diff options
Diffstat (limited to 'package/base-files/default/etc')
| -rwxr-xr-x | package/base-files/default/etc/firewall.user | 29 | ||||
| -rwxr-xr-x | package/base-files/default/etc/functions.sh | 26 | ||||
| -rw-r--r-- | package/base-files/default/etc/hotplug.d/net/10-net | 85 | ||||
| -rwxr-xr-x | package/base-files/default/etc/init.d/S10boot | 9 | ||||
| -rwxr-xr-x | package/base-files/default/etc/init.d/S40network | 16 | ||||
| -rwxr-xr-x | package/base-files/default/etc/init.d/S45firewall | 96 | ||||
| -rwxr-xr-x | package/base-files/default/etc/init.d/S50telnet | 2 | ||||
| -rwxr-xr-x | package/base-files/default/etc/init.d/S60cron | 8 | ||||
| -rwxr-xr-x | package/base-files/default/etc/init.d/S98done | 9 | ||||
| -rwxr-xr-x | package/base-files/default/etc/init.d/S99done | 4 | ||||
| -rwxr-xr-x | package/base-files/default/etc/init.d/rcS | 10 | ||||
| -rw-r--r-- | package/base-files/default/etc/inittab | 1 | ||||
| -rwxr-xr-x | package/base-files/default/etc/preinit | 23 |
13 files changed, 67 insertions, 251 deletions
diff --git a/package/base-files/default/etc/firewall.user b/package/base-files/default/etc/firewall.user deleted file mode 100755 index 5774f0c64..000000000 --- a/package/base-files/default/etc/firewall.user +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -. /etc/functions.sh -. /etc/network.overrides -[ "$FAILSAFE" != "true" -a -e /etc/config/network ] && . /etc/config/network - -WAN=$(nvram get wan_ifname) -LAN=$(nvram get lan_ifname) - -iptables -F input_rule -iptables -F output_rule -iptables -F forwarding_rule -iptables -t nat -F prerouting_rule -iptables -t nat -F postrouting_rule - -### BIG FAT DISCLAIMER -### The "-i $WAN" literally means packets that came in over the $WAN interface; -### this WILL NOT MATCH packets sent from the LAN to the WAN address. - -### Allow SSH on the WAN interface -# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT -# iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT - -### Port forwarding -# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2 -# iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT - -### DMZ (should be placed after port forwarding / accept rules) -# iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.1.2 -# iptables -A forwarding_rule -i $WAN -d 192.168.1.2 -j ACCEPT diff --git a/package/base-files/default/etc/functions.sh b/package/base-files/default/etc/functions.sh index e7126473f..526ca52dd 100755 --- a/package/base-files/default/etc/functions.sh +++ b/package/base-files/default/etc/functions.sh @@ -1,6 +1,4 @@ #!/bin/sh -. /etc/nvram.sh - alias debug=${DEBUG:-:} # valid interface? @@ -13,27 +11,3 @@ if_valid () ( hotplug_dev() { env -i ACTION=$1 INTERFACE=$2 /sbin/hotplug net } - -bitcount () { - local c=$1 - echo $(( - c=((c>> 1)&0x55555555)+(c&0x55555555), - c=((c>> 2)&0x33333333)+(c&0x33333333), - c=((c>> 4)&0x0f0f0f0f)+(c&0x0f0f0f0f), - c=((c>> 8)&0x00ff00ff)+(c&0x00ff00ff), - c=((c>>16)&0x0000ffff)+(c&0x0000ffff) - )) -} - -valid_netmask () { - return $((-($1)&~$1)) -} - -ip2int () ( - set $(echo $1 | tr '\.' ' ') - echo $(($1<<24|$2<<16|$3<<8|$4)) -) - -int2ip () { - echo $(($1>>24&255)).$(($1>>16&255)).$(($1>>8&255)).$(($1&255)) -} diff --git a/package/base-files/default/etc/hotplug.d/net/10-net b/package/base-files/default/etc/hotplug.d/net/10-net index 0f384ec46..4bb69378f 100644 --- a/package/base-files/default/etc/hotplug.d/net/10-net +++ b/package/base-files/default/etc/hotplug.d/net/10-net @@ -1,32 +1,28 @@ #!/bin/sh -setup_eth() -{ - for part in $(nvram get unused_ifnames); do - [ "$part" = "$INTERFACE" ] && exit 0 - done - ifconfig "$INTERFACE" up 2>&- >&- -} - find_name() { - pppoa_ifname="atm0" # hack for ppp over atm, which has no ${proto}_ifname - interfaces="lan wan wifi $(nvram get ifnames)" - for ifname in $interfaces; do + for ifname in lan wan wifi ${ifnames}; do IFTYPE="${ifname}" - IFPROTO="$(nvram get ${IFTYPE}_proto)" - IFACE="$(nvram get ${IFTYPE}_ifname)" + eval "IFPROTO=\"\${${IFTYPE}_proto}\"" + eval "IFACE=\"\${${IFTYPE}_ifname}\"" case "$IFPROTO" in ""|none);; static|dhcp) [ "${IFACE}" = "$INTERFACE" ] && return 0 [ "${IFACE%%[0-9]*}" = "br" ] && { - for part in $(nvram get ${IFTYPE}_ifnames); do + eval "ifs=\"\${${IFTYPE}_ifnames}\"" + for part in $ifs; do [ "$part" = "$INTERFACE" ] && return 0 done } ;; + pppoa) + [ "$INTERFACE" = "atm0" \ + -a -x /sbin/ifup.${IFPROTO} ] && return 0 + ;; *) - [ "$(nvram get ${IFTYPE}_device)" = "$INTERFACE" \ + eval "device=\"\${${IFTYPE}_device}\"" + [ "$device" = "$INTERFACE" \ -a -x /sbin/ifup.${IFPROTO} ] && return 0 ;; esac @@ -39,17 +35,18 @@ find_name() do_ifup() { if="$3" - if_proto="$(nvram get ${2}_proto)" + eval "if_proto=\"\${${2}_proto}\"" pidfile=/var/run/${if}.pid [ -f $pidfile ] && $DEBUG kill $(cat $pidfile) case "$1" in static) - ip=$(nvram get ${2}_ipaddr) - ip6=$(nvram get ${2}_ip6addr) - netmask=$(nvram get ${2}_netmask) - gateway=$(nvram get ${2}_gateway) + eval "ip=\"\${${2}_ipaddr}\"" + eval "ip6=\"\${${2}_ip6addr}\"" + eval "netmask=\"\${${2}_netmask}\"" + eval "gateway=\"\${${2}_gateway}\"" + eval "dns=\"\${${2}_dns}\"" $DEBUG ifconfig $if $ip ${netmask:+netmask $netmask} broadcast + up [ -n "$ip6" ] && $DEBUG ifconfig $if add $ip6 @@ -58,24 +55,25 @@ do_ifup() { [ -f /tmp/resolv.conf ] || { debug "# --- creating /tmp/resolv.conf ---" - for dns in $(nvram get ${2}_dns); do - echo "nameserver $dns" >> /tmp/resolv.conf + for ns in $dns; do + echo "nameserver $ns" >> /tmp/resolv.conf done } env -i ACTION="ifup" INTERFACE="${2}" PROTO=static /sbin/hotplug "iface" & ;; dhcp) - DHCP_IP=$(nvram get ${2}_ipaddr) - DHCP_NETMASK=$(nvram get ${2}_netmask) + eval "ip=\"\${${2}_ipaddr}\"" + eval "netmask=\"\${${2}_netmask}\"" + eval "hostname=\"\${${2}_hostname}\"" + $DEBUG ifconfig $if $ip ${netmask:+netmask $netmask} broadcast + up - DHCP_ARGS="-i $if ${DHCP_IP:+-r $DHCP_IP} -b -p $pidfile" - DHCP_HOSTNAME=$(nvram get ${2}_hostname) - DHCP_HOSTNAME=${DHCP_HOSTNAME%%.*} - [ -z $DHCP_HOSTNAME ] || DHCP_ARGS="$DHCP_ARGS -H $DHCP_HOSTNAME" - [ "$if_proto" = "pptp" ] && DHCP_ARGS="$DHCP_ARGS -n -q" || DHCP_ARGS="$DHCP_ARGS -R &" - ${DEBUG:-eval} "udhcpc $DHCP_ARGS" + args="-i $if ${ip:+-r $ip} -b -p $pidfile" + hostname="${hostname%%.*}" + args="$args${hostname:+ -H $hostname}" + [ "$if_proto" = "pptp" ] && args="$args -n -q" || args="$args -R &" + ${DEBUG:-eval} "udhcpc $args" # hotplug events are handled by /usr/share/udhcpc/default.script ;; *) @@ -88,25 +86,23 @@ do_ifup() { do_register() { - case "${INTERFACE%%[0-9]*}" in - eth) setup_eth;; - esac - [ -z "$IFTYPE" -o -z "$IFPROTO" ] && { find_name || { case "${INTERFACE%%[0-9]*}" in wds) - for tmp in lan wifi; do - [ -z "$IFPROTO" ] && [ "$(nvram get ${tmp}_ifname)" = "br0" ] && { - IFPROTO="$(nvram get ${tmp}_proto)" + for ifname in lan wifi; do + eval "if=\"\${${ifname}_ifname}\"" + [ -z "$IFPROTO" ] && [ "$if" = "br0" ] && { + eval "IFPROTO=\"\${${2}_proto}\"" IFTYPE="${tmp}" } done [ -z "$IFPROTO" ] && return 0 ;; atm) - for tmp in lan wan wifi $(nvram get ifnames); do - [ "$(nvram get ${tmp}_proto)" = "pppoa" ] && { + for tmp in lan wan wifi ${ifnames}; do + eval "if_proto=\"\${${2}_proto}\"" + [ "$if_proto" = "pppoa" ] && { do_ifup "pppoa" "$tmp" "$INTERFACE" return 0 } @@ -122,16 +118,16 @@ do_register() case "${INTERFACE%%[0-9]*}" in ppp|atm);; *) - mac=$(nvram get ${IFTYPE}_hwaddr) + eval "mac=\"\${${IFTYPE}_hwaddr}\"" ${mac:+$DEBUG ifconfig $INTERFACE down hw ether $mac} ;; esac - if="$(nvram get ${IFTYPE}_ifname)" + eval "if=\"\${${IFTYPE}_ifname}\"" if [ "${if%%[0-9]}" = "br" ]; then if_valid "$INTERFACE" && { ifconfig "$if" 2>&- >&- || { - stp=$(nvram get ${IFTYPE}_stp) + eval "stp=\"\${${IFTYPE}_stp}\"" $DEBUG brctl addbr "$if" $DEBUG brctl setfd "$if" 0 $DEBUG brctl stp "$if" "${stp:-0}" @@ -151,8 +147,9 @@ do_register() } do_unregister() { - [ -z "$IFTYPE" -o -z "$IFPROTO" ] && find_name - [ -z "$IFTYPE" -o -z "$IFPROTO" ] && return 0 + [ -z "$IFTYPE" -o -z "$IFPROTO" ] && { + find_name || return 0 + } [ "${IFACE%%[0-9]*}" = "br" ] && { if [ "$INTERFACE" != "$IFACE" ]; then diff --git a/package/base-files/default/etc/init.d/S10boot b/package/base-files/default/etc/init.d/S10boot index 02fddee7b..0cc519d8e 100755 --- a/package/base-files/default/etc/init.d/S10boot +++ b/package/base-files/default/etc/init.d/S10boot @@ -1,14 +1,9 @@ #!/bin/sh -. /etc/nvram.sh - -[ "$(uname -r|grep -c 2.4)" = "1" ] && { - echo "S" > /proc/jffs2_bbc -} +[ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc vconfig set_name_type VLAN_PLUS_VID_NO_PAD -HOSTNAME=$(nvram get wan_hostname) -HOSTNAME=${HOSTNAME%%.*} +HOSTNAME=${wan_hostname%%.*} echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname mkdir -p /var/run diff --git a/package/base-files/default/etc/init.d/S40network b/package/base-files/default/etc/init.d/S40network deleted file mode 100755 index 168fd2979..000000000 --- a/package/base-files/default/etc/init.d/S40network +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -. /etc/functions.sh -[ "$FAILSAFE" != "true" -a -e /etc/config/network ] && . /etc/config/network -case "$1" in - start|restart) -# ifup lan -# ifup wan -# ifup wifi -# wifi up - - for route in $(nvram get static_route); do { - eval "set $(echo $route | sed 's/:/ /g')" - $DEBUG route add -net $1 netmask $2 gw $3 metric $4 dev $5 - } done - ;; -esac diff --git a/package/base-files/default/etc/init.d/S45firewall b/package/base-files/default/etc/init.d/S45firewall deleted file mode 100755 index 8c67d82b1..000000000 --- a/package/base-files/default/etc/init.d/S45firewall +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/sh - -## Please make changes in /etc/firewall.user -${FAILSAFE:+exit} - -. /etc/functions.sh -. /etc/network.overrides -[ "$FAILSAFE" != "true" -a -e /etc/config/network ] && . /etc/config/network - -WAN=$(nvram get wan_ifname) -LAN=$(nvram get lan_ifname) - -## CLEAR TABLES -for T in filter nat; do - iptables -t $T -F - iptables -t $T -X -done - -iptables -N input_rule -iptables -N output_rule -iptables -N forwarding_rule - -iptables -t nat -N prerouting_rule -iptables -t nat -N postrouting_rule - -### INPUT -### (connections with the router as destination) - - # base case - iptables -P INPUT DROP - iptables -A INPUT -m state --state INVALID -j DROP - iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP - - # - # insert accept rule or to jump to new accept-check table here - # - iptables -A INPUT -j input_rule - - # allow - iptables -A INPUT ${WAN:+-i \! $WAN} -j ACCEPT # allow from lan/wifi interfaces - iptables -A INPUT -p icmp -j ACCEPT # allow ICMP - iptables -A INPUT -p gre -j ACCEPT # allow GRE - - # reject (what to do with anything not allowed earlier) - iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset - iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable - -### OUTPUT -### (connections with the router as source) - - # base case - iptables -P OUTPUT DROP - iptables -A OUTPUT -m state --state INVALID -j DROP - iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - - # - # insert accept rule or to jump to new accept-check table here - # - iptables -A OUTPUT -j output_rule - - # allow - iptables -A OUTPUT -j ACCEPT #allow everything out - - # reject (what to do with anything not allowed earlier) - iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset - iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable - -### FORWARDING -### (connections routed through the router) - - # base case - iptables -P FORWARD DROP - iptables -A FORWARD -m state --state INVALID -j DROP - iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu - iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT - - # - # insert accept rule or to jump to new accept-check table here - # - iptables -A FORWARD -j forwarding_rule - - # allow - iptables -A FORWARD -i br0 -o br0 -j ACCEPT - [ -z "$WAN" ] || iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT - - # reject (what to do with anything not allowed earlier) - # uses the default -P DROP - -### MASQ - iptables -t nat -A PREROUTING -j prerouting_rule - iptables -t nat -A POSTROUTING -j postrouting_rule - [ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE - -## USER RULES -[ -f /etc/firewall.user ] && . /etc/firewall.user diff --git a/package/base-files/default/etc/init.d/S50telnet b/package/base-files/default/etc/init.d/S50telnet index ff5659ed4..fb9687c8a 100755 --- a/package/base-files/default/etc/init.d/S50telnet +++ b/package/base-files/default/etc/init.d/S50telnet @@ -1,2 +1,2 @@ #!/bin/sh -if awk -F: '/^root:/ && $2 !~ /\!/ {exit 1}' /etc/passwd 2>/dev/null || test $FAILSAFE; then telnetd -l /bin/login; fi +if awk -F: '/^root:/ && $2 !~ /\!/ {exit 1}' /etc/passwd 2>/dev/null; then telnetd -l /bin/login; fi diff --git a/package/base-files/default/etc/init.d/S60cron b/package/base-files/default/etc/init.d/S60cron index 6069b8177..175273426 100755 --- a/package/base-files/default/etc/init.d/S60cron +++ b/package/base-files/default/etc/init.d/S60cron @@ -1,6 +1,4 @@ #!/bin/sh -[ -d /etc/crontabs ] || mkdir -p /etc/crontabs -[ -e /var/spool/cron/crontabs ] || { - mkdir -p /var/spool/cron - ln -s /etc/crontabs /var/spool/cron/crontabs -} && crond -c /etc/crontabs +mkdir -p /var/spool/cron +ln -s /etc/crontabs /var/spool/cron/crontabs +crond -c /etc/crontabs diff --git a/package/base-files/default/etc/init.d/S98done b/package/base-files/default/etc/init.d/S98done new file mode 100755 index 000000000..5d5ab49ce --- /dev/null +++ b/package/base-files/default/etc/init.d/S98done @@ -0,0 +1,9 @@ +#!/bin/sh +sysctl -p >&- + +# automagically run firstboot +{ mount|grep "on / type tmpfs" 1>&-; } && { + lock /tmp/.switch2jffs + firstboot switch2jffs + lock -u /tmp/.switch2jffs +} diff --git a/package/base-files/default/etc/init.d/S99done b/package/base-files/default/etc/init.d/S99done deleted file mode 100755 index a260ac3d6..000000000 --- a/package/base-files/default/etc/init.d/S99done +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -# set leds to normal state -[ -f /proc/sys/diag ] && echo "0x00" > /proc/sys/diag -sysctl -p >&- diff --git a/package/base-files/default/etc/init.d/rcS b/package/base-files/default/etc/init.d/rcS index 10079c593..b38e44978 100755 --- a/package/base-files/default/etc/init.d/rcS +++ b/package/base-files/default/etc/init.d/rcS @@ -1,8 +1,10 @@ #!/bin/sh -. /etc/nvram.sh -syslog_ip=$(nvram get log_ipaddr) -ipcalc -s "$syslog_ip" || syslog_ip="" -syslogd -C 16 ${syslog_ip:+-L -R $syslog_ip} +${FAILSAFE:+exit} + +[ -f /etc/config/network ] && . /etc/config/network +eval $(ipcalc "$log_ipaddr") +[ "$log_ipaddr" = "$IP" ] || log_ipaddr="" +syslogd -C 16 ${log_ipaddr:+-L -R $log_ipaddr} klogd #${FAILSAFE:+telnetd -l /bin/login; ifup lan; exit} for i in /etc/init.d/S*; do diff --git a/package/base-files/default/etc/inittab b/package/base-files/default/etc/inittab index 5916311e1..39e134cb1 100644 --- a/package/base-files/default/etc/inittab +++ b/package/base-files/default/etc/inittab @@ -1,4 +1,3 @@ ::sysinit:/etc/init.d/rcS -::shutdown:/sbin/halt tts/0::askfirst:/bin/ash --login #tts/1::askfirst:/bin/ash --login diff --git a/package/base-files/default/etc/preinit b/package/base-files/default/etc/preinit index ac9039ca7..5b676ca3a 100755 --- a/package/base-files/default/etc/preinit +++ b/package/base-files/default/etc/preinit @@ -1,24 +1,11 @@ #!/bin/sh -. /etc/nvram.sh export PATH=/bin:/sbin:/usr/bin:/usr/sbin mount none /proc -t proc -insmod diag -[ -f /proc/sys/diag ] && echo 0x01 > /proc/sys/diag -sleep 1 -if [ -f /proc/sys/reset ] && [ $(cat /proc/sys/reset) = 1 -o "$(nvram get failsafe)" = 1 ]; then - export FAILSAFE=true - [ -x /usr/sbin/nvram -a "$(nvram get boot_wait)" != "on" ] && { - nvram set boot_wait=on - nvram commit - } - while :; do { echo $(((X=(X+1)%8)%2)) > /proc/sys/diag; sleep $((X==0)); } done & -fi -mount_root ${FAILSAFE:+failsafe} - -# automagically run firstboot -[ -z "$FAILSAFE" -a -z "$(nvram get no_root_swap)" ] && { - { mount|grep "on / type jffs2" 1>&-; } || firstboot +[ -f /etc/preinit.arch ] && . /etc/preinit.arch +[ -z "$FAILSAFE" ] || { + echo /bin/true > /proc/sys/kernel/hotplug + telnetd -l /bin/login <> /dev/null 2>&1 } - +mount_root ${FAILSAFE:+failsafe} exec /sbin/init |