From cf123d2a166d297712ab7b7221af999a62643f98 Mon Sep 17 00:00:00 2001 From: nbd Date: Wed, 4 Oct 2006 20:05:48 +0000 Subject: add new rc.common for standardized init scripts, convert existing init scripts git-svn-id: svn://svn.openwrt.org/openwrt/branches/buildroot-ng/openwrt@4915 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/base-files/ar7-2.4/etc/init.d/S00adam2 | 16 +- .../base-files/brcm-2.4/etc/init.d/S05netconfig | 157 ++++++++-------- .../base-files/brcm-2.6/etc/init.d/S05netconfig | 161 ++++++++-------- package/base-files/default/etc/init.d/S10boot | 46 ++--- package/base-files/default/etc/init.d/S40network | 14 +- package/base-files/default/etc/init.d/S50httpd | 10 +- package/base-files/default/etc/init.d/S50telnet | 10 +- package/base-files/default/etc/init.d/S60cron | 14 +- package/base-files/default/etc/init.d/S98done | 11 -- package/base-files/default/etc/init.d/rcS | 17 +- package/base-files/default/etc/rc.common | 77 ++++++++ package/dnsmasq/files/dnsmasq.init | 107 ++++++----- package/dropbear/files/dropbear.init | 33 ++-- package/iptables/files/firewall.init | 206 +++++++++++---------- package/madwifi/files/madwifi.init | 6 +- 15 files changed, 506 insertions(+), 379 deletions(-) delete mode 100755 package/base-files/default/etc/init.d/S98done create mode 100755 package/base-files/default/etc/rc.common (limited to 'package') diff --git a/package/base-files/ar7-2.4/etc/init.d/S00adam2 b/package/base-files/ar7-2.4/etc/init.d/S00adam2 index 0ca4c0145..5f5b3504c 100755 --- a/package/base-files/ar7-2.4/etc/init.d/S00adam2 +++ b/package/base-files/ar7-2.4/etc/init.d/S00adam2 @@ -1,8 +1,12 @@ -#!/bin/sh +#!/bin/sh /etc/rc.common # ADAM2 patcher for Netgear DG834 and compatible -MD5="$(md5sum /dev/mtdblock/0 | awk '{print $1}')" -[ "$MD5" = "0530bfdf00ec155f4182afd70da028c1" ] && { - mtd unlock adam2 - /sbin/adam2patcher /dev/mtdblock/0 +# Copyright (C) 2006 OpenWrt.org + +start() { + MD5="$(md5sum /dev/mtdblock/0 | awk '{print $1}')" + [ "$MD5" = "0530bfdf00ec155f4182afd70da028c1" ] && { + mtd unlock adam2 + /sbin/adam2patcher /dev/mtdblock/0 + } + rm -f /etc/init.d/S00adam2 /sbin/adam2patcher >&- 2>&- } -rm -f /etc/init.d/S00adam2 /sbin/adam2patcher >&- 2>&- diff --git a/package/base-files/brcm-2.4/etc/init.d/S05netconfig b/package/base-files/brcm-2.4/etc/init.d/S05netconfig index 175b9a983..71092da55 100755 --- a/package/base-files/brcm-2.4/etc/init.d/S05netconfig +++ b/package/base-files/brcm-2.4/etc/init.d/S05netconfig @@ -1,86 +1,87 @@ -#!/bin/sh +#!/bin/sh /etc/rc.common # Copyright (C) 2006 OpenWrt.org -[ -e /etc/config/network ] && exit 0 +start() { + [ -e /etc/config/network ] && exit 0 -mkdir -p /etc/config + mkdir -p /etc/config -( - if grep -E 'mtd0: 000(6|a)0000' /proc/mtd 2>&- >&-; then - # WGT634u - echo boardtype=wgt634u - else - strings /dev/mtdblock/3 - fi -) | awk ' -function p(cfgname, name) { - if (c[name] != "") print " option " cfgname " \"" c[name] "\"" -} - -BEGIN { - FS="=" - c["lan_ifname"]="eth0.0 wl0" - c["wan_ifname"]="eth0.1" - c["vlan0ports"]="1 2 3 4 5*" - c["vlan1ports"]="0 5" -} - -($1 == "boardnum") || ($1 == "boardtype") || ($1 == "boardflags") { - nvram[$1] = $2 -} - -END { - # v1 hardware - if (nvram["boardtype"] == "bcm94710dev") { - # Asus WL-500g - if (nvram["boardnum"] == "asusX") { - c["lan_ifname"]="eth0 eth1 wl0" # FIXME - c["wan_ifname"]="" - } + ( + if grep -E 'mtd0: 000(6|a)0000' /proc/mtd 2>&- >&-; then + # WGT634u + echo boardtype=wgt634u + else + strings /dev/mtdblock/3 + fi + ) | awk ' + function p(cfgname, name) { + if (c[name] != "") print " option " cfgname " \"" c[name] "\"" } - if (nvram["boardtype"] == "wgt634u") { - c["vlan0ports"] = "0 1 2 3 5*" - c["vlan1ports"] = "4 5" - c["lan_ifname"] = "eth0.0 ath0" + + BEGIN { + FS="=" + c["lan_ifname"]="eth0.0 wl0" + c["wan_ifname"]="eth0.1" + c["vlan0ports"]="1 2 3 4 5*" + c["vlan1ports"]="0 5" } - if ((nvram["boardtype"] == "0x0467") || (nvram["boardtype"] == "0x042f")) { - c["vlan0ports"] = "0 1 2 3 5*" - c["vlan1ports"] = "4 5" + + ($1 == "boardnum") || ($1 == "boardtype") || ($1 == "boardflags") { + nvram[$1] = $2 } - - # WAP54G - if ((nvram["boardnum"] == "2") || \ - (nvram["boardnum"] == "1024")) { - c["lan_ifname"]="eth0 wl0" - c["wan_ifname"]="" - } - - print "#### VLAN configuration " - print "config switch eth0" - p("vlan0", "vlan0ports") - p("vlan1", "vlan1ports") - print "" - print "" - print "#### Loopback configuration" - print "config interface loopback" - print " option ifname \"lo\"" - print " option proto static" - print " option ipaddr 127.0.0.1" - print " option netmask 255.0.0.0" - print "" - print "" - print "#### LAN configuration" - print "config interface lan" - print " option type bridge" - p("ifname", "lan_ifname") - print " option proto static" - print " option ipaddr 192.168.1.1" - print " option netmask 255.255.255.0" - print "" - print "" - print "#### WAN configuration" - print "config interface wan" - p("ifname", "wan_ifname") - print " option proto dhcp" + + END { + # v1 hardware + if (nvram["boardtype"] == "bcm94710dev") { + # Asus WL-500g + if (nvram["boardnum"] == "asusX") { + c["lan_ifname"]="eth0 eth1 wl0" # FIXME + c["wan_ifname"]="" + } + } + if (nvram["boardtype"] == "wgt634u") { + c["vlan0ports"] = "0 1 2 3 5*" + c["vlan1ports"] = "4 5" + c["lan_ifname"] = "eth0.0 ath0" + } + if ((nvram["boardtype"] == "0x0467") || (nvram["boardtype"] == "0x042f")) { + c["vlan0ports"] = "0 1 2 3 5*" + c["vlan1ports"] = "4 5" + } + + # WAP54G + if ((nvram["boardnum"] == "2") || \ + (nvram["boardnum"] == "1024")) { + c["lan_ifname"]="eth0 wl0" + c["wan_ifname"]="" + } + + print "#### VLAN configuration " + print "config switch eth0" + p("vlan0", "vlan0ports") + p("vlan1", "vlan1ports") + print "" + print "" + print "#### Loopback configuration" + print "config interface loopback" + print " option ifname \"lo\"" + print " option proto static" + print " option ipaddr 127.0.0.1" + print " option netmask 255.0.0.0" + print "" + print "" + print "#### LAN configuration" + print "config interface lan" + print " option type bridge" + p("ifname", "lan_ifname") + print " option proto static" + print " option ipaddr 192.168.1.1" + print " option netmask 255.255.255.0" + print "" + print "" + print "#### WAN configuration" + print "config interface wan" + p("ifname", "wan_ifname") + print " option proto dhcp" + }' > /etc/config/network } -' > /etc/config/network diff --git a/package/base-files/brcm-2.6/etc/init.d/S05netconfig b/package/base-files/brcm-2.6/etc/init.d/S05netconfig index 175b9a983..e37633e18 100755 --- a/package/base-files/brcm-2.6/etc/init.d/S05netconfig +++ b/package/base-files/brcm-2.6/etc/init.d/S05netconfig @@ -1,86 +1,87 @@ -#!/bin/sh +#!/bin/sh /etc/rc.common # Copyright (C) 2006 OpenWrt.org -[ -e /etc/config/network ] && exit 0 - -mkdir -p /etc/config - -( - if grep -E 'mtd0: 000(6|a)0000' /proc/mtd 2>&- >&-; then - # WGT634u - echo boardtype=wgt634u - else - strings /dev/mtdblock/3 - fi -) | awk ' -function p(cfgname, name) { - if (c[name] != "") print " option " cfgname " \"" c[name] "\"" -} - -BEGIN { - FS="=" - c["lan_ifname"]="eth0.0 wl0" - c["wan_ifname"]="eth0.1" - c["vlan0ports"]="1 2 3 4 5*" - c["vlan1ports"]="0 5" -} - -($1 == "boardnum") || ($1 == "boardtype") || ($1 == "boardflags") { - nvram[$1] = $2 -} - -END { - # v1 hardware - if (nvram["boardtype"] == "bcm94710dev") { - # Asus WL-500g - if (nvram["boardnum"] == "asusX") { - c["lan_ifname"]="eth0 eth1 wl0" # FIXME - c["wan_ifname"]="" - } - } - if (nvram["boardtype"] == "wgt634u") { - c["vlan0ports"] = "0 1 2 3 5*" - c["vlan1ports"] = "4 5" - c["lan_ifname"] = "eth0.0 ath0" +start() { + [ -e /etc/config/network ] && exit 0 + + mkdir -p /etc/config + + ( + if grep -E 'mtd0: 000(6|a)0000' /proc/mtd 2>&- >&-; then + # WGT634u + echo boardtype=wgt634u + else + strings /dev/mtdblock/3 + fi + ) | awk ' + function p(cfgname, name) { + if (c[name] != "") print " option " cfgname " \"" c[name] "\"" } - if ((nvram["boardtype"] == "0x0467") || (nvram["boardtype"] == "0x042f")) { - c["vlan0ports"] = "0 1 2 3 5*" - c["vlan1ports"] = "4 5" + + BEGIN { + FS="=" + c["lan_ifname"]="eth0.0 wl0" + c["wan_ifname"]="eth0.1" + c["vlan0ports"]="1 2 3 4 5*" + c["vlan1ports"]="0 5" } - - # WAP54G - if ((nvram["boardnum"] == "2") || \ - (nvram["boardnum"] == "1024")) { - c["lan_ifname"]="eth0 wl0" - c["wan_ifname"]="" + + ($1 == "boardnum") || ($1 == "boardtype") || ($1 == "boardflags") { + nvram[$1] = $2 } - - print "#### VLAN configuration " - print "config switch eth0" - p("vlan0", "vlan0ports") - p("vlan1", "vlan1ports") - print "" - print "" - print "#### Loopback configuration" - print "config interface loopback" - print " option ifname \"lo\"" - print " option proto static" - print " option ipaddr 127.0.0.1" - print " option netmask 255.0.0.0" - print "" - print "" - print "#### LAN configuration" - print "config interface lan" - print " option type bridge" - p("ifname", "lan_ifname") - print " option proto static" - print " option ipaddr 192.168.1.1" - print " option netmask 255.255.255.0" - print "" - print "" - print "#### WAN configuration" - print "config interface wan" - p("ifname", "wan_ifname") - print " option proto dhcp" + + END { + # v1 hardware + if (nvram["boardtype"] == "bcm94710dev") { + # Asus WL-500g + if (nvram["boardnum"] == "asusX") { + c["lan_ifname"]="eth0 eth1 wl0" # FIXME + c["wan_ifname"]="" + } + } + if (nvram["boardtype"] == "wgt634u") { + c["vlan0ports"] = "0 1 2 3 5*" + c["vlan1ports"] = "4 5" + c["lan_ifname"] = "eth0.0 ath0" + } + if ((nvram["boardtype"] == "0x0467") || (nvram["boardtype"] == "0x042f")) { + c["vlan0ports"] = "0 1 2 3 5*" + c["vlan1ports"] = "4 5" + } + + # WAP54G + if ((nvram["boardnum"] == "2") || \ + (nvram["boardnum"] == "1024")) { + c["lan_ifname"]="eth0 wl0" + c["wan_ifname"]="" + } + + print "#### VLAN configuration " + print "config switch eth0" + p("vlan0", "vlan0ports") + p("vlan1", "vlan1ports") + print "" + print "" + print "#### Loopback configuration" + print "config interface loopback" + print " option ifname \"lo\"" + print " option proto static" + print " option ipaddr 127.0.0.1" + print " option netmask 255.0.0.0" + print "" + print "" + print "#### LAN configuration" + print "config interface lan" + print " option type bridge" + p("ifname", "lan_ifname") + print " option proto static" + print " option ipaddr 192.168.1.1" + print " option netmask 255.255.255.0" + print "" + print "" + print "#### WAN configuration" + print "config interface wan" + p("ifname", "wan_ifname") + print " option proto dhcp" + }' > /etc/config/network } -' > /etc/config/network diff --git a/package/base-files/default/etc/init.d/S10boot b/package/base-files/default/etc/init.d/S10boot index b361e156f..77b5ca72d 100755 --- a/package/base-files/default/etc/init.d/S10boot +++ b/package/base-files/default/etc/init.d/S10boot @@ -1,25 +1,25 @@ -#!/bin/sh +#!/bin/sh /etc/rc.common # Copyright (C) 2006 OpenWrt.org -. /etc/functions.sh - -[ -f /proc/mounts ] || /sbin/mount_root -[ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc -vconfig set_name_type DEV_PLUS_VID_NO_PAD - -HOSTNAME=${wan_hostname%%.*} -echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname - -mkdir -p /var/run -mkdir -p /var/log -mkdir -p /var/lock -touch /var/log/wtmp -touch /var/log/lastlog -[ "$FAILSAFE" = "true" ] && touch /tmp/.failsafe - -# manually trigger hotplug before loading modules -for iface in $(awk -F: '/:/ {print $1}' /proc/net/dev); do - /usr/bin/env -i ACTION=add INTERFACE="$iface" /sbin/hotplug net -done - -load_modules /etc/modules /etc/modules.d/* +start() { + [ -f /proc/mounts ] || /sbin/mount_root + [ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc + vconfig set_name_type DEV_PLUS_VID_NO_PAD + + HOSTNAME=${wan_hostname%%.*} + echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname + + mkdir -p /var/run + mkdir -p /var/log + mkdir -p /var/lock + touch /var/log/wtmp + touch /var/log/lastlog + [ "$FAILSAFE" = "true" ] && touch /tmp/.failsafe + + # manually trigger hotplug before loading modules + for iface in $(awk -F: '/:/ {print $1}' /proc/net/dev); do + /usr/bin/env -i ACTION=add INTERFACE="$iface" /sbin/hotplug net + done + + load_modules /etc/modules /etc/modules.d/* +} diff --git a/package/base-files/default/etc/init.d/S40network b/package/base-files/default/etc/init.d/S40network index f2c3e2285..be045045e 100755 --- a/package/base-files/default/etc/init.d/S40network +++ b/package/base-files/default/etc/init.d/S40network @@ -1,9 +1,11 @@ -#!/bin/sh +#!/bin/sh /etc/rc.common # Copyright (C) 2006 OpenWrt.org -setup_switch() { return 0; } +start() { + setup_switch() { return 0; } + + include /lib/network + setup_switch + /sbin/wifi +} -. /etc/functions.sh -include /lib/network -setup_switch -/sbin/wifi diff --git a/package/base-files/default/etc/init.d/S50httpd b/package/base-files/default/etc/init.d/S50httpd index d278519e9..a05b10c09 100755 --- a/package/base-files/default/etc/init.d/S50httpd +++ b/package/base-files/default/etc/init.d/S50httpd @@ -1,4 +1,10 @@ -#!/bin/sh +#!/bin/sh /etc/rc.common # Copyright (C) 2006 OpenWrt.org -[ -d /www ] && httpd -p 80 -h /www -r OpenWrt +start() { + [ -d /www ] && httpd -p 80 -h /www -r OpenWrt +} + +stop() { + killall httpd +} diff --git a/package/base-files/default/etc/init.d/S50telnet b/package/base-files/default/etc/init.d/S50telnet index 25242bdef..228eac2b6 100755 --- a/package/base-files/default/etc/init.d/S50telnet +++ b/package/base-files/default/etc/init.d/S50telnet @@ -1,4 +1,10 @@ -#!/bin/sh +#!/bin/sh /etc/rc.common # Copyright (C) 2006 OpenWrt.org -if awk -F: '/^root:/ && $2 !~ /\!/ {exit 1}' /etc/passwd 2>/dev/null; then telnetd -l /bin/login; fi +start() { + if awk -F: '/^root:/ && $2 !~ /\!/ {exit 1}' /etc/passwd 2>/dev/null; then telnetd -l /bin/login; fi +} + +stop() { + killall telnetd +} diff --git a/package/base-files/default/etc/init.d/S60cron b/package/base-files/default/etc/init.d/S60cron index 6df9b7dee..a450c36dd 100755 --- a/package/base-files/default/etc/init.d/S60cron +++ b/package/base-files/default/etc/init.d/S60cron @@ -1,6 +1,12 @@ -#!/bin/sh +#!/bin/sh /etc/rc.common # Copyright (C) 2006 OpenWrt.org -mkdir -p /var/spool/cron -ln -s /etc/crontabs /var/spool/cron/crontabs -crond -c /etc/crontabs +start () { + mkdir -p /var/spool/cron + ln -s /etc/crontabs /var/spool/cron/crontabs + crond -c /etc/crontabs +} + +stop() { + killall crond +} diff --git a/package/base-files/default/etc/init.d/S98done b/package/base-files/default/etc/init.d/S98done deleted file mode 100755 index a1ea5ad43..000000000 --- a/package/base-files/default/etc/init.d/S98done +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -# Copyright (C) 2006 OpenWrt.org - -sysctl -p >&- - -# automagically run firstboot -{ mount|grep "on / type tmpfs" 1>&-; } && { - lock /tmp/.switch2jffs - firstboot switch2jffs - lock -u /tmp/.switch2jffs -} diff --git a/package/base-files/default/etc/init.d/rcS b/package/base-files/default/etc/init.d/rcS index 2aa70910c..7fae7f5b0 100755 --- a/package/base-files/default/etc/init.d/rcS +++ b/package/base-files/default/etc/init.d/rcS @@ -10,6 +10,17 @@ ${FAILSAFE:+exit} syslogd -C 16 #${log_ipaddr:+-L -R $log_ipaddr} klogd -for i in /etc/init.d/S*; do - $i start 2>&1 -done | logger -s -p 6 -t '' & +( + for i in /etc/init.d/S*; do + $i start 2>&1 + done + + sysctl -p >&- + + # automagically run firstboot + { mount|grep "on / type tmpfs" 1>&-; } && { + lock /tmp/.switch2jffs + firstboot switch2jffs + lock -u /tmp/.switch2jffs + } +) | logger -s -p 6 -t '' & diff --git a/package/base-files/default/etc/rc.common b/package/base-files/default/etc/rc.common new file mode 100755 index 000000000..4a90a25b1 --- /dev/null +++ b/package/base-files/default/etc/rc.common @@ -0,0 +1,77 @@ +#!/bin/sh +. /etc/functions.sh + +start() { + return 0 +} + +stop() { + return 0 +} + +reload() { + return 1 +} + +restart() { + stop + start +} + +boot() { + start +} + +shutdown() { + return 0 +} + +disable() { + rm -f /etc/rc.d/${initscript##*/} +} + +enable() { + disable + ln -s /etc/init.d/${initscript##*/} /etc/rc.d/${initscript##*/} +} + +depends() { + return 0 +} + +help() { + cat <&- && dhcp_enable="${dhcp_enable:-0}" - -# dhcp_enable=0 disables the dhcp server -( - [ -z "$dhcp_enable" -o "$dhcp_enable" -eq 1 ] && { - # no existing DHCP server? - - # calculate settings - config_get ipaddr "$iface" ipaddr - config_get netmask "$iface" netmask - eval $(ipcalc $ipaddr $netmask ${dhcp_start:-100} ${dhcp_num:-150}) - - # and pass the args via config parser defines - echo "${dhcp_enable:+@define dhcp_enable 1}" - echo "@define netmask $NETMASK" - echo "@define start $START" - echo "@define end $END" - echo "@define lease ${dhcp_lease:-12h}" - } - - # ignore requests from wan interface - config_get wan_proto wan proto - config_get wan_ifname wan ifname - [ -z "$wan_proto" -o "$wan_proto" = "none" ] || echo "@define wan_ifname $wan_ifname" - - cat /etc/dnsmasq.conf -) | awk -f /usr/lib/parse-config.awk | dnsmasq -C /proc/self/fd/0 +#!/bin/sh /etc/rc.common +# Copyright (C) 2006 OpenWrt.org + +start() { + include /lib/network + scan_interfaces + + # The following is to automatically configure the DHCP settings + # based on config settings. Feel free to replace all this crap + # with a simple "dnsmasq" and manage everything via the + # /etc/dnsmasq.conf config file + + [ -f /etc/dnsmasq.conf ] || exit + + args="" + iface=lan + config_get ifname "$iface" ifname + config_get proto "$iface" proto + + [ "$proto" = static ] && dhcp_enable="${dhcp_enable:-1}" + dhcp_start="${dhcp_start:-100}" + dhcp_num="${dhcp_num:-50}" + dhcp_lease="${dhcp_lease:-12h}" + + # if dhcp_enable is unset and there is a dhcp server on the network already, default to dhcp_enable=0 + [ -z "$dhcp_enable" ] && udhcpc -n -q -R -s /bin/true -i $ifname >&- && dhcp_enable="${dhcp_enable:-0}" + + # dhcp_enable=0 disables the dhcp server + ( + [ -z "$dhcp_enable" -o "$dhcp_enable" -eq 1 ] && { + # no existing DHCP server? + + # calculate settings + config_get ipaddr "$iface" ipaddr + config_get netmask "$iface" netmask + eval $(ipcalc $ipaddr $netmask ${dhcp_start:-100} ${dhcp_num:-150}) + + # and pass the args via config parser defines + echo "${dhcp_enable:+@define dhcp_enable 1}" + echo "@define netmask $NETMASK" + echo "@define start $START" + echo "@define end $END" + echo "@define lease ${dhcp_lease:-12h}" + } + + # ignore requests from wan interface + config_get wan_proto wan proto + config_get wan_ifname wan ifname + [ -z "$wan_proto" -o "$wan_proto" = "none" ] || echo "@define wan_ifname $wan_ifname" + + cat /etc/dnsmasq.conf + ) | awk -f /usr/lib/parse-config.awk | dnsmasq -C /proc/self/fd/0 +} + +stop() { + killall dnsmasq +} diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init index 88fc28849..e0a4481bf 100755 --- a/package/dropbear/files/dropbear.init +++ b/package/dropbear/files/dropbear.init @@ -1,16 +1,19 @@ -#!/bin/sh +#!/bin/sh /etc/rc.common +# Copyright (C) 2006 OpenWrt.org -for type in rsa dss; do { - # check for keys - key=/etc/dropbear/dropbear_${type}_host_key - [ ! -f $key ] && { - # generate missing keys - mkdir -p /etc/dropbear - [ -x /usr/bin/dropbearkey ] && { - /usr/bin/dropbearkey -t $type -f $key 2>&- >&- && exec $0 $* - } & - exit 0 - } -}; done - -/usr/sbin/dropbear +start() { + for type in rsa dss; do { + # check for keys + key=/etc/dropbear/dropbear_${type}_host_key + [ ! -f $key ] && { + # generate missing keys + mkdir -p /etc/dropbear + [ -x /usr/bin/dropbearkey ] && { + /usr/bin/dropbearkey -t $type -f $key 2>&- >&- && exec $0 $* + } & + exit 0 + } + }; done + + /usr/sbin/dropbear +} diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init index 4acd325a9..731485bcd 100755 --- a/package/iptables/files/firewall.init +++ b/package/iptables/files/firewall.init @@ -1,103 +1,115 @@ -#!/bin/sh +#!/bin/sh /etc/rc.common # Copyright (C) 2006 OpenWrt.org ## Please make changes in /etc/firewall.user -. /etc/functions.sh -include /lib/network - -scan_interfaces -config_get WAN wan ifname -config_get LAN lan ifname - -## CLEAR TABLES -for T in filter nat; do - iptables -t $T -F - iptables -t $T -X -done - -iptables -N input_rule -iptables -N output_rule -iptables -N forwarding_rule - -iptables -t nat -N prerouting_rule -iptables -t nat -N postrouting_rule - -iptables -N LAN_ACCEPT -[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN -iptables -A LAN_ACCEPT -j ACCEPT - -### INPUT -### (connections with the router as destination) - - # base case - iptables -P INPUT DROP - iptables -A INPUT -m state --state INVALID -j DROP - iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP - - # - # insert accept rule or to jump to new accept-check table here - # - iptables -A INPUT -j input_rule - - # allow - iptables -A INPUT -j LAN_ACCEPT # allow from lan/wifi interfaces - iptables -A INPUT -p icmp -j ACCEPT # allow ICMP - iptables -A INPUT -p gre -j ACCEPT # allow GRE - - # reject (what to do with anything not allowed earlier) - iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset - iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable - -### OUTPUT -### (connections with the router as source) - - # base case - iptables -P OUTPUT DROP - iptables -A OUTPUT -m state --state INVALID -j DROP - iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - - # - # insert accept rule or to jump to new accept-check table here - # - iptables -A OUTPUT -j output_rule - - # allow - iptables -A OUTPUT -j ACCEPT #allow everything out - - # reject (what to do with anything not allowed earlier) - iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset - iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable - -### FORWARDING -### (connections routed through the router) - - # base case - iptables -P FORWARD DROP - iptables -A FORWARD -m state --state INVALID -j DROP - iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu - iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT - - # - # insert accept rule or to jump to new accept-check table here - # - iptables -A FORWARD -j forwarding_rule - - # allow - iptables -A FORWARD -i br0 -o br0 -j ACCEPT - [ -z "$WAN" ] || iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT - - # reject (what to do with anything not allowed earlier) - # uses the default -P DROP - -### MASQ - iptables -t nat -A PREROUTING -j prerouting_rule - iptables -t nat -A POSTROUTING -j postrouting_rule - [ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE +start() { + include /lib/network + scan_interfaces + + config_get WAN wan ifname + config_get LAN lan ifname + + ## CLEAR TABLES + for T in filter nat; do + iptables -t $T -F + iptables -t $T -X + done + + iptables -N input_rule + iptables -N output_rule + iptables -N forwarding_rule + + iptables -t nat -N prerouting_rule + iptables -t nat -N postrouting_rule + + iptables -N LAN_ACCEPT + [ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN + iptables -A LAN_ACCEPT -j ACCEPT + + ### INPUT + ### (connections with the router as destination) + + # base case + iptables -P INPUT DROP + iptables -A INPUT -m state --state INVALID -j DROP + iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP + + # + # insert accept rule or to jump to new accept-check table here + # + iptables -A INPUT -j input_rule + + # allow + iptables -A INPUT -j LAN_ACCEPT # allow from lan/wifi interfaces + iptables -A INPUT -p icmp -j ACCEPT # allow ICMP + iptables -A INPUT -p gre -j ACCEPT # allow GRE + + # reject (what to do with anything not allowed earlier) + iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset + iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable + + ### OUTPUT + ### (connections with the router as source) + + # base case + iptables -P OUTPUT DROP + iptables -A OUTPUT -m state --state INVALID -j DROP + iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + + # + # insert accept rule or to jump to new accept-check table here + # + iptables -A OUTPUT -j output_rule + + # allow + iptables -A OUTPUT -j ACCEPT #allow everything out + + # reject (what to do with anything not allowed earlier) + iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset + iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable + + ### FORWARDING + ### (connections routed through the router) + + # base case + iptables -P FORWARD DROP + iptables -A FORWARD -m state --state INVALID -j DROP + iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu + iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT + + # + # insert accept rule or to jump to new accept-check table here + # + iptables -A FORWARD -j forwarding_rule + + # allow + iptables -A FORWARD -i br0 -o br0 -j ACCEPT + [ -z "$WAN" ] || iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT + + # reject (what to do with anything not allowed earlier) + # uses the default -P DROP + + ### MASQ + iptables -t nat -A PREROUTING -j prerouting_rule + iptables -t nat -A POSTROUTING -j postrouting_rule + [ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE + + ## USER RULES + [ -f /etc/firewall.user ] && . /etc/firewall.user + [ -n "$WAN" -a -e /etc/config/firewall ] && { + awk -f /usr/lib/common.awk -f /usr/lib/firewall.awk /etc/config/firewall | ash + } +} -## USER RULES -[ -f /etc/firewall.user ] && . /etc/firewall.user -[ -n "$WAN" -a -e /etc/config/firewall ] && { - awk -f /usr/lib/common.awk -f /usr/lib/firewall.awk /etc/config/firewall | ash +stop() { + iptables -P INPUT ACCEPT + iptables -P OUTPUT ACCEPT + iptables -P FORWARD ACCEPT + iptables -F + iptables -t nat -P PREROUTING ACCEPT + iptables -t nat -P POSTROUTING ACCEPT + iptables -t nat -P OUTPUT ACCEPT + iptables -t nat -F } diff --git a/package/madwifi/files/madwifi.init b/package/madwifi/files/madwifi.init index b1e78c093..73eb11017 100644 --- a/package/madwifi/files/madwifi.init +++ b/package/madwifi/files/madwifi.init @@ -1,2 +1,4 @@ -#!/bin/sh -iwpriv ath0 mode 3 +#!/bin/sh /etc/rc.common +start() { + iwpriv ath0 mode 3 +} -- cgit v1.2.3