1 |
vip-ire |
1.1 |
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli00setup mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli00setup |
2 |
|
|
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli00setup 1970-01-01 01:00:00.000000000 +0100 |
3 |
|
|
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli00setup 2008-08-26 22:29:42.000000000 +0200 |
4 |
|
|
@@ -0,0 +1,20 @@ |
5 |
|
|
+{ |
6 |
|
|
+ |
7 |
|
|
+# Compute the first IP of the network |
8 |
|
|
+our $net = ${'chilli'}{'net'} || '10.1.0.0/255.255.255.0'; |
9 |
|
|
+my @netaddr = split(/\//,$net); |
10 |
|
|
+my $netaddr = $netaddr[0]; |
11 |
|
|
+my @nums = split(/\./,$netaddr); |
12 |
|
|
+my $i = 0; |
13 |
|
|
+our $chillip = ''; |
14 |
|
|
+foreach (@nums){ |
15 |
|
|
+ $chillip .= $_."." if ($i ne '3'); |
16 |
|
|
+ $chillip .= "1" if ($i eq '3'); |
17 |
|
|
+ $i++; |
18 |
|
|
+} |
19 |
|
|
+ |
20 |
|
|
+our $tundev = ${'chilli'}{'tundev'} || 'tun0'; |
21 |
|
|
+our $chilliport = ${'chilli'}{'TCPPort'} || '3990'; |
22 |
|
|
+ |
23 |
|
|
+$OUT .= ''; |
24 |
|
|
+} |
25 |
|
|
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli10stop mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli10stop |
26 |
|
|
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli10stop 1970-01-01 01:00:00.000000000 +0100 |
27 |
|
|
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli10stop 2008-08-26 22:29:42.000000000 +0200 |
28 |
|
|
@@ -0,0 +1,43 @@ |
29 |
|
|
+{ |
30 |
|
|
+$OUT .=<<"HERE"; |
31 |
|
|
+ |
32 |
|
|
+# This will flush any existing rules for coova-chilli |
33 |
|
|
+stopChilli()\{ |
34 |
|
|
+ CHAIN='IN_FROM_CHILLI' |
35 |
|
|
+ STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN) |
36 |
|
|
+ if [ \$STATE -ge 1 ]; then |
37 |
|
|
+ /sbin/iptables -D INPUT -i $tundev -j \$CHAIN |
38 |
|
|
+ /sbin/iptables -F \$CHAIN |
39 |
|
|
+ /sbin/iptables -X \$CHAIN |
40 |
|
|
+ fi |
41 |
|
|
+ CHAIN='OUT_TO_CHILLI' |
42 |
|
|
+ STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN) |
43 |
|
|
+ if [ \$STATE -ge 1 ]; then |
44 |
|
|
+ /sbin/iptables -D OUTPUT -o $tundev -j \$CHAIN |
45 |
|
|
+ /sbin/iptables -F \$CHAIN |
46 |
|
|
+ /sbin/iptables -X \$CHAIN |
47 |
|
|
+ fi |
48 |
|
|
+ CHAIN='FORWARD_FROM_CHILLI' |
49 |
|
|
+ STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN) |
50 |
|
|
+ if [ \$STATE -ge 1 ]; then |
51 |
|
|
+ /sbin/iptables -D FORWARD -i $tundev -j \$CHAIN |
52 |
|
|
+ /sbin/iptables -F \$CHAIN |
53 |
|
|
+ /sbin/iptables -X \$CHAIN |
54 |
|
|
+ fi |
55 |
|
|
+ CHAIN='FORWARD_TO_CHILLI' |
56 |
|
|
+ STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN) |
57 |
|
|
+ if [ \$STATE -ge 1 ]; then |
58 |
|
|
+ /sbin/iptables -D FORWARD -o $tundev -j \$CHAIN |
59 |
|
|
+ /sbin/iptables -F \$CHAIN |
60 |
|
|
+ /sbin/iptables -X \$CHAIN |
61 |
|
|
+ fi |
62 |
|
|
+ CHAIN='PREROUTING_FROM_CHILLI' |
63 |
|
|
+ STATE=\$(/sbin/iptables -t nat -L -n | grep -c \$CHAIN) |
64 |
|
|
+ if [ \$STATE -ge 1 ]; then |
65 |
|
|
+ /sbin/iptables -D PREROUTING -t nat -i $tundev -j \$CHAIN |
66 |
|
|
+ /sbin/iptables -t nat -F \$CHAIN |
67 |
|
|
+ /sbin/iptables -t nat -X \$CHAIN |
68 |
|
|
+ fi |
69 |
|
|
+\} |
70 |
|
|
+HERE |
71 |
|
|
+} |
72 |
|
|
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli20input mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli20input |
73 |
|
|
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli20input 1970-01-01 01:00:00.000000000 +0100 |
74 |
|
|
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli20input 2008-08-26 22:29:42.000000000 +0200 |
75 |
|
|
@@ -0,0 +1,46 @@ |
76 |
|
|
+{ |
77 |
|
|
+ |
78 |
|
|
+$OUT .=<<"HERE"; |
79 |
|
|
+ |
80 |
|
|
+# Input (from the wireless client to the server) |
81 |
|
|
+inFromChilli()\{ |
82 |
|
|
+ /sbin/iptables -N IN_FROM_CHILLI |
83 |
|
|
+ /sbin/iptables -A IN_FROM_CHILLI -j state_chk |
84 |
|
|
+ # DHCP requests are allowed |
85 |
|
|
+ /sbin/iptables -A IN_FROM_CHILLI -p udp --dport 67:68 --sport 67:68 -s 0.0.0.0 -d 255.255.255.255 -j ACCEPT |
86 |
|
|
+ /sbin/iptables -A IN_FROM_CHILLI -s ! $net -j denylog |
87 |
|
|
+ # Allow wireless clients to ping the server |
88 |
|
|
+ /sbin/iptables -A IN_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT |
89 |
|
|
+ # Mandatory services for chilli (https, coova-chill) |
90 |
|
|
+# /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport ${'httpd-e-smith'}{'TCPPort'} --syn -j ACCEPT |
91 |
|
|
+ /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport ${'modSSL'}{'TCPPort'} --syn -j ACCEPT |
92 |
|
|
+ /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $chilliport --syn -j ACCEPT |
93 |
|
|
+HERE |
94 |
|
|
+ |
95 |
|
|
+foreach (split(/[;,]/, ${'chilli'}{'AllowedServices'} || '')){ |
96 |
|
|
+ my $service = $_; |
97 |
|
|
+ next if ((${"$service"}{'status'} || 'disabled') ne 'enabled'); |
98 |
|
|
+ my @tcpports = split(/[;,]/, (${"$service"}{'TCPPort'} || '').",".(${"$service"}{'TCPPorts'} || '')); |
99 |
|
|
+ my @udpports = split(/[;,]/, (${"$service"}{'UDPPort'} || '').",".(${"$service"}{'UDPPorts'} || '')); |
100 |
|
|
+ if (@tcpports > 0){ |
101 |
|
|
+ foreach(@tcpports){ |
102 |
|
|
+ $OUT .= " # Acces to $service is allowed:\n" . |
103 |
|
|
+ " /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $_ --syn -j ACCEPT\n" if ($_ ne ''); |
104 |
|
|
+ } |
105 |
|
|
+ } |
106 |
|
|
+ if (@udpports > 0){ |
107 |
|
|
+ foreach(@udpports){ |
108 |
|
|
+ $OUT .= " # Acces to $service is allowed:\n" . |
109 |
|
|
+ " /sbin/iptables -A IN_FROM_CHILLI -p udp --dport $_ -j ACCEPT\n" if ($_ ne ''); |
110 |
|
|
+ } |
111 |
|
|
+ } |
112 |
|
|
+ # Special case for pptp, which uses GRE proto |
113 |
|
|
+ if ($service eq 'pptpd'){ |
114 |
|
|
+ $OUT .= " /sbin/iptables -A IN_FROM_CHILLI -p 47 -j gre-in\n"; |
115 |
|
|
+ $OUT .= " /sbin/iptables -I gre-in -s $net -j ACCEPT\n"; |
116 |
|
|
+ } |
117 |
|
|
+} |
118 |
|
|
+ |
119 |
|
|
+$OUT .= " /sbin/iptables -A IN_FROM_CHILLI -j denylog\n\}\n"; |
120 |
|
|
+ |
121 |
|
|
+} |
122 |
|
|
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output |
123 |
|
|
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output 1970-01-01 01:00:00.000000000 +0100 |
124 |
|
|
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output 2008-08-26 22:29:42.000000000 +0200 |
125 |
|
|
@@ -0,0 +1,14 @@ |
126 |
|
|
+{ |
127 |
|
|
+ |
128 |
|
|
+$OUT .=<<"HERE"; |
129 |
|
|
+ |
130 |
|
|
+# Output (from the server to the wireless clients) |
131 |
|
|
+outToChilli()\{ |
132 |
|
|
+ /sbin/iptables -N OUT_TO_CHILLI |
133 |
|
|
+ /sbin/iptables -A OUT_TO_CHILLI -j state_chk |
134 |
|
|
+ /sbin/iptables -A OUT_TO_CHILLI -p icmp --icmp-type echo-request -j ACCEPT |
135 |
|
|
+ /sbin/iptables -A OUT_TO_CHILLI -j denylog |
136 |
|
|
+\} |
137 |
|
|
+HERE |
138 |
|
|
+ |
139 |
|
|
+} |
140 |
|
|
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom |
141 |
|
|
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom 1970-01-01 01:00:00.000000000 +0100 |
142 |
|
|
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom 2008-08-26 22:29:42.000000000 +0200 |
143 |
|
|
@@ -0,0 +1,45 @@ |
144 |
|
|
+{ |
145 |
|
|
+ |
146 |
|
|
+$OUT .=<<"HERE"; |
147 |
|
|
+ |
148 |
|
|
+# Forward from chilli (from the wireless clients to the internet) |
149 |
|
|
+forwardFromChilli()\{ |
150 |
|
|
+ /sbin/iptables -N FORWARD_FROM_CHILLI |
151 |
|
|
+ /sbin/iptables -A FORWARD_FROM_CHILLI -j state_chk |
152 |
|
|
+ /sbin/iptables -A FORWARD_FROM_CHILLI -s ! $net -j denylog |
153 |
|
|
+ /sbin/iptables -A FORWARD_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT |
154 |
|
|
+HERE |
155 |
|
|
+ |
156 |
|
|
+# Allow services specidied in AllowedOutgoing |
157 |
|
|
+ |
158 |
|
|
+foreach (split(/[;,]/, ${'chilli'}{'AllowedOutgoing'} || '')){ |
159 |
|
|
+ my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])}; |
160 |
|
|
+ my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*}; |
161 |
|
|
+ my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/; |
162 |
|
|
+ # Check the rules has the form proto:remote_host:remote_port |
163 |
|
|
+ next unless /^(tcp|TCP|udp|UDP):${ReIpAddr}:${RePort}$/; |
164 |
|
|
+ my @params = split(/:/, $_); |
165 |
|
|
+ my $proto = $params[0]; |
166 |
|
|
+ my $host = $params[1]; |
167 |
|
|
+ my $dport = $params[2]; |
168 |
|
|
+ $OUT .= " # $_ is allowed:\n"; |
169 |
|
|
+ $OUT .= " /sbin/iptables -A FORWARD_FROM_CHILLI "; |
170 |
|
|
+ $OUT .= "-p $proto "; |
171 |
|
|
+ $OUT .= "-d $host " if ($host !~ /(any|\*)/i); |
172 |
|
|
+ $OUT .= "--dport $dport " if ($dport !~ /(any|\*)/i); |
173 |
|
|
+ $OUT .= "--syn " if ($proto =~ /tcp/i); |
174 |
|
|
+ $OUT .= "-j ACCEPT\n" |
175 |
|
|
+} |
176 |
|
|
+ |
177 |
|
|
+# Allow the two dns servers specified |
178 |
|
|
+$OUT .= " # Allow dns requests to ${'chilli'}{'dns1'}\n" . |
179 |
|
|
+ " /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns1'} -j ACCEPT\n" |
180 |
|
|
+ if ((${'chilli'}{'dns1'} || '') ne ''); |
181 |
|
|
+ |
182 |
|
|
+$OUT .= " # Allow dns requests to ${'chilli'}{'dns2'}\n" . |
183 |
|
|
+ " /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns2'} -j ACCEPT\n" |
184 |
|
|
+ if ((${'chilli'}{'dns2'} || '') ne ''); |
185 |
|
|
+ |
186 |
|
|
+$OUT .= " /sbin/iptables -A FORWARD_FROM_CHILLI -j denylog\n\}\n"; |
187 |
|
|
+ |
188 |
|
|
+} |
189 |
|
|
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo |
190 |
|
|
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo 1970-01-01 01:00:00.000000000 +0100 |
191 |
|
|
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo 2008-08-26 22:29:42.000000000 +0200 |
192 |
|
|
@@ -0,0 +1,14 @@ |
193 |
|
|
+{ |
194 |
|
|
+ |
195 |
|
|
+$OUT .=<<"HERE"; |
196 |
|
|
+ |
197 |
|
|
+# Forward to (from the local network or the internet to the wireless clients) |
198 |
|
|
+forwardToChilli()\{ |
199 |
|
|
+ /sbin/iptables -N FORWARD_TO_CHILLI |
200 |
|
|
+ /sbin/iptables -A FORWARD_TO_CHILLI -j state_chk |
201 |
|
|
+ /sbin/iptables -A FORWARD_TO_CHILLI -p icmp --icmp-type destination-unreachable -j ACCEPT |
202 |
|
|
+ /sbin/iptables -A FORWARD_TO_CHILLI -j denylog |
203 |
|
|
+\} |
204 |
|
|
+HERE |
205 |
|
|
+ |
206 |
|
|
+} |
207 |
|
|
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting |
208 |
|
|
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting 1970-01-01 01:00:00.000000000 +0100 |
209 |
|
|
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting 2008-08-26 22:29:42.000000000 +0200 |
210 |
|
|
@@ -0,0 +1,24 @@ |
211 |
|
|
+{ |
212 |
|
|
+ |
213 |
|
|
+$OUT .=<<"HERE"; |
214 |
|
|
+ |
215 |
|
|
+# Prerouting from chilli (before the server routes paquets from wireless clients) |
216 |
|
|
+preroutingFromChilli()\{ |
217 |
|
|
+ /sbin/iptables -N PREROUTING_FROM_CHILLI -t nat |
218 |
|
|
+ /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $LocalIP -j DNAT --to $chillip |
219 |
|
|
+HERE |
220 |
|
|
+ |
221 |
|
|
+$OUT .=" /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $ExternalIP -j DNAT --to $chillip\n" if $ExternalIP; |
222 |
|
|
+ |
223 |
|
|
+# Redirect also addresses specified in RedirectToChilli |
224 |
|
|
+ |
225 |
|
|
+foreach my $ip (split(/[;,]/,(${'chilli'}{'RedirectToChilli'} || ''))){ |
226 |
|
|
+ my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])}; |
227 |
|
|
+ my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)}; |
228 |
|
|
+ # Check the $ip is a valid ip address |
229 |
|
|
+ next unless $ip =~ /^${ReIpAddr}$/; |
230 |
|
|
+ $OUT .=" /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $ip -j DNAT --to $chillip\n"; |
231 |
|
|
+} |
232 |
|
|
+$OUT .= "\}\n"; |
233 |
|
|
+ |
234 |
|
|
+} |
235 |
|
|
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start |
236 |
|
|
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start 1970-01-01 01:00:00.000000000 +0100 |
237 |
|
|
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start 2008-08-26 22:29:42.000000000 +0200 |
238 |
|
|
@@ -0,0 +1,20 @@ |
239 |
|
|
+{ |
240 |
|
|
+ |
241 |
|
|
+$OUT .=<<"HERE"; |
242 |
|
|
+ |
243 |
|
|
+# Send the paquets from and to chilli to the correct chains |
244 |
|
|
+startChilli()\{ |
245 |
|
|
+ inFromChilli |
246 |
|
|
+ outToChilli |
247 |
|
|
+ preroutingFromChilli |
248 |
|
|
+ forwardFromChilli |
249 |
|
|
+ forwardToChilli |
250 |
|
|
+ /sbin/iptables -I INPUT -i $tundev -j IN_FROM_CHILLI |
251 |
|
|
+ /sbin/iptables -I OUTPUT -o $tundev -j OUT_TO_CHILLI |
252 |
|
|
+ /sbin/iptables -I FORWARD -o $tundev -j FORWARD_TO_CHILLI |
253 |
|
|
+ /sbin/iptables -I FORWARD -i $tundev -j FORWARD_FROM_CHILLI |
254 |
|
|
+ /sbin/iptables -I PREROUTING -t nat -i $tundev -j PREROUTING_FROM_CHILLI |
255 |
|
|
+\} |
256 |
|
|
+HERE |
257 |
|
|
+ |
258 |
|
|
+} |
259 |
|
|
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/60ChilliRules mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/60ChilliRules |
260 |
|
|
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/60ChilliRules 2008-08-26 22:33:38.000000000 +0200 |
261 |
|
|
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/60ChilliRules 1970-01-01 01:00:00.000000000 +0100 |
262 |
|
|
@@ -1,77 +0,0 @@ |
263 |
|
|
-{ |
264 |
|
|
-# Compute the first IP of the network |
265 |
|
|
-my $net = $chilli{'net'} || '10.1.0.0/255.255.255.0'; |
266 |
|
|
-my @netaddr = split(/\//,$net); |
267 |
|
|
-my $netaddr = $netaddr[0]; |
268 |
|
|
-my @nums = split(/\./,$netaddr); |
269 |
|
|
-my $i = 0; |
270 |
|
|
-my $chillip = ''; |
271 |
|
|
-foreach (@nums){ |
272 |
|
|
- $chillip .= $_."." if ($i ne '3'); |
273 |
|
|
- $chillip .= "1" if ($i eq '3'); |
274 |
|
|
- $i++; |
275 |
|
|
-} |
276 |
|
|
- |
277 |
|
|
-my $tundev = $chilli{'tundev'} || 'tun0'; |
278 |
|
|
-my $chilliport = $chilli{'TCPPort'} || '3990'; |
279 |
|
|
- |
280 |
|
|
-if ($chilli{'status'} eq 'enabled'){ |
281 |
|
|
-$OUT =<<END; |
282 |
|
|
- |
283 |
|
|
- ### START OF RULES FOR THE HOTSPOT ### |
284 |
|
|
- |
285 |
|
|
- # IN_FROM_CHILLI |
286 |
|
|
- /sbin/iptables -N IN_FROM_CHILLI |
287 |
|
|
- /sbin/iptables -A IN_FROM_CHILLI -j state_chk |
288 |
|
|
- /sbin/iptables -A IN_FROM_CHILLI -p udp --dport 67:68 --sport 67:68 -s 0.0.0.0 -d 255.255.255.255 -j ACCEPT |
289 |
|
|
- /sbin/iptables -A IN_FROM_CHILLI -s ! $net -j denylog |
290 |
|
|
- /sbin/iptables -A IN_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT |
291 |
|
|
- /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport ${'httpd-e-smith'}{'TCPPort'} --syn -j ACCEPT |
292 |
|
|
- /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $modSSL{'TCPPort'} --syn -j ACCEPT |
293 |
|
|
- /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $chilliport --syn -j ACCEPT |
294 |
|
|
- /sbin/iptables -A IN_FROM_CHILLI -j denylog |
295 |
|
|
- |
296 |
|
|
- # OUT_TO_CHILLI |
297 |
|
|
- /sbin/iptables -N OUT_TO_CHILLI |
298 |
|
|
- /sbin/iptables -A OUT_TO_CHILLI -j state_chk |
299 |
|
|
- /sbin/iptables -A OUT_TO_CHILLI -p icmp --icmp-type echo-request -j ACCEPT |
300 |
|
|
- /sbin/iptables -A OUT_TO_CHILLI -j denylog |
301 |
|
|
- |
302 |
|
|
- |
303 |
|
|
- # FORWARD_FROM_CHILLI |
304 |
|
|
- /sbin/iptables -N FORWARD_FROM_CHILLI |
305 |
|
|
- /sbin/iptables -A FORWARD_FROM_CHILLI -j state_chk |
306 |
|
|
- /sbin/iptables -A FORWARD_FROM_CHILLI -s ! $net -j denylog |
307 |
|
|
- /sbin/iptables -A FORWARD_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT |
308 |
|
|
- /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -j ACCEPT |
309 |
|
|
- /sbin/iptables -A FORWARD_FROM_CHILLI -p tcp --dport 443 --syn -j ACCEPT |
310 |
|
|
- /sbin/iptables -A FORWARD_FROM_CHILLI -p tcp --dport 21 --syn -j ACCEPT |
311 |
|
|
- /sbin/iptables -A FORWARD_FROM_CHILLI -j denylog |
312 |
|
|
- |
313 |
|
|
- |
314 |
|
|
- # FORWARD_TO_CHILLI |
315 |
|
|
- /sbin/iptables -N FORWARD_TO_CHILLI |
316 |
|
|
- /sbin/iptables -A FORWARD_TO_CHILLI -j state_chk |
317 |
|
|
- /sbin/iptables -A FORWARD_FROM_CHILLI -p icmp --icmp-type destination-unreachable -j ACCEPT |
318 |
|
|
- /sbin/iptables -A FORWARD_TO_CHILLI -j denylog |
319 |
|
|
- |
320 |
|
|
- |
321 |
|
|
- # PREROUTING_FROM_CHILLI |
322 |
|
|
- /sbin/iptables -N PREROUTING_FROM_CHILLI -t nat |
323 |
|
|
- /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $LocalIP -j DNAT --to $chillip |
324 |
|
|
- /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $ExternalIP -j DNAT --to $chillip |
325 |
|
|
- |
326 |
|
|
- # Send the traffic from and to chilli in the correct chains |
327 |
|
|
- /sbin/iptables -I INPUT -i $tundev -j IN_FROM_CHILLI |
328 |
|
|
- /sbin/iptables -I OUTPUT -o $tundev -j OUT_TO_CHILLI |
329 |
|
|
- /sbin/iptables -I FORWARD -o $tundev -j FORWARD_TO_CHILLI |
330 |
|
|
- /sbin/iptables -I FORWARD -i $tundev -j FORWARD_FROM_CHILLI |
331 |
|
|
- |
332 |
|
|
- /sbin/iptables -I PREROUTING -t nat -i $tundev -j PREROUTING_FROM_CHILLI |
333 |
|
|
- |
334 |
|
|
- ### END OF RULES FOR THE HOTSPOT ### |
335 |
|
|
- |
336 |
|
|
-END |
337 |
|
|
-} |
338 |
|
|
-} |
339 |
|
|
- |
340 |
|
|
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli |
341 |
|
|
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli 1970-01-01 01:00:00.000000000 +0100 |
342 |
|
|
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli 2008-08-26 22:29:42.000000000 +0200 |
343 |
|
|
@@ -0,0 +1,11 @@ |
344 |
|
|
+ |
345 |
|
|
+ # First, remove hotspot rules |
346 |
|
|
+ stopChilli |
347 |
|
|
+ |
348 |
|
|
+ # Then, insert it if chilli is enabled |
349 |
|
|
+ status=$(/sbin/e-smith/config getprop chilli status) |
350 |
|
|
+ if [ $status = "enabled" ] |
351 |
|
|
+ then |
352 |
|
|
+ startChilli |
353 |
|
|
+ fi |
354 |
|
|
+ |