verzia 2.58, 2008/04/13 19:27:00 |
verzia 2.63, 2009/01/17 01:37:08 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.57 2008-02-02 22:57:54 rajo Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.62 2009-01-17 01:31:26 rajo Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
Riadok 70 IFCONFIG="${IFCONFIG:=/sbin/ifconfig}" |
|
Riadok 70 IFCONFIG="${IFCONFIG:=/sbin/ifconfig}" |
|
DEPMOD="${DEPMOD:=/sbin/depmod}" |
DEPMOD="${DEPMOD:=/sbin/depmod}" |
MODPROBE="${MODPROBE:=/sbin/modprobe}" |
MODPROBE="${MODPROBE:=/sbin/modprobe}" |
RMMOD="${RMMOD:=/sbin/rmmod}" |
RMMOD="${RMMOD:=/sbin/rmmod}" |
AWK="${AWK:=/usr/bin/awk}" |
AWK="${AWK:=/usr/bin/gawk}" |
PERL="${PERL:=/usr/bin/perl}" |
PERL="${PERL:=/usr/bin/perl}" |
|
|
# shaping |
# shaping |
Riadok 105 TRACEROUTE_DEST_PORTS="33434:33523" # Tr |
|
Riadok 105 TRACEROUTE_DEST_PORTS="33434:33523" # Tr |
|
# allow some ICMP packets - needed for ping etc. |
# allow some ICMP packets - needed for ping etc. |
ACCEPT_ICMP_PACKETS="${ACCEPT_ICMP_PACKETS:=echo-reply destination-unreachable echo-request time-exceeded}" |
ACCEPT_ICMP_PACKETS="${ACCEPT_ICMP_PACKETS:=echo-reply destination-unreachable echo-request time-exceeded}" |
|
|
|
# check if all required tools are installed |
|
check_tools() |
|
{ # {{{ |
|
[ -x $AWK ] || (echo "AWK not found: please install gawk" && exit 1); |
|
[ -x $PERL ] || (echo "PERL not found: please install perl" && exit 1); |
|
[ -x $IPTABLES ] || (echo "IPTABLES not found: please install iptables" && exit 1); |
|
[ -x $IPTABLES_SAVE ] || (echo "IPTABLES_SAVE not found: please install iptables" && exit 1); |
|
[ -x $IPTABLES_RESTORE ] || (echo "IPTABLES_RESTORE not found: please install iptables" && exit 1); |
|
} # }}} |
|
|
print_first() |
print_first() |
{ # {{{ |
{ # {{{ |
Riadok 119 get_first_ip_addr() |
|
Riadok 128 get_first_ip_addr() |
|
|
|
read_config_ips() |
read_config_ips() |
{ # {{{ |
{ # {{{ |
PARSE_CONFIG=$1 perl -ne 'if (m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/(\d+)$/g) { print; } elsif ($_ !~ m/^\s*#/ && $_ !~ m/^\s*$/ ) { print STDERR "ERROR: $ENV{PARSE_CONFIG}:$.: ignored string $_\n"; }' $1 |
PARSE_CONFIG=$1 $PERL -ne 'if (m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/(\d+)$/g) { print; } elsif ($_ !~ m/^\s*#/ && $_ !~ m/^\s*$/ ) { print STDERR "ERROR: $ENV{PARSE_CONFIG}:$.: ignored string $_\n"; }' $1 |
} # }}} |
} # }}} |
|
|
# load necessary modules from $MODULES variable |
# load necessary modules from $MODULES variable |
|
|
|
|
if [ -f "$CACHE_FILE" ]; then |
if [ -f "$CACHE_FILE" ]; then |
print_info "Loading rules from cache file $CACHE_FILE" |
print_info "Loading rules from cache file $CACHE_FILE" |
|
|
|
# this has nothing to do with IPtables rules, we need to run them explicitly |
|
forward_on |
|
shaping_on |
|
|
|
# restore IPtables rules |
$IPTABLES_RESTORE -c < $CACHE_FILE; |
$IPTABLES_RESTORE -c < $CACHE_FILE; |
forward_on # this has nothing to do with IPtables rules, we need to run them explicitly |
#echo "exit code $IPTABLES_RESTORE: $?" |
exit 0; |
[ $? -eq 0 ] && exit 0; # exit if load succesfull |
fi |
fi |
} # }}} |
} # }}} |
|
|
Riadok 173 unload_modules() |
|
Riadok 188 unload_modules() |
|
print_iface_status() |
print_iface_status() |
{ # {{{ |
{ # {{{ |
# Print interfaces: |
# Print interfaces: |
print_info "# iface | IP addr | Gateway | broadcast | netmask | HW addr" |
print_info "$(pad7 "# iface") | $(pad15 "IP address") | $(pad15 "Gateway") | $(pad15 "Broadcast") | $(pad15 "Netmask") | HW address"; |
for iface in $interfaces; do |
for iface in $interfaces; do |
IPS="IP_$iface"; |
IPS="IP_$iface"; |
for IP in ${!IPS}; do |
for IP in ${!IPS}; do |
Gateway="Gateway_$iface"; Bcast="Bcast_$iface"; Mask="Mask_$iface"; HWaddr="HWaddr_$iface"; |
Gateway="Gateway_$iface"; |
print_info "$iface | ${IP} | ${!Gateway} | ${!Bcast} | ${!Mask} | ${!HWaddr}" |
Bcast="Bcast_$iface"; |
|
Mask="Mask_$iface"; |
|
HWaddr="HWaddr_$iface"; |
|
print_info "$(pad7 $iface) | $(pad15 ${IP}) | $(pad15 ${!Gateway}) | $(pad15 ${!Bcast}) | $(pad15 ${!Mask}) | ${!HWaddr}"; |
done |
done |
done |
done |
} # }}} |
} # }}} |
Riadok 1208 printf "interfaces=\"%s\"; export inter |
|
Riadok 1226 printf "interfaces=\"%s\"; export inter |
|
|
|
} # }}} |
} # }}} |
|
|
|
# helper function for string padding |
|
str_pad_right() |
|
{ # {{{ |
|
num="$1"; |
|
string="$2"; |
|
count=$(echo -n "$string" | wc -c); |
|
count=$((count + 0)) |
|
while [ $count -lt $num ]; do |
|
string="$string "; |
|
count=$((count + 1)); |
|
done |
|
echo -n "$string" |
|
return; |
|
} # }}} |
|
|
|
pad7() { str_pad_right 7 "$1"; } |
|
pad15() { str_pad_right 15 "$1"; } |
|
|
|
|
|
check_tools |
parse_ifconfig |
parse_ifconfig |
print_iface_status |
print_iface_status |
|
|