SVN-Revision: 4915master
parent
1bb321cbec
commit
af5f6ac550
@ -1,25 +1,25 @@ |
||||
#!/bin/sh |
||||
#!/bin/sh /etc/rc.common |
||||
# Copyright (C) 2006 OpenWrt.org |
||||
|
||||
. /etc/functions.sh |
||||
|
||||
[ -f /proc/mounts ] || /sbin/mount_root |
||||
[ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc |
||||
vconfig set_name_type DEV_PLUS_VID_NO_PAD |
||||
|
||||
HOSTNAME=${wan_hostname%%.*} |
||||
echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname |
||||
|
||||
mkdir -p /var/run |
||||
mkdir -p /var/log |
||||
mkdir -p /var/lock |
||||
touch /var/log/wtmp |
||||
touch /var/log/lastlog |
||||
[ "$FAILSAFE" = "true" ] && touch /tmp/.failsafe |
||||
|
||||
# manually trigger hotplug before loading modules |
||||
for iface in $(awk -F: '/:/ {print $1}' /proc/net/dev); do |
||||
/usr/bin/env -i ACTION=add INTERFACE="$iface" /sbin/hotplug net |
||||
done |
||||
|
||||
load_modules /etc/modules /etc/modules.d/* |
||||
start() { |
||||
[ -f /proc/mounts ] || /sbin/mount_root |
||||
[ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc |
||||
vconfig set_name_type DEV_PLUS_VID_NO_PAD |
||||
|
||||
HOSTNAME=${wan_hostname%%.*} |
||||
echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname |
||||
|
||||
mkdir -p /var/run |
||||
mkdir -p /var/log |
||||
mkdir -p /var/lock |
||||
touch /var/log/wtmp |
||||
touch /var/log/lastlog |
||||
[ "$FAILSAFE" = "true" ] && touch /tmp/.failsafe |
||||
|
||||
# manually trigger hotplug before loading modules |
||||
for iface in $(awk -F: '/:/ {print $1}' /proc/net/dev); do |
||||
/usr/bin/env -i ACTION=add INTERFACE="$iface" /sbin/hotplug net |
||||
done |
||||
|
||||
load_modules /etc/modules /etc/modules.d/* |
||||
} |
||||
|
@ -1,4 +1,10 @@ |
||||
#!/bin/sh |
||||
#!/bin/sh /etc/rc.common |
||||
# Copyright (C) 2006 OpenWrt.org |
||||
|
||||
[ -d /www ] && httpd -p 80 -h /www -r OpenWrt |
||||
start() { |
||||
[ -d /www ] && httpd -p 80 -h /www -r OpenWrt |
||||
} |
||||
|
||||
stop() { |
||||
killall httpd |
||||
} |
||||
|
@ -1,4 +1,10 @@ |
||||
#!/bin/sh |
||||
#!/bin/sh /etc/rc.common |
||||
# Copyright (C) 2006 OpenWrt.org |
||||
|
||||
if awk -F: '/^root:/ && $2 !~ /\!/ {exit 1}' /etc/passwd 2>/dev/null; then telnetd -l /bin/login; fi |
||||
start() { |
||||
if awk -F: '/^root:/ && $2 !~ /\!/ {exit 1}' /etc/passwd 2>/dev/null; then telnetd -l /bin/login; fi |
||||
} |
||||
|
||||
stop() { |
||||
killall telnetd |
||||
} |
||||
|
@ -1,6 +1,12 @@ |
||||
#!/bin/sh |
||||
#!/bin/sh /etc/rc.common |
||||
# Copyright (C) 2006 OpenWrt.org |
||||
|
||||
mkdir -p /var/spool/cron |
||||
ln -s /etc/crontabs /var/spool/cron/crontabs |
||||
crond -c /etc/crontabs |
||||
start () { |
||||
mkdir -p /var/spool/cron |
||||
ln -s /etc/crontabs /var/spool/cron/crontabs |
||||
crond -c /etc/crontabs |
||||
} |
||||
|
||||
stop() { |
||||
killall crond |
||||
} |
||||
|
@ -1,11 +0,0 @@ |
||||
#!/bin/sh |
||||
# Copyright (C) 2006 OpenWrt.org |
||||
|
||||
sysctl -p >&- |
||||
|
||||
# automagically run firstboot |
||||
{ mount|grep "on / type tmpfs" 1>&-; } && { |
||||
lock /tmp/.switch2jffs |
||||
firstboot switch2jffs |
||||
lock -u /tmp/.switch2jffs |
||||
} |
@ -0,0 +1,77 @@ |
||||
#!/bin/sh |
||||
. /etc/functions.sh |
||||
|
||||
start() { |
||||
return 0 |
||||
} |
||||
|
||||
stop() { |
||||
return 0 |
||||
} |
||||
|
||||
reload() { |
||||
return 1 |
||||
} |
||||
|
||||
restart() { |
||||
stop |
||||
start |
||||
} |
||||
|
||||
boot() { |
||||
start |
||||
} |
||||
|
||||
shutdown() { |
||||
return 0 |
||||
} |
||||
|
||||
disable() { |
||||
rm -f /etc/rc.d/${initscript##*/} |
||||
} |
||||
|
||||
enable() { |
||||
disable |
||||
ln -s /etc/init.d/${initscript##*/} /etc/rc.d/${initscript##*/} |
||||
} |
||||
|
||||
depends() { |
||||
return 0 |
||||
} |
||||
|
||||
help() { |
||||
cat <<EOF |
||||
Syntax: $0 [command] |
||||
|
||||
Available commands: |
||||
start Start the service |
||||
stop Stop the service |
||||
restart Restart the service |
||||
reload Reload configuration files (or restart if that fails) |
||||
enable Enable the service (load at boot time) |
||||
disable Disable the service |
||||
$EXTRA_HELP |
||||
EOF |
||||
} |
||||
|
||||
initscript="$1" |
||||
action="$2" |
||||
|
||||
. "$initscript" |
||||
|
||||
cmds= |
||||
for cmd in $EXTRA_COMMANDS; do |
||||
cmds="$cmd) $cmd;;" |
||||
done |
||||
eval "case \"\$action\" in |
||||
start) start;; |
||||
stop) stop;; |
||||
reload) reload || restart;; |
||||
restart) restart;; |
||||
enable) enable;; |
||||
disable) disable;; |
||||
boot) boot;; |
||||
shutdown) shutdown;; |
||||
$cmds |
||||
*) help;; |
||||
esac" |
@ -1,50 +1,57 @@ |
||||
#!/bin/sh |
||||
. /etc/functions.sh |
||||
include /lib/network |
||||
scan_interfaces |
||||
|
||||
# The following is to automatically configure the DHCP settings |
||||
# based on config settings. Feel free to replace all this crap |
||||
# with a simple "dnsmasq" and manage everything via the |
||||
# /etc/dnsmasq.conf config file |
||||
|
||||
[ -f /etc/dnsmasq.conf ] || exit |
||||
|
||||
args="" |
||||
iface=lan |
||||
config_get ifname "$iface" ifname |
||||
config_get proto "$iface" proto |
||||
|
||||
[ "$proto" = static ] && dhcp_enable="${dhcp_enable:-1}" |
||||
dhcp_start="${dhcp_start:-100}" |
||||
dhcp_num="${dhcp_num:-50}" |
||||
dhcp_lease="${dhcp_lease:-12h}" |
||||
|
||||
# if dhcp_enable is unset and there is a dhcp server on the network already, default to dhcp_enable=0 |
||||
[ -z "$dhcp_enable" ] && udhcpc -n -q -R -s /bin/true -i $ifname >&- && dhcp_enable="${dhcp_enable:-0}" |
||||
|
||||
# dhcp_enable=0 disables the dhcp server |
||||
( |
||||
[ -z "$dhcp_enable" -o "$dhcp_enable" -eq 1 ] && { |
||||
# no existing DHCP server? |
||||
|
||||
# calculate settings |
||||
config_get ipaddr "$iface" ipaddr |
||||
config_get netmask "$iface" netmask |
||||
eval $(ipcalc $ipaddr $netmask ${dhcp_start:-100} ${dhcp_num:-150}) |
||||
|
||||
# and pass the args via config parser defines |
||||
echo "${dhcp_enable:+@define dhcp_enable 1}" |
||||
echo "@define netmask $NETMASK" |
||||
echo "@define start $START" |
||||
echo "@define end $END" |
||||
echo "@define lease ${dhcp_lease:-12h}" |
||||
} |
||||
|
||||
# ignore requests from wan interface |
||||
config_get wan_proto wan proto |
||||
config_get wan_ifname wan ifname |
||||
[ -z "$wan_proto" -o "$wan_proto" = "none" ] || echo "@define wan_ifname $wan_ifname" |
||||
|
||||
cat /etc/dnsmasq.conf |
||||
) | awk -f /usr/lib/parse-config.awk | dnsmasq -C /proc/self/fd/0 |
||||
#!/bin/sh /etc/rc.common |
||||
# Copyright (C) 2006 OpenWrt.org |
||||
|
||||
start() { |
||||
include /lib/network |
||||
scan_interfaces |
||||
|
||||
# The following is to automatically configure the DHCP settings |
||||
# based on config settings. Feel free to replace all this crap |
||||
# with a simple "dnsmasq" and manage everything via the |
||||
# /etc/dnsmasq.conf config file |
||||
|
||||
[ -f /etc/dnsmasq.conf ] || exit |
||||
|
||||
args="" |
||||
iface=lan |
||||
config_get ifname "$iface" ifname |
||||
config_get proto "$iface" proto |
||||
|
||||
[ "$proto" = static ] && dhcp_enable="${dhcp_enable:-1}" |
||||
dhcp_start="${dhcp_start:-100}" |
||||
dhcp_num="${dhcp_num:-50}" |
||||
dhcp_lease="${dhcp_lease:-12h}" |
||||
|
||||
# if dhcp_enable is unset and there is a dhcp server on the network already, default to dhcp_enable=0 |
||||
[ -z "$dhcp_enable" ] && udhcpc -n -q -R -s /bin/true -i $ifname >&- && dhcp_enable="${dhcp_enable:-0}" |
||||
|
||||
# dhcp_enable=0 disables the dhcp server |
||||
( |
||||
[ -z "$dhcp_enable" -o "$dhcp_enable" -eq 1 ] && { |
||||
# no existing DHCP server? |
||||
|
||||
# calculate settings |
||||
config_get ipaddr "$iface" ipaddr |
||||
config_get netmask "$iface" netmask |
||||
eval $(ipcalc $ipaddr $netmask ${dhcp_start:-100} ${dhcp_num:-150}) |
||||
|
||||
# and pass the args via config parser defines |
||||
echo "${dhcp_enable:+@define dhcp_enable 1}" |
||||
echo "@define netmask $NETMASK" |
||||
echo "@define start $START" |
||||
echo "@define end $END" |
||||
echo "@define lease ${dhcp_lease:-12h}" |
||||
} |
||||
|
||||
# ignore requests from wan interface |
||||
config_get wan_proto wan proto |
||||
config_get wan_ifname wan ifname |
||||
[ -z "$wan_proto" -o "$wan_proto" = "none" ] || echo "@define wan_ifname $wan_ifname" |
||||
|
||||
cat /etc/dnsmasq.conf |
||||
) | awk -f /usr/lib/parse-config.awk | dnsmasq -C /proc/self/fd/0 |
||||
} |
||||
|
||||
stop() { |
||||
killall dnsmasq |
||||
} |
||||
|
@ -1,16 +1,19 @@ |
||||
#!/bin/sh |
||||
#!/bin/sh /etc/rc.common |
||||
# Copyright (C) 2006 OpenWrt.org |
||||
|
||||
for type in rsa dss; do { |
||||
# check for keys |
||||
key=/etc/dropbear/dropbear_${type}_host_key |
||||
[ ! -f $key ] && { |
||||
# generate missing keys |
||||
mkdir -p /etc/dropbear |
||||
[ -x /usr/bin/dropbearkey ] && { |
||||
/usr/bin/dropbearkey -t $type -f $key 2>&- >&- && exec $0 $* |
||||
} & |
||||
exit 0 |
||||
} |
||||
}; done |
||||
|
||||
/usr/sbin/dropbear |
||||
start() { |
||||
for type in rsa dss; do { |
||||
# check for keys |
||||
key=/etc/dropbear/dropbear_${type}_host_key |
||||
[ ! -f $key ] && { |
||||
# generate missing keys |
||||
mkdir -p /etc/dropbear |
||||
[ -x /usr/bin/dropbearkey ] && { |
||||
/usr/bin/dropbearkey -t $type -f $key 2>&- >&- && exec $0 $* |
||||
} & |
||||
exit 0 |
||||
} |
||||
}; done |
||||
|
||||
/usr/sbin/dropbear |
||||
} |
||||
|
@ -1,103 +1,115 @@ |
||||
#!/bin/sh |
||||
#!/bin/sh /etc/rc.common |
||||
# Copyright (C) 2006 OpenWrt.org |
||||
|
||||
## Please make changes in /etc/firewall.user |
||||
|
||||
. /etc/functions.sh |
||||
include /lib/network |
||||
|
||||
scan_interfaces |
||||
config_get WAN wan ifname |
||||
config_get LAN lan ifname |
||||
|
||||
## CLEAR TABLES |
||||
for T in filter nat; do |
||||
iptables -t $T -F |
||||
iptables -t $T -X |
||||
done |
||||
|
||||
iptables -N input_rule |
||||
iptables -N output_rule |
||||
iptables -N forwarding_rule |
||||
|
||||
iptables -t nat -N prerouting_rule |
||||
iptables -t nat -N postrouting_rule |
||||
|
||||
iptables -N LAN_ACCEPT |
||||
[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN |
||||
iptables -A LAN_ACCEPT -j ACCEPT |
||||
|
||||
### INPUT |
||||
### (connections with the router as destination) |
||||
|
||||
# base case |
||||
iptables -P INPUT DROP |
||||
iptables -A INPUT -m state --state INVALID -j DROP |
||||
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
||||
iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP |
||||
|
||||
# |
||||
# insert accept rule or to jump to new accept-check table here |
||||
# |
||||
iptables -A INPUT -j input_rule |
||||
|
||||
# allow |
||||
iptables -A INPUT -j LAN_ACCEPT # allow from lan/wifi interfaces |
||||
iptables -A INPUT -p icmp -j ACCEPT # allow ICMP |
||||
iptables -A INPUT -p gre -j ACCEPT # allow GRE |
||||
|
||||
# reject (what to do with anything not allowed earlier) |
||||
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset |
||||
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable |
||||
|
||||
### OUTPUT |
||||
### (connections with the router as source) |
||||
|
||||
# base case |
||||
iptables -P OUTPUT DROP |
||||
iptables -A OUTPUT -m state --state INVALID -j DROP |
||||
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
||||
|
||||
# |
||||
# insert accept rule or to jump to new accept-check table here |
||||
# |
||||
iptables -A OUTPUT -j output_rule |
||||
|
||||
# allow |
||||
iptables -A OUTPUT -j ACCEPT #allow everything out |
||||
|
||||
# reject (what to do with anything not allowed earlier) |
||||
iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset |
||||
iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable |
||||
|
||||
### FORWARDING |
||||
### (connections routed through the router) |
||||
|
||||
# base case |
||||
iptables -P FORWARD DROP |
||||
iptables -A FORWARD -m state --state INVALID -j DROP |
||||
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu |
||||
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT |
||||
|
||||
# |
||||
# insert accept rule or to jump to new accept-check table here |
||||
# |
||||
iptables -A FORWARD -j forwarding_rule |
||||
|
||||
# allow |
||||
iptables -A FORWARD -i br0 -o br0 -j ACCEPT |
||||
[ -z "$WAN" ] || iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT |
||||
|
||||
# reject (what to do with anything not allowed earlier) |
||||
# uses the default -P DROP |
||||
|
||||
### MASQ |
||||
iptables -t nat -A PREROUTING -j prerouting_rule |
||||
iptables -t nat -A POSTROUTING -j postrouting_rule |
||||
[ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE |
||||
start() { |
||||
include /lib/network |
||||
scan_interfaces |
||||
|
||||
config_get WAN wan ifname |
||||
config_get LAN lan ifname |
||||
|
||||
## CLEAR TABLES |
||||
for T in filter nat; do |
||||
iptables -t $T -F |
||||
iptables -t $T -X |
||||
done |
||||
|
||||
iptables -N input_rule |
||||
iptables -N output_rule |
||||
iptables -N forwarding_rule |
||||
|
||||
iptables -t nat -N prerouting_rule |
||||
iptables -t nat -N postrouting_rule |
||||
|
||||
iptables -N LAN_ACCEPT |
||||
[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN |
||||
iptables -A LAN_ACCEPT -j ACCEPT |
||||
|
||||
### INPUT |
||||
### (connections with the router as destination) |
||||
|
||||
# base case |
||||
iptables -P INPUT DROP |
||||
iptables -A INPUT -m state --state INVALID -j DROP |
||||
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
||||
iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP |
||||
|
||||
# |
||||
# insert accept rule or to jump to new accept-check table here |
||||
# |
||||
iptables -A INPUT -j input_rule |
||||
|
||||
# allow |
||||
iptables -A INPUT -j LAN_ACCEPT # allow from lan/wifi interfaces |
||||
iptables -A INPUT -p icmp -j ACCEPT # allow ICMP |
||||
iptables -A INPUT -p gre -j ACCEPT # allow GRE |
||||
|
||||
# reject (what to do with anything not allowed earlier) |
||||
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset |
||||
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable |
||||
|
||||
### OUTPUT |
||||
### (connections with the router as source) |
||||
|
||||
# base case |
||||
iptables -P OUTPUT DROP |
||||
iptables -A OUTPUT -m state --state INVALID -j DROP |
||||
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
||||
|
||||
# |
||||
# insert accept rule or to jump to new accept-check table here |
||||
# |
||||
iptables -A OUTPUT -j output_rule |
||||
|
||||
# allow |
||||
iptables -A OUTPUT -j ACCEPT #allow everything out |
||||
|
||||
# reject (what to do with anything not allowed earlier) |
||||
iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset |
||||
iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable |
||||
|
||||
### FORWARDING |
||||
### (connections routed through the router) |
||||
|
||||
# base case |
||||
iptables -P FORWARD DROP |
||||
iptables -A FORWARD -m state --state INVALID -j DROP |
||||
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu |
||||
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT |
||||
|
||||
# |
||||
# insert accept rule or to jump to new accept-check table here |
||||
# |
||||
iptables -A FORWARD -j forwarding_rule |
||||
|
||||
# allow |
||||
iptables -A FORWARD -i br0 -o br0 -j ACCEPT |
||||
[ -z "$WAN" ] || iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT |
||||
|
||||
# reject (what to do with anything not allowed earlier) |
||||
# uses the default -P DROP |
||||
|
||||
### MASQ |
||||
iptables -t nat -A PREROUTING -j prerouting_rule |
||||
iptables -t nat -A POSTROUTING -j postrouting_rule |
||||
[ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE |
||||
|
||||
## USER RULES |
||||
[ -f /etc/firewall.user ] && . /etc/firewall.user |
||||
[ -n "$WAN" -a -e /etc/config/firewall ] && { |
||||
awk -f /usr/lib/common.awk -f /usr/lib/firewall.awk /etc/config/firewall | ash |
||||
} |
||||
} |
||||
|
||||
## USER RULES |
||||
[ -f /etc/firewall.user ] && . /etc/firewall.user |
||||
[ -n "$WAN" -a -e /etc/config/firewall ] && { |
||||
awk -f /usr/lib/common.awk -f /usr/lib/firewall.awk /etc/config/firewall | ash |
||||
stop() { |
||||
iptables -P INPUT ACCEPT |
||||
iptables -P OUTPUT ACCEPT |
||||
iptables -P FORWARD ACCEPT |
||||
iptables -F |
||||
iptables -t nat -P PREROUTING ACCEPT |
||||
iptables -t nat -P POSTROUTING ACCEPT |
||||
iptables -t nat -P OUTPUT ACCEPT |
||||
iptables -t nat -F |
||||
} |
||||
|
@ -1,2 +1,4 @@ |
||||
#!/bin/sh |
||||
iwpriv ath0 mode 3 |
||||
#!/bin/sh /etc/rc.common |
||||
start() { |
||||
iwpriv ath0 mode 3 |
||||
} |
||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue