#!/bin/sh # (c) '97, S.u.S.E. GmbH, Fuerth, Germany # Klaus Franken # 25.02.98 # # Remo Behn # 18.07.98 BASENAME=`basename $0` INTERFACE=$1 DEVICE=$2 SPEED=$3 LOCALIP=$4 REMOTEIP=$5 if [ -z "$REMOTEIP" ]; then echo "Usage: $0 " exit 1 fi case "$INTERFACE" in ippp*) . /etc/rc.config # find the device found=0 for I in $NETCONFIG; do eval NETDEV=\$NETDEV$I if [ $NETDEV = $INTERFACE ]; then found=1 break; fi done if [ $found -eq 0 ]; then echo "Device '$INTERFACE' not configured in '/etc/rc.config'" exit 1 fi eval IFCONFIG=\$IFCONFIG$I DEST=`grep -v "^#" /etc/route.conf | grep "$INTERFACE\$" | awk '{ print $1}'` DEFAULT=`grep -v "^#" /etc/route.conf | grep default | awk '{ print $2}'` #echo "ok, NETDEV:$NETDEV; IFCONFIG:$IFCONFIG." #echo " DEST: $DEST; DEFAULT: $DEFAULT" case "$BASENAME" in ip-up) # default deny #ipfwadm -I -p deny #ipfwadm -O -p deny # flush #ipfwadm -I -f #ipfwadm -O -f # accept dns #ipfwadm -O -a accept -P udp -S 0/0 53 1024:65535 -D 0/0 53 -W $INTERFACE #ipfwadm -I -a accept -P udp -D 0/0 53 1024:65535 -S 0/0 53 -W $INTERFACE #ipfwadm -O -a accept -P tcp -S 0/0 53 1024:65535 -D 0/0 53 -W $INTERFACE #ipfwadm -I -a accept -P tcp -D 0/0 53 1024:65535 -S 00/0 53 -k -W $INTERFACE # accept conect from client to internet #ipfwadm -O -a accept -P tcp -S 0/0 1024:65535 -D 0/0 -W $INTERFACE #ipfwadm -I -a accept -P tcp -D 0/0 1024:65535 -S 0/0 -k -W $INTERFACE # deny, last match #ipfwadm -I -a deny -P tcp -S 0/0 -D 0/0 -W $INTERFACE #ipfwadm -I -a deny -P udp -S 0/0 -D 0/0 -W $INTERFACE # default accept #ipfwadm -I -p accept #ipfwadm -O -p accept /sbin/route add default gw $REMOTEIP dev $INTERFACE # maybe you want to start mail services: # set follow variables in /etc/rc.config # SENDMAIL_TYPE="yes" # SENDMAIL_SMARTHOST="" # SENDMAIL_ARGS="-bd -om" # SENDMAIL_EXPENSIVE="yes" # SENDMAIL_NOCANONIFY="yes" #/usr/bin/fetchmail -a -v >>/var/log/fetchmail 2>&1 & #/usr/sbin/sendmail -q & ;; ip-down) # restart interface /sbin/ifconfig $INTERFACE down # workaround due to kernel problem with 'kernd': sleep 1 /sbin/ifconfig $INTERFACE $IFCONFIG # flush, del all rules #ipfwadm -I -f #ipfwadm -O -f # set routes from /etc/route.conf test -z "$DEST" || /sbin/route add -host $DEST dev $INTERFACE test -z "$DEFAULT" || /sbin/route add default gw $DEFAULT ;; *) ;; esac ;; ppp*) # ----> Next line added to read USEPEERDNS options from YaST (/etc/rc.config) . /etc/rc.config # Analog-PPP, add commands as you need... case "$BASENAME" in ip-up) # # This code allows automatic configuration of your resolv.conf # for peer supplied DNS addresses when using the `usepeerdns' # option. Original resolv.conf is restored when ip-down is called # by pppd when the link goes down. # if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then rm -f /etc/ppp/resolv.prev if [ -f /etc/resolv.conf ]; then cp -p /etc/resolv.conf /etc/ppp/resolv.prev grep domain /etc/ppp/resolv.prev > /etc/resolv.conf grep search /etc/ppp/resolv.prev >> /etc/resolv.conf cat /etc/ppp/resolv.conf /etc >> /etc/resolv.conf echo "Modified /etc/resolv.conf for DNS at $INTERFACE" else cp /etc/ppp/resolv.conf /etc chmod 644 /etc/resolv.conf echo "Installed /etc/resolv.conf for DNS at $INTERFACE" fi if [ "$START_NSCD" = yes ]; then /sbin/init.d/nscd restart & fi fi ;; ip-down) # # This code restores the original resolv.conf saved when ip-up # was called by the pppd which uses the `usepeerdns' option and # resolv.conf was modified for the supplied dns server adresses. # if [ -n "$USEPEERDNS" -a -f /etc/ppp/resolv.conf ]; then if [ -f /etc/ppp/resolv.prev ]; then cp -fp /etc/ppp/resolv.prev /etc/resolv.conf echo "Restored original /etc/resolv.conf" else rm -f /etc/resolv.conf echo "Deinstalled /etc/resolv.conf" fi if [ "$START_NSCD" = yes ]; then /sbin/init.d/nscd restart & fi fi ;; *) ;; esac | logger -t $BASENAME ;; *) # dont know... ;; esac