|
@@ -19,6 +19,25 @@ cmd_run () {
|
|
|
return ${ERRCODE}
|
|
|
}
|
|
|
|
|
|
+iptable () {
|
|
|
+ if [ `iptables -L ${2} -v | grep -c ""${3}.*${1}""` -eq 0 ]; then
|
|
|
+ cmd_run "iptables" "iptables -I ${2} -i ${1} -j ${3}"
|
|
|
+ else
|
|
|
+ cmd_run "iptables" "iptables -D ${2} -i ${1} -j ${3}"
|
|
|
+ iptable ${1} ${2} ${3}
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
+ebtable () {
|
|
|
+ CMD="-p ${2} -i ${1} -j ${3}"
|
|
|
+ if [ `ebtables -t broute -L | grep -ice "${CMD}"` -eq 0 ]; then
|
|
|
+ cmd_run "ebtables" "ebtables -t broute -I BROUTING ${CMD}"
|
|
|
+ else
|
|
|
+ cmd_run "ebtables" "ebtables -t broute -D BROUTING ${CMD}"
|
|
|
+ ebtable ${1} ${2} ${3}
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
assign_ip () {
|
|
|
IFACE=${1}
|
|
|
IFACE_NWRK_ADDR=${2}
|
|
@@ -28,31 +47,25 @@ assign_ip () {
|
|
|
DHCP_START=${5}
|
|
|
DHCP_END=${6}
|
|
|
|
|
|
- cmd_run "ifconfig" "ifconfig ${IFACE} ${IFACE_INET_ADDR} netmask ${IFACE_NETMASK}"
|
|
|
-
|
|
|
- if [ `iptables -L -v | grep -c ${IFACE}` -eq 0 ]; then
|
|
|
- cmd_run "iptables" "iptables -I INPUT -i ${IFACE} -j ACCEPT"
|
|
|
- cmd_run "iptables" "iptables -I FORWARD -i ${IFACE} -m state --state NEW -j ACCEPT"
|
|
|
- cmd_run "iptables" "iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu"
|
|
|
- fi
|
|
|
-
|
|
|
- if [ `ebtables -t broute -L | grep -ice "-p ipv4 -i ${IFACE} -j DROP"` -eq 0 ]; then
|
|
|
- cmd_run "ebtables" "ebtables -t broute -I BROUTING -p ipv4 -i ${IFACE} -j DROP"
|
|
|
- fi
|
|
|
-
|
|
|
- #if [ `ebtables -t broute -L | grep -ice "-p arp -i ${IFACE} - DROP"` -eq 0 ]; then
|
|
|
- # cmd_run "ebtables" "ebtables -t broute -I BROUTING -p arp -i ${IFACE} -j DROP"
|
|
|
- #fi
|
|
|
-
|
|
|
if [ `cat ${DNSMASQ_CONF} | grep -c ${IFACE}` -eq 0 ]; then
|
|
|
logger "dnsmasq-dhcp: Configure ${IFACE} to have special DHCP"
|
|
|
pc_append "interface=${IFACE}" ${DNSMASQ_CONF}
|
|
|
pc_append "dhcp-range=${IFACE},${DHCP_START},${DHCP_END},${IFACE_NETMASK},24h" ${DNSMASQ_CONF}
|
|
|
pc_append "dhcp-option=${IFACE},3,${IFACE_INET_ADDR}" ${DNSMASQ_CONF}
|
|
|
- pc_append "dhcp-option=${IFACE},6,192.168.1.1" ${DNSMASQ_CONF}
|
|
|
+ pc_append "dhcp-option=${IFACE},6,8.8.8.8,8.8.4.4" ${DNSMASQ_CONF}
|
|
|
+ pc_append "dhcp-option=${IFACE},252,\"\n\"" ${DNSMASQ_CONF}
|
|
|
fi
|
|
|
|
|
|
- cmd_run "ip-route" "ip route flush cache"
|
|
|
+ cmd_run "ifconfig" "ifconfig ${IFACE} ${IFACE_INET_ADDR} netmask ${IFACE_NETMASK} up"
|
|
|
+
|
|
|
+ ebtable "${IFACE}" "ipv4" "DROP"
|
|
|
+ ebtable "${IFACE}" "ipv6" "DROP"
|
|
|
+ ebtable "${IFACE}" "arp" "DROP"
|
|
|
+
|
|
|
+ iptable "${IFACE}" "FORWARD" "ACCEPT"
|
|
|
+ iptable "${IFACE}" "INPUT" "ACCEPT"
|
|
|
+
|
|
|
+ #cmd_run "ip-route" "ip route flush cache"
|
|
|
|
|
|
}
|
|
|
|