeben d<>rfen. #
############################################################################################
if [ -f "/opt/confire/paks/$1" ]; then
echo -e "Configuring $1."
. /opt/confire/paks/$1
exit 0
else
echo -e "There is no package with name $1. Exiting."
exit 1
fi
################################### EOF ####################################################

6
src/ppp/ip-down
View File

@@ -17,7 +17,7 @@ require 'CONFIG_ROOT/general-functions.pl';
umask 022;
unlink "${General::swroot}/red/active";
system "/etc/rc.d/rc.updatered";
system "/etc/rc.d/init.d/network red update";
# Beep when ppp goes up or down. Silence if 'nobeeps' file exists.
if ( ! -e "${General::swroot}/ppp/nobeeps") {
@@ -26,8 +26,8 @@ if ( ! -e "${General::swroot}/ppp/nobeeps") {
if ( -e "${General::swroot}/red/keepconnected") {
if ( system ('/bin/ps ax | /bin/grep -q "[r]c.connectioncheck reconnect"') ) {
system ('/etc/rc.d/rc.connectioncheck reconnect &');
system ('/etc/rc.d/init.d/connectioncheck reconnect &');
} else {
&General::log ('rc.connectioncheck reconnect already running');
&General::log ('connectioncheck reconnect already running');
}
}

6
src/ppp/ip-up
View File

@@ -10,7 +10,7 @@
#
use strict;
require 'CONFIG_ROOT/general-functions.pl';
require '/var/ipfire/general-functions.pl';
&General::log("PPP has gone up on $ARGV[0]");
umask 022;
@@ -49,8 +49,8 @@ if (open(FILE, ">${General::swroot}/red/iface")) { print FILE $ARGV[0]; close (F
if (open(FILE, ">${General::swroot}/red/local-ipaddress")) { print FILE $ARGV[3]; close (FILE); }
if (open(FILE, ">${General::swroot}/red/remote-ipaddress")) { print FILE $ARGV[4]; close (FILE); }
system('/bin/touch', "${General::swroot}/red/active");
system('/etc/rc.d/rc.updatered');
system('/usr/bin/touch', "${General::swroot}/red/active");
system('/etc/rc.d/init.d/network red update');
# Beep when ppp goes up or down. Silence if 'nobeeps' file exists.
if ( ! -e "${General::swroot}/ppp/nobeeps") {

2
src/ppp/options
View File

@@ -1,2 +1,2 @@
linkname ipcop
linkname ipfire
noauth

32
src/rc.d/helper/getdnsfromdhcpc.pl
View File

@@ -1,32 +0,0 @@
#!/usr/bin/perl
#
# Helper program to get DNS info from dhcpc .info file.
#
# (c) Lawrence Manning, 2001
use strict;
require 'CONFIG_ROOT/general-functions.pl';
my $count = $ARGV[0];
my ($dhcp, $dns, @alldns, %dhcpc);
if ($count eq "" || $count < 1) {
die "Bad DNS number given"; }
if (open(FILE, "${General::swroot}/red/iface")) {
my $iface = <FILE>;
close FILE;
chomp ($iface);
if (!&General::readhash("${General::swroot}/dhcpc/dhcpcd-$iface.info", \%dhcpc)) {
die "Could not open dhcpc info file";
}
} else {
die "Could not open interface file";
}
$dns = $dhcpc{'DNS'};
@alldns = split(',', $dns);
print "$alldns[$count - 1]\n";

55
src/rc.d/helper/writeipac.pl
View File

@@ -1,55 +0,0 @@
#!/usr/bin/perl
#
# Helper program to write a new IPAC settings file
#
# (c) Lawrence Manning, 2001
#
# $id
#
use strict;
require '/var/ipfire/general-functions.pl';
my %settings;
my $iface;
General::readhash("${General::swroot}/ethernet/settings", \%settings);
if (!open(FILE, '>/etc/ipac-ng/rules.conf')) {
die "Unable to create /etc/ipac-ng/rules.conf"; }
if (open(IFACE, "${General::swroot}/red/iface"))
{
$iface = <IFACE>;
close IFACE;
chomp ($iface);
}
print FILE "incoming GREEN ($settings{'GREEN_DEV'})|ipac~o|$settings{'GREEN_DEV'}|all|||\n";
print FILE "outgoing GREEN ($settings{'GREEN_DEV'})|ipac~i|$settings{'GREEN_DEV'}|all|||\n";
print FILE "forwarded incoming GREEN ($settings{'GREEN_DEV'})|ipac~fi|$settings{'GREEN_DEV'}|all|||\n";
print FILE "forwarded outgoing GREEN ($settings{'GREEN_DEV'})|ipac~fo|$settings{'GREEN_DEV'}|all|||\n";
if ($settings{'CONFIG_TYPE'} =~ /^(1|3|5|7)$/ )
{
print FILE "incoming ORANGE ($settings{'ORANGE_DEV'})|ipac~o|$settings{'ORANGE_DEV'}|all|||\n";
print FILE "outgoing ORANGE ($settings{'ORANGE_DEV'})|ipac~i|$settings{'ORANGE_DEV'}|all|||\n";
print FILE "forwarded incoming ORANGE ($settings{'ORANGE_DEV'})|ipac~fi|$settings{'ORANGE_DEV'}|all|||\n";
print FILE "forwarded outgoing ORANGE ($settings{'ORANGE_DEV'})|ipac~fo|$settings{'ORANGE_DEV'}|all|||\n";
}
if ($settings{'CONFIG_TYPE'} =~ /^(4|5|6|7)$/ )
{
print FILE "incoming BLUE ($settings{'BLUE_DEV'})|ipac~o|$settings{'BLUE_DEV'}|all|||\n";
print FILE "outgoing BLUE ($settings{'BLUE_DEV'})|ipac~i|$settings{'BLUE_DEV'}|all|||\n";
print FILE "forwarded incoming BLUE ($settings{'BLUE_DEV'})|ipac~fi|$settings{'BLUE_DEV'}|all|||\n";
print FILE "forwarded outgoing BLUE ($settings{'BLUE_DEV'})|ipac~fo|$settings{'BLUE_DEV'}|all|||\n";
}
if ($iface) {
print FILE "incoming RED ($iface)|ipac~o|$iface|all|||\n";
print FILE "outgoing RED ($iface)|ipac~i|$iface|all|||\n";
print FILE "forwarded incoming RED ($iface)|ipac~fi|$iface|all|||\n";
print FILE "forwarded outgoing RED ($iface)|ipac~fo|$iface|all|||\n";
}
close FILE;

76
src/rc.d/rc.3cp4218usbadsl
View File

@@ -1,76 +0,0 @@
#!/bin/bash
#
# $Id: rc.3cp4218usbadsl,v 1.4.2.3 2005/07/07 20:11:57 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "3Com AccessRunner USB: $*"
fi
echo "$*"
}
# See how we were called.
case "$1" in
start)
if [ -f "/proc/bus/usb/devices" ]; then
if ( ! /bin/cat /proc/bus/usb/devices | /bin/grep -q 'Vendor=0506 ProdID=F002' ); then
echo "3Cload"
/usr/sbin/3cload /usr/sbin/ez-usb.bin
if [ $? -ne 0 ]; then
msg "3Cload1 failed"
exit 1
fi
/bin/sleep 5
# OPEN_MODE=: 5 = ANSI T1.413, 7 = ITU-T G.992.2 (G.LITE), 6 = ITU-T G.992.1 (G.DMT), 8 = multimode, 3 = other
case "$MODULATION" in
GDMT) OPEN_MODE=6 ;;
ANSI) OPEN_MODE=5 ;;
GLITE) OPEN_MODE=7 ;;
AUTO) OPEN_MODE=8 ;;
esac
/usr/sbin/3cload 2 /usr/sbin/3cinit.bin /usr/sbin/3cmain.bin $OPEN_MODE
if [ $? -ne 0 ]; then
msg "3Cload2 failed"
exit 1
fi
fi
/sbin/modprobe 3cp4218 speed=1 open=$OPEN_MODE
/bin/sleep 5
if [ $? -ne 0 ]; then
msg "3cp4218 loading failed"
exit 2
fi
/bin/sleep 3
/usr/sbin/3cioctl 1
if [ $? -ne 0 ]; then
msg "3cioctl failed"
exit 3
fi
/bin/sleep 3
fi
exit 0
;;
stop)
msg "stop"
/usr/sbin/3cioctl 2
;;
cleanup)
msg "driver cleanup and restarting USB Bus"
/usr/sbin/3cioctl 5
/sbin/modprobe -r 3cp4218
/bin/sleep 4
/usr/local/bin/resetusb
;;
*)
echo "Usage: $0 {start|stop|cleanup}"
exit 1
;;
esac
exit 0

107
src/rc.d/rc.alcatelusb
View File

@@ -1,107 +0,0 @@
#!/bin/bash
#
# $Id: rc.alcatelusb,v 1.7.2.12 2005/07/07 20:11:57 franck78 Exp $
#
eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "Speedtouch USB: $*"
fi
/bin/echo "$*"
}
function wait_for_iface()
{
msg "Waiting for interface: $1"
COUNTER=10
FLREADY=0
TIMES=1
while [ $TIMES -le $COUNTER ]; do
/sbin/ifconfig $1> /dev/null 2>&1
if [ $? -eq 0 ]; then
FLREADY=1
break
fi
/bin/sleep 1
TIMES=$(expr $TIMES + 1)
done
if [ "$FLREADY" -eq 0 ]; then
msg "Interface not found: $1"
exit 1
fi
}
# See how we were called.
case "$1" in
start)
if [ ! -f "/proc/bus/usb/devices" ]; then
msg "No USB enabled"
exit 1
fi
speedtouch=`/bin/cat /proc/bus/usb/devices | /bin/grep 'Vendor=06b9 ProdID=4061' | /usr/bin/cut -d ' ' -f6`
case "$speedtouch" in
'')
msg "No Speedtouch found"
exit 1
;;
'0.00' | '0.01' | '2.00')
modem='v0123'
# Speedtouch 530 aka Rev 3.00 does not work actually
;;
'4.00')
modem='v4_b'
;;
*)
msg "Unknown version or unsupported model Rev $speedtouch"
exit 1
;;
esac
if ( ! /bin/ps -ef | /bin/grep -q [m]odem_run ); then
rm -f /var/run/pppoa3-modem*.pid
msg "Uploading firmware to modem"
/usr/sbin/modem_run -v 1 -t 90 -n 4 -f /var/ipfire/alcatelusb/firmware.$modem.bin
# Check if Firmware uploaded ok. Reset USB if Failed
if [ $? -ne 0 ]; then
msg "Firmware upload failed: Retrying"
/usr/local/bin/resetusb
/usr/sbin/modem_run -v 1 -t 90 -n 4 -f /var/ipfire/alcatelusb/firmware.$modem.bin
if [ $? -ne 0 ]; then
msg "Firmware upload failed: Exiting"
exit 1
fi
fi
fi
# Alcatel USB PPPoE Mode
if [ "$PROTOCOL" = "RFC1483" ]; then
iface="tap0"
/sbin/modprobe tun
/usr/sbin/pppoa3 -b -c -m 1 -vpi $VPI -vci $VCI
wait_for_iface $iface
/sbin/ifconfig $iface up
exit $?
fi
exit 0
;;
stop)
msg "stop"
/bin/killall pppoa3 2>/dev/null
/bin/sleep 1
/sbin/modprobe -r tun
;;
cleanup)
msg "driver cleanup and USB Bus reset"
/usr/local/bin/resetusb
;;
*)
/bin/echo "Usage: $0 {start|stop|cleanup}"
exit 1
;;
esac
exit 0

86
src/rc.d/rc.alcatelusbk
View File

@@ -1,86 +0,0 @@
#!/bin/bash
#
# $Id: rc.alcatelusbk,v 1.6.2.11 2005/07/07 20:11:57 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "Speedtouch USB K: $*"
fi
/bin/echo "$*"
}
# See how we were called.
case "$1" in
start)
if [ ! -f "/proc/bus/usb/devices" ]; then
msg "No USB enabled"
exit 1
fi
speedtouch=`/bin/cat /proc/bus/usb/devices | /bin/grep 'Vendor=06b9 ProdID=4061' | /usr/bin/cut -d ' ' -f6`
case "$speedtouch" in
'')
msg "No Speedtouch found"
exit 1
;;
'0.00' | '0.01' | '2.00')
modem='v0123'
# Speedtouch 530 aka Rev 3.00 does not work actually
;;
'4.00')
modem='v4_b'
;;
*)
msg "Unknown version or unsupported model Rev $speedtouch"
exit 1
;;
esac
if ( ! /bin/ps -ef | /bin/grep -q '[m]odem_run -k'); then
# modem_run was killed by "hub.c: already running port x disabled by hub (EMI?), re-enabling..."
/sbin/modprobe -r speedtch
fi
if ( ! /sbin/lsmod | /bin/grep -q [s]peedtch ); then
if ( /bin/ps -ef | /bin/grep -q [m]odem_run ); then
# switching from user to kernel mode
msg "need to kill previous modem_run"
/bin/killall /usr/sbin/modem_run
/usr/local/bin/resetusb
fi
/sbin/modprobe speedtch
/usr/sbin/modem_run -k -v 1 -t 90 -n 4 -f CONFIG_ROOT/alcatelusb/firmware.$modem.bin
if [ $? -ne 0 ]; then
msg "firmware download failed : will reset USB and try again"
/sbin/modprobe -r speedtch
/usr/local/bin/resetusb
/sbin/modprobe speedtch
/usr/sbin/modem_run -k -v 1 -t 90 -n 4 -f CONFIG_ROOT/alcatelusb/firmware.$modem.bin
if [ $? -ne 0 ]; then
exit 1
fi
fi
# time to avoid "Ressource temporary unavailable"
/bin/sleep 5
fi
exit 0
;;
stop)
msg "stop"
;;
cleanup)
msg "driver cleanup and USB Bus reset"
/sbin/modprobe -r speedtch
/usr/local/bin/resetusb
;;
*)
/bin/echo "Usage: $0 {start|stop|cleanup}"
exit 1
;;
esac
exit 0

62
src/rc.d/rc.amedynusbadsl
View File

@@ -1,62 +0,0 @@
#!/bin/bash
#
# $Id: rc.amedynusbadsl,v 1.3.2.5 2005/07/07 20:11:57 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "Zyxel 630-11/Asus AAM6000UG: $*"
fi
/bin/echo "$*"
}
# See how we were called.
case "$1" in
start)
if [ -f "/proc/bus/usb/devices" ]; then
if ( ! /bin/cat /proc/bus/usb/devices | /bin/grep -q 'ADSL USB modem' ); then
echo "amload"
/usr/sbin/amload
if [ $? -ne 0 ]; then
msg "amload failed"
# exit 1
fi
fi
/sbin/modprobe amedyn
if [ $? -ne 0 ]; then
msg "amedyn loading failed"
# exit 2
fi
/bin/sleep 3
/usr/sbin/amioctl 1
if [ $? -ne 0 ]; then
msg "amioctl failed"
# exit 3
fi
/bin/sleep 3
fi
exit 0
;;
stop)
msg "stop"
/usr/sbin/amioctl 2
;;
cleanup)
msg "driver cleanup and USB Bus reset"
/usr/sbin/amioctl 5
/sbin/modprobe -r amedyn
/bin/sleep 4
/usr/local/bin/resetusb
;;
*)
/bin/echo "Usage: $0 {start|stop|cleanup}"
exit 1
;;
esac
exit 0

77
src/rc.d/rc.bewanadsl
View File

@@ -1,77 +0,0 @@
#!/bin/bash
#
# $Id: rc.bewanadsl,v 1.5.2.6 2005/07/07 20:11:58 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "BEWAN ADSL: $*"
fi
/bin/echo "$*"
}
function wait_for_showtime() {
count=0
while [ ! $count = 45 ]; do
/bin/sleep 2
if ( /bin/cat /proc/net/atm/UNICORN:* | /bin/grep -q "SHOWTIME" ); then
return 0
fi
((++count))
done
return 1
}
if [ "$MODEM" = "PCIST" ]; then
UNICORN="unicorn_pci_atm"
else
UNICORN="unicorn_usb_atm"
if [ ! -f "/proc/bus/usb/devices" ]; then
msg "No USB enabled"
exit 1
fi
# commented because actually cat /proc/bus/usb/devices may trigger some verbose error until pppd session start
# if ( ! /bin/cat /proc/bus/usb/devices | /bin/grep -q 'Vendor=07fa' ); then
# msg "No ST chip : not supported by this driver"
# exit 1
# fi
fi
# See how we were called.
case "$1" in
start)
# ActivationMode : ANSI=1,G.lite=2,MULTI=3,G.dmt=4
case "$MODULATION" in
GDMT) ActivationMode=4 ;;
ANSI) ActivationMode=1 ;;
GLITE) ActivationMode=2 ;;
AUTO) ActivationMode=3 ;;
esac
msg "Loading $UNICORN, Modulation=$MODULATION, may take time to uncompress..."
/sbin/modprobe "$UNICORN" ActivationMode="$ActivationMode"
if [ ! $? = 0 ]; then
msg "Loading fail, is the modem plugged in?"
exit 1
fi
wait_for_showtime
if [ $? = 1 ]; then
exit 1
fi
;;
stop)
msg "stop"
;;
cleanup)
msg "cleanup"
/sbin/modprobe -r "$UNICORN"
;;
*)
/bin/echo "Usage: $0 {start|stop|cleanup}"
exit 1
;;
esac
exit 0

80
src/rc.d/rc.conexantpciadsl
View File

@@ -1,80 +0,0 @@
#!/bin/bash
#
# $Id: rc.conexantpciadsl,v 1.1.2.11 2005/07/07 20:11:58 franck78 Exp $
#
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "CnxPCI ADSL: $*"
fi
/bin/echo "$*"
}
function wait_for_showtime() {
msg "waiting for sync"
count=0
while [ ! $count = 45 ]; do
/bin/sleep 2
if ( /usr/sbin/cnxadslstatus | /bin/grep -q -F 'Showtime.' ); then
msg "sync done"
return 0
fi
((++count))
done
return 1
}
# See how we were called.
case "$1" in
start)
msg "starting"
# if the driver is not already loaded then
if ( /sbin/lsmod | /bin/grep -q CnxADSL ); then
msg "already loaded"
else
if ( ! /bin/cat /proc/pci | /bin/grep -q '14f1' ); then
msg "no conexant modem"
exit 1
fi
/sbin/modprobe CnxADSL
RETVAL=$?
if [ $RETVAL -ne 0 ] ; then
msg "error when loading, card present?"
fi
if ( /bin/cat /proc/pci | /bin/grep -q '14f1:1611' ); then
# Tigris model
/bin/ln -f -s /etc/Conexant/CnxTgF.hex CONFIG_ROOT/cnx_pci/firmware.hex
else
if ( /bin/cat /proc/pci | /bin/grep -q '14f1:1622' ); then
# Yukon model
/bin/ln -f -s /etc/Conexant/CnxYkF.hex CONFIG_ROOT/cnx_pci/firmware.hex
else
msg "don't know this model"
exit 1
fi
fi
# Initialize the firmware and start training
/bin/ln -f -s /etc/Conexant/cnxadsl.conf CONFIG_ROOT/cnx_pci/cnxadsl.conf
/etc/Conexant/cnxadslload CONFIG_ROOT/cnx_pci
fi
wait_for_showtime
exit $?
;;
stop)
msg "stop"
;;
cleanup)
msg "cleanup"
/bin/killall cnxadslload 2>/dev/null
/sbin/modprobe -r CnxADSL
;;
*)
echo "Usage: $0 {start|stop|cleanup}"
exit 1
;;
esac
exit 0

61
src/rc.d/rc.conexantusbadsl
View File

@@ -1,61 +0,0 @@
#!/bin/bash
#
# $Id: rc.conexantusbadsl,v 1.5.2.4 2005/07/07 20:11:58 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "Conexant USB: $*"
fi
/bin/echo "$*"
}
# See how we were called.
case "$1" in
start)
if [ -f "/proc/bus/usb/devices" ]; then
if ( ! /bin/cat /proc/bus/usb/devices | /bin/grep -q xdslusb ); then
echo "cxload"
/usr/sbin/cxload
if [ $? -ne 0 ]; then
msg "cxload failed"
exit 1
fi
fi
eval $(/usr/local/bin/readhash /tmp/cxacru.params)
/sbin/modprobe cxacru open=$PARAM_0a
if [ $? -ne 0 ]; then
msg "cxacru loading failed"
exit 2
fi
/bin/sleep 12
/usr/sbin/cxioctl 1
if [ $? -ne 0 ]; then
msg "cxioctl failed"
exit 3
fi
/bin/sleep 3
fi
;;
stop)
msg "stop"
/usr/sbin/cxioctl 2
;;
cleanup)
msg "driver cleanup and USB Bus reset"
/usr/sbin/cxioctl 5
/sbin/modprobe -r cxacru
/bin/sleep 4
/usr/local/bin/resetusb
;;
*)
/bin/echo "Usage: $0 {start|stop|cleanup}"
exit 1
;;
esac
exit 0

135
src/rc.d/rc.connectioncheck
View File

@@ -1,135 +0,0 @@
#!/bin/bash
#
# $Id: rc.connectioncheck,v 1.4.2.22 2005/07/07 20:11:58 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
# MAXRETRIES is now a count before rc.red clear and if reconnection fail, eventually switching to a backup profil
MAXCONFIGURE=160
if [ ! $HOLDOFF ]; then
HOLDOFF=30
fi
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "Connectioncheck: $*"
fi
/bin/echo "$*"
}
if [ -s "CONFIG_ROOT/red/keepconnected" ]; then
ATTEMPTS=$(/bin/cat CONFIG_ROOT/red/keepconnected)
else
echo "0" > CONFIG_ROOT/red/keepconnected
fi
case "$1" in
start)
# waiting pppd start or sync timout set at 90 s when available in driver
#rc.eciadsl/eci-load2 timout after 60s and 5 eci-load2 maximum attempts are done in rc.eciadsl.
#So just wait 5 s after 'rc.red start' end where pppd should have been started
TIMETOSTART=0
while ( ! /bin/ps ax | /bin/grep -q [p]ppd ); do
if [ ! -e "CONFIG_ROOT/red/keepconnected" ]; then
# user pressed disconnect in gui
exit 0
fi
RCREDSTART=`/bin/ps ax | /bin/grep '[r]c.red start'`
if [ "$TIMETOSTART" -eq 1 ]; then
msg "fail before pppd start : no sync, trying again"
/etc/rc.d/rc.red stop
/etc/rc.d/rc.red clear
/etc/rc.d/rc.red start
exit
fi
# give 5 s more at pppd to be visible with ps ax after 'rc.red start' end
if [ "$RCREDSTART" = '' ]; then
TIMETOSTART=1
fi
/bin/sleep 5
done
#watching if an IP is received in $MAXCONFIGURE time to avoid some pppoa waiting forever even after LCP timeout
COUNT=0
while [ "$COUNT" -le "$MAXCONFIGURE" ]; do
if [ ! -e "CONFIG_ROOT/red/keepconnected" ]; then
# user pressed disconnect in gui
exit 0
fi
if [ -e "CONFIG_ROOT/red/active" ]; then
# connected in time so exit
echo "0" > CONFIG_ROOT/red/keepconnected
exit 0
fi
if [ -e "CONFIG_ROOT/red/dial-on-demand" ]; then
# Don't count time when dial-on-demand is not really connected
if ( ! /sbin/ifconfig | /bin/grep -q addr:10.64.64.64 ); then
(( COUNT += 5 ))
fi
else
(( COUNT += 5 ))
fi
if ( ! /bin/ps ax | /bin/grep -q [p]ppd ); then
#pppd exit, so don't need to wait MAXCONFIGURE
break
fi
/bin/sleep 5
done
msg "RED fail to connect"
RCREDSTART=`/bin/ps ax | /bin/grep '[r]c.red start' | /usr/bin/cut -f1 -d ' '`
if [ "$RCREDSTART" != '' ]; then
/bin/kill "$RCREDSTART"
fi
# this attempt to connect fail, so retry
#Don't erase keepconnected because it is used to watch user actions
/bin/touch CONFIG_ROOT/red/redial
/etc/rc.d/rc.red stop
while ( /bin/ps ax | /bin/grep -q [p]ppd ); do
msg "waiting pppd exit"
/bin/sleep 2
done
/bin/sleep $HOLDOFF
if [ ! -e "CONFIG_ROOT/red/keepconnected" ]; then
# user pressed disconnect in gui
exit 0
fi
(( ATTEMPTS += 1 ))
msg "Restarting $ATTEMPTS/$MAXRETRIES"
if [ "$ATTEMPTS" -ge "$MAXRETRIES" ]; then
echo "0" > CONFIG_ROOT/red/keepconnected
msg "Clearing RED interface"
/etc/rc.d/rc.red clear
if [ "$BACKUPPROFILE" != '' ]; then
/bin/rm -f CONFIG_ROOT/ppp/settings
/bin/cp "CONFIG_ROOT/ppp/settings-$BACKUPPROFILE" CONFIG_ROOT/ppp/settings
fi
else
echo $ATTEMPTS > CONFIG_ROOT/red/keepconnected
fi
/etc/rc.d/rc.red start
;;
reconnect)
while ( /bin/ps ax | /bin/grep -q [p]ppd ); do
/bin/sleep 2
done
if [ "$PROTOCOL" = RFC1483 ]; then
# remove bridged/routed user-space programs
if [ "$TYPE" = eciadsl ]; then
/etc/rc.d/rc.eciadsl stop
fi
if [ "$TYPE" = alcatelusb ]; then
/etc/rc.d/rc.alcatelusb stop
fi
fi
msg "will connect again"
/etc/rc.d/rc.red start
;;
*)
/bin/echo "Usage: $0 {start|reconnect}"
exit 1
;;
esac

75
src/rc.d/rc.eagleusbadsl
View File

@@ -1,75 +0,0 @@
#!/bin/bash
#
# $Id: rc.eagleusbadsl,v 1.5.2.11 2005/07/07 20:11:58 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "EAGLE-USB: $*"
fi
/bin/echo "$*"
}
IFACE="eth3"
DSPstr="Please send DSP (eaglectrl -d)"
# See how we were called.
case "$1" in
start)
if [ ! -f "/proc/bus/usb/devices" ]; then
msg "No USB enabled"
exit 1
fi
if [ "$LINE" != "WO" -a "$LINE" != "FR" -a "$LINE" != "IT" -a "$LINE" != "ES" ]; then
LINE='WO' # default CMV value
fi
/bin/ln -f -s /etc/eagle-usb/CMVep$LINE.txt /etc/eagle-usb/CMVep.txt
/bin/ln -f -s /etc/eagle-usb/CMVeiWO.txt /etc/eagle-usb/CMVei.txt
if ( /sbin/ifconfig | /bin/grep -q "$IFACE" ); then
/sbin/ifconfig "$IFACE" down
fi
if ( ! /sbin/lsmod | /bin/grep -q [e]agle-usb ); then
/sbin/modprobe eagle-usb if_name="$IFACE"
# let some time to load firmware
/bin/sleep 8
fi
if [[ ( -e CONFIG_ROOT/ppp/updatesettings) ||
( `/usr/sbin/eaglestat | /bin/grep "$DSPstr"` = "$DSPstr" ) ]]; then
/usr/sbin/eaglectrl -d -oCONFIG_ROOT/eagle-usb/eagle-usb.conf
if [ $? -ne 0 ]; then
msg "init fail"
exit 1
fi
fi
/usr/sbin/eaglectrl -s90
if [ $? -ne 0 ]; then
msg "synchronisation fail"
exit 1
fi
/sbin/ifconfig `/usr/sbin/eaglectrl -i` 10.0.0.139 netmask 255.255.255.254 up
if [ $? -ne 0 ]; then
msg "ifconfig fail"
exit 1
fi
;;
stop)
msg "stop"
;;
cleanup)
msg "driver cleanup"
/sbin/ifconfig "$IFACE" down
/sbin/modprobe -r eagle-usb
;;
*)
/bin/echo "Usage: $0 {start|stop|cleanup}"
exit 1
;;
esac
exit 0

151
src/rc.d/rc.eciadsl
View File

@@ -1,151 +0,0 @@
#!/bin/bash
#
# $Id: rc.eciadsl,v 1.4.2.14 2005/07/28 16:47:43 gespinasse Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "ECI USB: $*"
fi
/bin/echo "$*"
}
# Function to wait for interface to become ready
# Borrowed from eciadsl startmodem script
function wait_for_iface()
{
msg "Waiting for interface: $1"
COUNTER=10
FLREADY=0
TIMES=1
while [ $TIMES -le $COUNTER ]; do
/sbin/ifconfig $1> /dev/null 2>&1
if [ $? -eq 0 ]; then
FLREADY=1
break
fi
/bin/sleep 1
TIMES=$(expr $TIMES + 1)
done
if [ "$FLREADY" -eq 0 ]; then
msg "Interface not found: $1"
exit 1
fi
}
# See how we were called.
case "$1" in
start)
if [ ! -f "CONFIG_ROOT/eciadsl/synch.bin" ]; then
msg "Synch.bin not uploaded"
exit 1
fi
if [ ! -f "/proc/bus/usb/devices" ]; then
msg "No USB enabled"
exit 1
fi
VID1="$(/bin/grep "$MODEM " "/etc/eciadsl/modems.db" | /usr/bin/tr -s "\t" "|" | /usr/bin/cut -d '|' -f 2)"
PID1="$(/bin/grep "$MODEM " "/etc/eciadsl/modems.db" | /usr/bin/tr -s "\t" "|" | /usr/bin/cut -d '|' -f 3)"
VID2="$(/bin/grep "$MODEM " "/etc/eciadsl/modems.db" | /usr/bin/tr -s "\t" "|" | /usr/bin/cut -d '|' -f 4)"
PID2="$(/bin/grep "$MODEM " "/etc/eciadsl/modems.db" | /usr/bin/tr -s "\t" "|" | /usr/bin/cut -d '|' -f 5)"
CHIP="$(/bin/grep "$MODEM " "/etc/eciadsl/modems.db" | /usr/bin/tr -s "\t" "|" | /usr/bin/cut -d '|' -f 6)"
ALTS="$(/bin/grep "$MODEM " "/etc/eciadsl/modems.db" | /usr/bin/tr -s "\t" "|" | /usr/bin/cut -d '|' -f 7)"
ALTP="$(/bin/grep "$MODEM " "/etc/eciadsl/modems.db" | /usr/bin/tr -s "\t" "|" | /usr/bin/cut -d '|' -f 8)"
if [ "$CHIP" = '' ]; then
msg "error in modems.db reading for $MODEM no CHIP found"
exit 1
fi
# Firmware
if [ "$CHIP" = 'GS7070' ]; then
if ( /bin/grep -q "^P: Vendor=$VID1 ProdID=$PID1" /proc/bus/usb/devices ); then
/bin/rm -f /var/ipfire/red/eciadsl-synch-done
/bin/sleep 2
msg "Loading Firmware for $MODEM"
/usr/sbin/eciadsl-firmware 0x$VID1 0x$PID1 0x$VID2 0x$PID2 /etc/eciadsl/firmware00.bin
RET=$?
if [ "$RET" -ne "0" ]; then
msg "$MODEM failed to load firmware, reason: $RET"
exit 1
fi
/bin/sleep 2
fi
fi
if ( ! /bin/grep -q "^P: Vendor=$VID2 ProdID=$PID2" /proc/bus/usb/devices ); then
msg "$MODEM modem not found ready"
exit 1
fi
# Modem synch
if [ ! -e "CONFIG_ROOT/red/eciadsl-synch-done" ]; then
/usr/sbin/eciadsl-synch -alt $ALTS -mc $CHIP 0x$VID2 0x$PID2 CONFIG_ROOT/eciadsl/synch.bin
RET=$?
if [ "$RET" -ne "0" ]; then
msg "$MODEM failed to get synchronization, reason:$RET"
exit 1
else
/bin/touch CONFIG_ROOT/red/eciadsl-synch-done
fi
fi
if [ "$PROTOCOL" = "RFC1483" ]; then
case "$ENCAP" in
0) ECIMODE="LLC_SNAP_RFC1483_BRIDGED_ETH_NO_FCS"
;;
1) ECIMODE="VCM_RFC_1483_BRIDGED_ETH"
;;
2) ECIMODE="LLC_RFC1483_ROUTED_IP"
;;
3) ECIMODE="VCM_RFC1483_ROUTED_IP"
;;
*) msg "Unknown encapsulation: $ENCAP"
exit 1
;;
esac
# Start pppoeci
if [ "$ENCAP" = "0" -o "$ENCAP" = "1" ]; then
ECIIF="tap0"
else
ECIIF="tun0"
fi
/sbin/modprobe tun
/usr/sbin/eciadsl-pppoeci -alt $ALTP -vpi $VPI -vci $VCI -vendor 0x$VID2 -product 0x$PID2 -mode $ECIMODE
wait_for_iface $ECIIF
/sbin/ifconfig $ECIIF up
exit $?
fi
exit 0
;;
stop)
msg "stop"
# Avoid possibility of multiple 'rc.eciadsl start' as only one prog can claim interface at a time
# and time for the full eci-load2 loop may be too long for the user to wait until to try once again
RCECIADSLSTART=`/bin/ps ax | /bin/grep '[r]c.eciadsl start' | /usr/bin/cut -f1 -d ' '`
[ "$RCECIADSLSTART" != '' ] && /bin/kill "$RCECIADSLSTART"
# -KILL is necessary because pppoeci ignores sigint
/bin/killall -KILL eciadsl-pppoeci eciadsl-firmware eciadsl-synch 2> /dev/null
/bin/sleep 1
/sbin/modprobe -r tun
;;
cleanup)
msg "driver cleanup and USB Bus reset"
/usr/local/bin/resetusb
/bin/rm -f CONFIG_ROOT/red/eciadsl-synch-done
;;
*)
/bin/echo "Usage: $0 {start|stop|cleanup}"
exit 1
;;
esac
exit 0

298
src/rc.d/rc.firewall
View File

@@ -1,298 +0,0 @@
#!/bin/sh
#
# $Id: rc.firewall,v 1.7.2.20 2006/01/12 01:24:30 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
eval $(/usr/local/bin/readhash CONFIG_ROOT/ethernet/settings)
IFACE=`/bin/cat CONFIG_ROOT/red/iface 2> /dev/null | /usr/bin/tr -d '\012'`
if [ -f CONFIG_ROOT/red/device ]; then
DEVICE=`/bin/cat CONFIG_ROOT/red/device 2> /dev/null | /usr/bin/tr -d '\012'`
fi
iptables_init() {
# Flush all rules and delete all custom chains
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
/sbin/iptables -X
/sbin/iptables -t nat -X
/sbin/iptables -t mangle -X
# Set up policies
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
# Empty LOG_DROP and LOG_REJECT chains
/sbin/iptables -N LOG_DROP
/sbin/iptables -A LOG_DROP -m limit --limit 10/minute -j LOG
/sbin/iptables -A LOG_DROP -j DROP
/sbin/iptables -N LOG_REJECT
/sbin/iptables -A LOG_REJECT -m limit --limit 10/minute -j LOG
/sbin/iptables -A LOG_REJECT -j REJECT
# This chain will log, then DROPs packets with certain bad combinations
# of flags might indicate a port-scan attempt (xmas, null, etc)
/sbin/iptables -N PSCAN
/sbin/iptables -A PSCAN -p tcp -m limit --limit 10/minute -j LOG --log-prefix "TCP Scan? "
/sbin/iptables -A PSCAN -p udp -m limit --limit 10/minute -j LOG --log-prefix "UDP Scan? "
/sbin/iptables -A PSCAN -p icmp -m limit --limit 10/minute -j LOG --log-prefix "ICMP Scan? "
/sbin/iptables -A PSCAN -f -m limit --limit 10/minute -j LOG --log-prefix "FRAG Scan? "
/sbin/iptables -A PSCAN -j DROP
# New tcp packets without SYN set - could well be an obscure type of port scan
# that's not covered above, may just be a broken windows machine
/sbin/iptables -N NEWNOTSYN
/sbin/iptables -A NEWNOTSYN -m limit --limit 10/minute -j LOG --log-prefix "NEW not SYN? "
/sbin/iptables -A NEWNOTSYN -j DROP
# Chain to contain all the rules relating to bad TCP flags
/sbin/iptables -N BADTCP
# Disallow packets frequently used by port-scanners
# nmap xmas
/sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN,URG,PSH -j PSCAN
# Null
/sbin/iptables -A BADTCP -p tcp --tcp-flags ALL NONE -j PSCAN
# FIN
/sbin/iptables -A BADTCP -p tcp --tcp-flags ALL FIN -j PSCAN
# SYN/RST (also catches xmas variants that set SYN+RST+...)
/sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,RST SYN,RST -j PSCAN
# SYN/FIN (QueSO or nmap OS probe)
/sbin/iptables -A BADTCP -p tcp --tcp-flags SYN,FIN SYN,FIN -j PSCAN
# NEW TCP without SYN
/sbin/iptables -A BADTCP -p tcp ! --syn -m state --state NEW -j NEWNOTSYN
/sbin/iptables -A INPUT -j BADTCP
/sbin/iptables -A FORWARD -j BADTCP
}
iptables_red() {
/sbin/iptables -F REDINPUT
/sbin/iptables -F REDFORWARD
/sbin/iptables -t nat -F REDNAT
# PPPoE / PPTP Device
if [ "$IFACE" != "" ]; then
# PPPoE / PPTP
if [ "$DEVICE" != "" ]; then
/sbin/iptables -A REDINPUT -i $DEVICE -j ACCEPT
fi
if [ "$RED_TYPE" == "PPTP" -o "$RED_TYPE" == "PPPOE" ]; then
if [ "$RED_DEV" != "" ]; then
/sbin/iptables -A REDINPUT -i $RED_DEV -j ACCEPT
fi
fi
fi
# PPTP over DHCP
if [ "$DEVICE" != "" -a "$TYPE" == "PPTP" -a "$METHOD" == "DHCP" ]; then
/sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
/sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $DEVICE -j ACCEPT
fi
# Orange pinholes
if [ "$ORANGE_DEV" != "" ]; then
# This rule enables a host on ORANGE network to connect to the outside
# (only if we have a red connection)
if [ "$IFACE" != "" ]; then
/sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p tcp -o $IFACE -j ACCEPT
/sbin/iptables -A REDFORWARD -i $ORANGE_DEV -p udp -o $IFACE -j ACCEPT
fi
fi
if [ "$IFACE" != "" -a -f CONFIG_ROOT/red/active ]; then
# DHCP
if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
/sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
/sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
fi
if [ "$METHOD" == "DHCP" -a "$PROTOCOL" == "RFC1483" ]; then
/sbin/iptables -A REDINPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
/sbin/iptables -A REDINPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
fi
# Outgoing masquerading
/sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
fi
}
# See how we were called.
case "$1" in
start)
iptables_init
# Limit Packets- helps reduce dos/syn attacks
# original do nothing line
#/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 10/sec
# the correct one, but the negative '!' do nothing...
#/sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit ! --limit 10/sec -j DROP
# Fix for braindead ISP's
/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# CUSTOM chains, can be used by the users themselves
/sbin/iptables -N CUSTOMINPUT
/sbin/iptables -A INPUT -j CUSTOMINPUT
/sbin/iptables -N CUSTOMFORWARD
/sbin/iptables -A FORWARD -j CUSTOMFORWARD
/sbin/iptables -N CUSTOMOUTPUT
/sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
/sbin/iptables -t nat -N CUSTOMPREROUTING
/sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
/sbin/iptables -t nat -N CUSTOMPOSTROUTING
/sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
# filtering from GUI
/sbin/iptables -N GUIINPUT
/sbin/iptables -A INPUT -j GUIINPUT
# Accept everything connected
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# localhost and ethernet.
/sbin/iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -s 127.0.0.0/8 -m state --state NEW -j DROP # Loopback not on lo
/sbin/iptables -A INPUT -d 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A FORWARD -i lo -m state --state NEW -j ACCEPT
/sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP
/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT -p ! icmp
/sbin/iptables -A FORWARD -i $GREEN_DEV -m state --state NEW -j ACCEPT
# If a host on orange tries to initiate a connection to IPFire's red IP and
# the connection gets DNATed back through a port forward to a server on orange
# we end up with orange -> orange traffic passing through IPFire
[ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT
# accept all traffic from ipsec interfaces
/sbin/iptables -A INPUT -i ipsec+ -j ACCEPT
/sbin/iptables -A FORWARD -i ipsec+ -j ACCEPT
# allow DHCP on BLUE to be turned on/off
/sbin/iptables -N DHCPBLUEINPUT
/sbin/iptables -A INPUT -j DHCPBLUEINPUT
# IPSec chains
/sbin/iptables -N IPSECRED
/sbin/iptables -A INPUT -j IPSECRED
/sbin/iptables -N IPSECBLUE
/sbin/iptables -A INPUT -j IPSECBLUE
# WIRELESS chains
/sbin/iptables -N WIRELESSINPUT
/sbin/iptables -A INPUT -m state --state NEW -j WIRELESSINPUT
/sbin/iptables -N WIRELESSFORWARD
/sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD
# RED chain, used for the red interface
/sbin/iptables -N REDINPUT
/sbin/iptables -A INPUT -j REDINPUT
/sbin/iptables -N REDFORWARD
/sbin/iptables -A FORWARD -j REDFORWARD
/sbin/iptables -t nat -N REDNAT
/sbin/iptables -t nat -A POSTROUTING -j REDNAT
iptables_red
# DMZ pinhole chain. setdmzholes setuid prog adds rules here to allow
# ORANGE to talk to GREEN / BLUE.
/sbin/iptables -N DMZHOLES
if [ "$ORANGE_DEV" != "" ]; then
/sbin/iptables -A FORWARD -i $ORANGE_DEV -m state --state NEW -j DMZHOLES
fi
# XTACCESS chain, used for external access
/sbin/iptables -N XTACCESS
/sbin/iptables -A INPUT -m state --state NEW -j XTACCESS
# PORTFWACCESS chain, used for portforwarding
/sbin/iptables -N PORTFWACCESS
/sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS
# Custom prerouting chains (for transparent proxy and port forwarding)
/sbin/iptables -t nat -N SQUID
/sbin/iptables -t nat -A PREROUTING -j SQUID
/sbin/iptables -t nat -N PORTFW
/sbin/iptables -t nat -A PREROUTING -j PORTFW
# Custom mangle chain (for port fowarding)
/sbin/iptables -t mangle -N PORTFWMANGLE
/sbin/iptables -t mangle -A PREROUTING -j PORTFWMANGLE
# Postrouting rules (for port forwarding)
/sbin/iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT \
--to-source $GREEN_ADDRESS
if [ "$BLUE_DEV" != "" ]; then
/sbin/iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source $BLUE_ADDRESS
fi
if [ "$ORANGE_DEV" != "" ]; then
/sbin/iptables -t nat -A POSTROUTING -m mark --mark 3 -j SNAT --to-source $ORANGE_ADDRESS
fi
# run openvpn
/usr/local/bin/openvpnctrl --create-chains-and-rules
# run local firewall configuration, if present
if [ -x /etc/rc.d/rc.firewall.local ]; then
/etc/rc.d/rc.firewall.local start
fi
# last rule in input and forward chain is for logging.
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
;;
stop)
iptables_init
# Accept everyting connected
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# localhost and ethernet.
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i $GREEN_DEV -m state --state NEW -j ACCEPT
if [ "$RED_DEV" != "" -a "$RED_TYPE" == "DHCP" ]; then
/sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
/sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
fi
if [ "$PROTOCOL" == "RFC1483" -a "$METHOD" == "DHCP" ]; then
/sbin/iptables -A INPUT -p tcp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
/sbin/iptables -A INPUT -p udp --source-port 67 --destination-port 68 -i $IFACE -j ACCEPT
fi
# stop openvpn
/usr/local/bin/openvpnctrl --delete-chains-and-rules
# run local firewall configuration, if present
if [ -x /etc/rc.d/rc.firewall.local ]; then
/etc/rc.d/rc.firewall.local stop
fi
/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "INPUT "
/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "OUTPUT "
;;
reload)
iptables_red
# run local firewall configuration, if present
if [ -x /etc/rc.d/rc.firewall.local ]; then
/etc/rc.d/rc.firewall.local reload
fi
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|reload|restart}"
exit 1
;;
esac
exit 0

20
src/rc.d/rc.firewall.local
View File

@@ -1,20 +0,0 @@
#!/bin/sh
# Used for private firewall rules
# See how we were called.
case "$1" in
start)
## add your 'start' rules here
;;
stop)
## add your 'stop' rules here
;;
reload)
$0 stop
$0 start
## add your 'reload' rules here
;;
*)
echo "Usage: $0 {start|stop|reload}"
;;
esac

1
src/rc.d/rc.flash.down
View File

@@ -1 +0,0 @@
tar -czf /var/log_compressed/log.tgz --exclude=/var/log/cache/* /var/log/*

51
src/rc.d/rc.flash.up
View File

@@ -1,51 +0,0 @@
#
# $Id: rc.flash.up,v 1.4.2.1 2005/07/07 20:11:58 franck78 Exp $
#
umount -n /dev/ramdisk
mke2fs -b 1024 -m 0 /dev/ramdisk
rm -rf /tmp/
rm -rf /var/log
rm -rf /var/log/cache/
mount -n /dev/ramdisk /ram/
mkdir -p /ram/{log,squid,tmp}
chown squid:squid /ram/squid
chmod ugo+rwx,o+t /ram/tmp/
if [ -e /var/log_compressed/log.tgz ]; then
tar -xzf /var/log_compressed/log.tgz -C /ram
rm -rf /var/log/cache
fi
if [ ! -e /ram/var/log ]; then
mkdir -p /ram/var/log
fi
ln -s /ram/var/log /var/log
ln -s /ram/squid /var/log/cache
ln -s /ram/tmp /tmp
if [ ! -e /var/log/ip-acct ]; then
mkdir /var/log/ip-acct
fi
if [ ! -e /var/log/httpd ]; then
mkdir /var/log/httpd
fi
if [ ! -e /var/log/rrd ]; then
mkdir /var/log/rrd
fi
if [ ! -e /var/log/snort ]; then
mkdir /var/log/snort
fi
chown -R snort:snort /var/log/snort
if [ ! -e /var/log/squid ]; then
mkdir /var/log/squid
touch /var/log/squid/access.log
fi
chown -R squid:squid /var/log/squid

77
src/rc.d/rc.fritzdsl
View File

@@ -1,77 +0,0 @@
#!/bin/sh
#
# $Id: rc.fritzdsl,v 1.2.2.10 2005/07/07 20:11:58 franck78 Exp $
#
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "FRITZDSL: $*"
fi
/bin/echo "$*"
}
if [ -e /var/run/need-depmod-`uname -r` ]; then
echo "Update modules dependencies, may take time..."
/sbin/depmod -a
/bin/rm -f /var/run/need-depmod-`uname -r`
fi
# ID borrowed from Gentoo ebuild,
# should work with 'Card DSL','Card DSL v2.0', 'Card DSL SL', 'Card DSL USB','Card DSL SL USB'
# pcmcia card not compiled
if ( /bin/grep "1244:2700" -q /proc/pci ); then
FCDSLMODEM='sl'
elif ( /bin/grep "1244:2900" -q /proc/pci ); then
FCDSLMODEM='2'
elif ( /bin/grep "1131:5402" -q /proc/pci ); then
FCDSLMODEM=''
elif ( /bin/grep "Vendor=057c ProdID=2300" -q /proc/bus/usb/devices ); then
FCDSLMODEM='usb'
elif ( /bin/grep "Vendor=057c ProdID=3500" -q /proc/bus/usb/devices ); then
FCDSLMODEM='slusb'
else
FCDSLMODEM='none'
fi
# See how we were called.
case "$1" in
start)
if ( /bin/grep -q "fcdsl" /proc/modules >/dev/null ); then
exit 0;
fi
if [ "$FCDSLMODEM" = 'none' ]; then
msg "No supported modem found"
exit 1
fi
if [ ! -f "/lib/modules/`/bin/uname -r`/misc/fcdsl$FCDSLMODEM.o.gz" ]; then
msg "Driver not uploaded"
exit 1
else
# should use drdsl and drdsl.ini for parameters autoconfiguration or use pppsetup.cgi?
/usr/sbin/capiinit -c "/etc/fcdsl/fcdsl$FCDSLMODEM.conf" start
fi
;;
stop)
msg "stop"
;;
cleanup)
msg "driver cleanup"
if [ "$FCDSLMODEM" = 'none' ]; then
FCDSLMODEM=''
fi
/sbin/modprobe -r fcdslusb fcdslslusb
/usr/sbin/capiinit -c "/etc/fcdsl/fcdsl$FCDSLMODEM.conf" stop
if [ "$FCDSLMODEM" = 'slusb' -o "$FCDSLMODEM" = 'usb' ]; then
/usr/local/bin/resetusb
fi
;;
*)
/bin/echo "Usage: $0 {start|stop|cleanup}"
exit 1
;;
esac
exit 0

69
src/rc.d/rc.halt
View File

@@ -1,69 +0,0 @@
#!/bin/sh
#
# rc.halt for ipfire 2006
#
progressbar()
{
if [ $# != 1 ]
then
echo "Usage: progressbar {progress}"
exit 1
fi
if [ -e /proc/splash ]; then
echo "show $(( 65534 * $1 / 9 ))" > /proc/splash
fi
}
# Set bootsplash
progressbar 0
if [ -e /proc/splash ]; then
echo "silent" > /proc/splash
fi
echo "Stopping the RED interface..."
progressbar 1
/etc/rc.d/rc.red stop 2>/dev/null
/etc/rc.d/rc.red clear 2>/dev/null
echo "Shutting down..."
progressbar 2
sleep 3
echo "Saving the clock"
progressbar 3
/sbin/hwclock --systohc
echo "Sending all processes the TERM signal..."
progressbar 4
/sbin/killall5 -15
sleep 3
echo "Sending all processes the KILL signal..."
progressbar 5
/sbin/killall5 -9
sleep 3
echo "Turning off swap"
progressbar 6
swapoff -a
echo "Unmounting others"
progressbar 7
umount -n -a
echo "Unmounting root"
progressbar 8
mount -n -o remount,ro /
# Send nice shutdown beep now
progressbar 9
/usr/bin/beep -l 75 -f 3000
/usr/bin/beep -l 75 -f 2000
/usr/bin/beep -l 75 -f 1000
/usr/bin/beep -l 75 -f 500
if [ "$1" = "halt" ]; then
halt -i -d -p
else
reboot -i -d
fi

58
src/rc.d/rc.isdn
View File

@@ -1,58 +0,0 @@
#!/bin/sh
#
# $Id: rc.isdn,v 1.7.2.3 2005/07/07 20:11:58 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/isdn/settings)
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "ISDN: $*"
fi
echo "$*"
}
# See how we were called.
case "$1" in
start)
if [ "$ENABLED" = "on" ]; then
/sbin/rmmod hisax_st5481 2>/dev/null
/sbin/rmmod hisax_fcpcipnp 2>/dev/null
/sbin/rmmod hisax_isac 2>/dev/null
/sbin/rmmod hisax 2>/dev/null
if [ "$TYPE" = "998" ]; then
/sbin/modprobe hisax_st5481 protocol=$PROTOCOL $MODULE_PARAMS
exit $?
elif [ "$TYPE" = "999" ]; then
/sbin/modprobe hisax_fcpcipnp protocol=$PROTOCOL $MODULE_PARAMS
exit $?
else
/sbin/modprobe hisax protocol=$PROTOCOL type=$TYPE $MODULE_PARAMS
exit $?
fi
else
msg "No ISDN enabled"
exit 1
fi
;;
stop)
/sbin/ifconfig ippp1 down 2>/dev/null
/sbin/ifconfig ippp0 down 2>/dev/null
/usr/sbin/isdnctrl delif ippp1 2>/dev/null
/usr/sbin/isdnctrl delif ippp0 2>/dev/null
/bin/killall ipppd 2>/dev/null
/bin/killall ibod 2>/dev/null
/sbin/rmmod hisax_st5481 2>/dev/null
/sbin/rmmod hisax_fcpcipnp 2>/dev/null
/sbin/rmmod hisax_isac 2>/dev/null
/sbin/rmmod hisax 2>/dev/null
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0

2
src/rc.d/rc.local
View File

@@ -1,2 +0,0 @@
#!/bin/sh

27
src/rc.d/rc.netaddress.down
View File

@@ -1,27 +0,0 @@
#!/bin/sh
#
# $Id: rc.netaddress.down,v 1.3.2.1 2005/07/07 20:11:58 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ethernet/settings)
eval $(/usr/local/bin/readhash CONFIG_ROOT/dhcp/settings)
# GREEN
if [ "$1" != "NOTGREEN" ]; then
ifconfig $GREEN_DEV down 2> /dev/null
fi
# ORANGE
if [ "$ORANGE_DEV" != "" ]; then
ifconfig $ORANGE_DEV down 2> /dev/null
fi
# BLUE
if [ "$BLUE_DEV" != "" ]; then
ifconfig $BLUE_DEV down 2> /dev/null
fi
# RED
/etc/rc.d/rc.red stop
sleep 3
/etc/rc.d/rc.red clear

55
src/rc.d/rc.netaddress.up
View File

@@ -1,55 +0,0 @@
#!/bin/sh
#
# $Id: rc.netaddress.up,v 1.7.2.14 2005/07/07 20:11:58 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
eval $(/usr/local/bin/readhash CONFIG_ROOT/ethernet/settings)
if [ "$1" != "NOTGREEN" ]; then
if [ "$GREEN_DEV" != "" ]; then
ifconfig $GREEN_DEV $GREEN_ADDRESS netmask $GREEN_NETMASK broadcast $GREEN_BROADCAST up
else
echo "WARNING: No driver set for GREEN"
fi
fi
if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "7" ]; then
if [ "$ORANGE_DEV" != "" ]; then
ifconfig $ORANGE_DEV $ORANGE_ADDRESS netmask $ORANGE_NETMASK broadcast $ORANGE_BROADCAST up
fi
fi
if [ "$CONFIG_TYPE" = "4" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
if [ "$BLUE_DEV" != "" ]; then
ifconfig $BLUE_DEV $BLUE_ADDRESS netmask $BLUE_NETMASK broadcast $BLUE_BROADCAST up
fi
fi
# If RED is ethernet then check furthur...
if [ "$CONFIG_TYPE" == "2" -o "$CONFIG_TYPE" == "3" -o "$CONFIG_TYPE" == "6" -o "$CONFIG_TYPE" == "7" ]; then
# If we are DHCP or STATIC we have to start automatically
if [ "$RED_TYPE" == "DHCP" -o "$RED_TYPE" == "STATIC" ]; then
AUTOCONNECT="on"
fi
fi
# Start DNSMASQ with defaults
if [ "$DOMAIN_NAME_GREEN" == "" ]; then
/usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases
else
/usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases -s "$DOMAIN_NAME_GREEN"
fi
# Only when AUTOCONNECT is off, do we not bother dialing but start local dns server
if [ "$AUTOCONNECT" == "off" ]; then
# Start VPN Connections # bug 1177572 might be corrected because this
# /usr/local/bin/ipsecctrl S # call was done to much earlier (before RED start)
# Presently commented because I'm not sure VPN is usefull without RED
echo -n # bash do not like empty then ... else
else
/etc/rc.d/rc.red start
fi

82
src/rc.d/rc.network
View File

@@ -1,82 +0,0 @@
#!/bin/sh
#
# $Id: rc.network,v 1.10.2.6 2005/07/11 18:38:02 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ethernet/settings)
echo "Setting up loopback"
ifconfig lo localhost up
echo "Loading MASQ helper modules"
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ip_conntrack_h323
modprobe ip_nat_h323
modprobe ip_conntrack_irc
modprobe ip_nat_irc
modprobe ip_conntrack_mms
modprobe ip_nat_mms
modprobe ip_conntrack_pptp
modprobe ip_nat_pptp
modprobe ip_conntrack_proto_gre
modprobe ip_nat_proto_gre
modprobe ip_conntrack_quake3
modprobe ip_nat_quake3
# Remove possible leftover files
rm -f CONFIG_ROOT/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
# This won't actually do anything unless a PCMCIA controller was
# detected at install time, because /etc/pcmcia.conf won't exist.
/etc/rc.d/rc.pcmcia start
# Now, just in case we found a PCMCIA USB controller, we'll need to reload
# the USB here.
/usr/local/bin/resetusb
# The 'for' loop force driver loading order
for NIC in 0 1 2 3; do
ETHX="eth${NIC}"
if [ "$GREEN_DEV" == "$ETHX" ]; then
if [ "$GREEN_DRIVER" != "" ]; then
modprobe $GREEN_DRIVER $GREEN_DRIVER_OPTIONS
fi
fi
if [ "$ORANGE_DEV" == "$ETHX" ]; then
if [ "$ORANGE_DRIVER" != "" ]; then
modprobe $ORANGE_DRIVER $ORANGE_DRIVER_OPTIONS
fi
fi
if [ "$BLUE_DEV" == "$ETHX" ]; then
if [ "$BLUE_DRIVER" != "" ]; then
modprobe $BLUE_DRIVER $BLUE_DRIVER_OPTIONS
fi
fi
if [ "$RED_DEV" == "$ETHX" ]; then
if [ "$RED_DRIVER" != "" ]; then
modprobe $RED_DRIVER $RED_DRIVER_OPTIONS
fi
fi
done
if [ -d /proc/bus/pccard ]; then
echo "Initializing PCMCIA cardbus modems"
modprobe serial_cb
fi
echo "Setting up IPFire firewall rules"
/etc/rc.d/rc.firewall start
echo "Setting up IP Accounting"
/etc/rc.d/helper/writeipac.pl
/usr/sbin/fetchipac -S
echo "Setting IPFire DMZ pinholes"
/usr/local/bin/setdmzholes
if [ "$BLUE_DEV" != "" ]; then
echo "Setting up wireless firewall rules"
/usr/local/bin/restartwireless
fi
echo "Bringing network up"
. /etc/rc.d/rc.netaddress.up

45
src/rc.d/rc.pulsardsl
View File

@@ -1,45 +0,0 @@
#!/bin/bash
#
# $Id: rc.pulsardsl,v 1.3.2.8 2005/07/07 20:11:58 franck78 Exp $
#
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
# Debugging. Comment it out to stop logging
DEBUG="yes"
msg() {
if [ "z$DEBUG" != "z" ] ; then
/usr/bin/logger -t red "Pulsar DSL: $*"
fi
echo "$*"
}
# See how we were called.
case "$1" in
start)
if ( ! /sbin/lsmod | /bin/grep -q pulsar ); then
/sbin/modprobe pulsar
if [ $? -ne 0 ]; then
msg "Pulsar loading failed"
exit 2
else
# arbitrary fixed time until the driver support a way to know that the modem is synchronised
/bin/sleep 60
fi
fi
exit 0
;;
stop)
msg "stop"
;;
cleanup)
msg "driver cleanup"
/sbin/modprobe -r pulsar
;;
*)
echo "Usage: $0 {start|stop|cleanup}"
exit 1
;;
esac
exit 0

1169
src/rc.d/rc.red
View File

File diff suppressed because it is too large Load Diff

46
src/rc.d/rc.sysinit
View File

@@ -1,46 +0,0 @@
#!/bin/sh
#
# rc.sysinit by the IPFire Team
#
eval $(/usr/local/bin/readhash /var/ipfire/main/settings)
umask 022
PATH=/bin:/sbin:/usr/bin:/usr/sbin
export PATH
PROGRESS=0
NUMBEROFSCRIPTS=`ls -l /etc/boot.d | grep ^- | wc -l`
progressbar()
{
if [ $# != 1 ]
then
echo "Usage: progressbar {progress}"
exit 1
fi
if [ -e /proc/splash ]; then
echo "show $(( 65534 * $1 / $NUMBEROFSCRIPTS ))" > /proc/splash
fi
}
echo "Mounting /proc filesystem"
mount -n -t proc /proc /proc
progressbar 0
list=`find /etc/boot.d -type f -maxdepth 1 | sort`
for script in $list; do
. $script
let PROGRESS=$PROGRESS+1
progressbar $PROGRESS
done
logger -t ipfire "IPFire started."
# Send nice startup beep now
/usr/bin/beep -l 75 -f 500
/usr/bin/beep -l 75 -f 1000
/usr/bin/beep -l 75 -f 2000
/usr/bin/beep -l 75 -f 3000

149
src/rc.d/rc.updatered
View File

@@ -1,149 +0,0 @@
#!/bin/sh
#
# $Id: rc.updatered,v 1.11.2.15 2005/12/01 16:20:37 franck78 Exp $
#
if [ ! -e /var/lock/rc.updatered.lock ]; then
/bin/touch /var/lock/rc.updatered.lock
/usr/bin/logger -s -p local0.info -t rc.updatered "$0 locking for $$"
else
count=0
while [ ! $count = 5 ]; do
sleep 3
if [ ! -e /var/lock/rc.updatered.lock ]; then
break
else
/usr/bin/logger -s -p local0.info -t rc.updatered "$0 $$ waiting unlock"
fi
((++count))
done
fi
eval $(/usr/local/bin/readhash CONFIG_ROOT/vpn/settings)
eval $(/usr/local/bin/readhash CONFIG_ROOT/dhcp/settings)
eval $(/usr/local/bin/readhash CONFIG_ROOT/ethernet/settings)
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
IFACE=`/bin/cat CONFIG_ROOT/red/iface 2>/dev/null | /usr/bin/tr -d '\012'`
REMOTE=`/bin/cat CONFIG_ROOT/red/remote-ipaddress 2>/dev/null | /usr/bin/tr -d '\012'`
###
### Retrieve DHCP Settings
###
if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
if [ "$RED_TYPE" = "DHCP" ]; then
unset DNS1 DNS2
eval $(/usr/local/bin/readhash CONFIG_ROOT/ethernet/settings)
if [ "$DNS1" = "" ]; then
echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > CONFIG_ROOT/red/dns1
echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > CONFIG_ROOT/red/dns2
else
echo "$DNS1" > CONFIG_ROOT/red/dns1
echo "$DNS2" > CONFIG_ROOT/red/dns2
fi
. CONFIG_ROOT/dhcpc/dhcpcd-${RED_DEV}.info
echo "$IPADDR" > CONFIG_ROOT/red/local-ipaddress
echo "$GATEWAY" > CONFIG_ROOT/red/remote-ipaddress
fi
else
if [ "$PROTOCOL" = "RFC1483" -a "$METHOD" = "DHCP" ]; then
unset DNS1 DNS2
eval $(/usr/local/bin/readhash CONFIG_ROOT/ppp/settings)
if [ "$DNS" = "Automatic" ]; then
echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > CONFIG_ROOT/red/dns1
echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > CONFIG_ROOT/red/dns2
else
echo "$DNS1" > CONFIG_ROOT/red/dns1
echo "$DNS2" > CONFIG_ROOT/red/dns2
fi
. CONFIG_ROOT/dhcpc/dhcpcd-${IFACE}.info
echo $IPADDR > CONFIG_ROOT/red/local-ipaddress
echo $GATEWAY > CONFIG_ROOT/red/remote-ipaddress
fi
fi
###
### Retrieve DNS settings
###
DNS1=`/bin/cat CONFIG_ROOT/red/dns1 2>/dev/null | /usr/bin/tr -d '\012'`
DNS2=`/bin/cat CONFIG_ROOT/red/dns2 2>/dev/null | /usr/bin/tr -d '\012'`
echo > CONFIG_ROOT/red/resolv.conf #clear it
[ "$DNS1" != "" ] && echo "nameserver $DNS1" > CONFIG_ROOT/red/resolv.conf
[ "$DNS2" != "" ] && echo "nameserver $DNS2" >> CONFIG_ROOT/red/resolv.conf
###
### Restart DNSMASQ
###
/bin/killall -KILL dnsmasq 2> /dev/null
sleep 1
DOMopt=""
[ "$DOMAIN_NAME_GREEN" ] && DOMopt="-s $DOMAIN_NAME_GREEN"
if [ -e "CONFIG_ROOT/red/dial-on-demand" -a "$DIALONDEMANDDNS" == "on" -a ! -e "CONFIG_ROOT/red/active" ]; then
/usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r CONFIG_ROOT/ppp/fake-resolv.conf
else
/usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r CONFIG_ROOT/red/resolv.conf
fi
unset DOMopt
# Reset default route to ippp0 for dial on demand
if [ -e "CONFIG_ROOT/red/dial-on-demand" -a "$TYPE" == "isdn" -a ! -e "CONFIG_ROOT/red/active" ]; then
/sbin/route del default 2> /dev/null
if [ ! -z "$REMOTE" ]; then
/sbin/route add default gw $REMOTE 2> /dev/null
else
/sbin/route add default dev ippp0 2> /dev/null
fi
fi
if ( echo $0 | /bin/grep -q 'dhcpcd.exe' ); then
eval $(/usr/local/bin/readhash "$1")
case "$2" in
up) /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with old IP=${IPADDR}"
if [ "$RED_TYPE" != 'PPTP' ]; then
/bin/touch CONFIG_ROOT/red/active
fi
;;
new) /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with new IP=${IPADDR}"
if [ -e "CONFIG_ROOT/red/active" ]; then
/usr/local/bin/setfilters
/usr/local/bin/setportfw
/usr/local/bin/setxtaccess
/usr/local/bin/setddns.pl -f
/usr/local/bin/restartsnort red
sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
/bin/rm -f /var/lock/rc.updatered.lock
/usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$"
exit 0
else
if [ "$RED_TYPE" != 'PPTP' ]; then
/bin/touch CONFIG_ROOT/red/active
fi
fi
;;
down) /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been brought down"
rm -f CONFIG_ROOT/red/active
;;
esac
fi
if [ -e "CONFIG_ROOT/red/active" ]; then
[ "$IFACE" != "" ] && /sbin/ifconfig $IFACE -multicast
/etc/rc.d/rc.firewall reload
/usr/local/bin/setfilters
/usr/local/bin/restartsnort red
/usr/local/bin/qosctrl restart
/usr/local/bin/setportfw
/usr/local/bin/setxtaccess
/usr/local/bin/setddns.pl -f
/etc/rc.d/helper/writeipac.pl
/usr/sbin/fetchipac -S
sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
else
/usr/local/bin/ipsecctrl D
/etc/rc.d/rc.firewall reload
fi
/bin/rm -f /var/lock/rc.updatered.lock
/usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$"