blob: e3e739b93b98ef795998ed082f8f1c742ed2bae3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
#!/bin/sh
#
# Copyright (C) 2015 Vitaly Protsko <villy@sft.ru>
errno=0
get_fieldval() {
local __data="$3"
local __rest
test -z "$1" && return
while true ; do
__rest=${__data#* }
test "$__rest" = "$__data" && break
if [ "${__data/ *}" = "$2" ]; then
eval "$1=${__rest/ *}"
break
fi
__data="$__rest"
done
}
manage_fw() {
local cmd=/usr/sbin/iptables
local mode
local item
if [ -z "$4" ]; then
$log "Bad usage of manage_fw"
errno=3; return 3
fi
case "$1" in
add|up|1) mode=A ;;
del|down|0) mode=D ;;
*) return 3 ;;
esac
for item in $4 ; do
$cmd -$mode forwarding_$2_rule -s $item -j ACCEPT
$cmd -$mode output_$3_rule -d $item -j ACCEPT
$cmd -$mode forwarding_$3_rule -d $item -j ACCEPT
$cmd -t nat -$mode postrouting_$3_rule -d $item -j ACCEPT
done
}
manage_sa() {
local spdcmd
local rtcmd
local gate
local litem
local ritem
if [ -z "$4" ]; then
$log "Bad usage of manage_sa"
errno=3; return 3
fi
case "$1" in
add|up|1) spdcmd=add; rtcmd=add ;;
del|down|0) spdcmd=delete; rtcmd=del ;;
*) errno=3; return 3 ;;
esac
get_fieldval gate src "$(/usr/sbin/ip route get $4)"
if [ -z "$gate" ]; then
$log "Can not find outbound IP for $4"
errno=3; return 3
fi
for litem in $2 ; do
for ritem in $3 ; do
echo "
spd$spdcmd $litem $ritem any -P out ipsec esp/tunnel/$gate-$4/require;
spd$spdcmd $ritem $litem any -P in ipsec esp/tunnel/$4-$gate/require;
" | /usr/sbin/setkey -c 1>&2
done
done
test -n "$5" && gate=$5
for ritem in $3 ; do
(sleep 3; /usr/sbin/ip route $rtcmd $ritem via $gate) &
done
}
. /lib/functions/network.sh
get_zoneiflist() {
local item
local data
local addr
item=0
data=$(uci get firewall.@zone[0].name)
while [ -n "$data" ]; do
test "$data" = "$1" && break
let "item=$item+1"
data=$(uci get firewall.@zone[$item].name)
done
if [ -z "$data" ]; then
errno=1
return $errno
fi
data=$(uci get firewall.@zone[$item].network)
echo "$data"
}
get_zoneiplist() {
local item
local addr
local data
local result
data=$(get_zoneiflist $1)
test $? -gt 0 -o $errno -gt 0 -o -z "$data" && return $errno
for item in $data ; do
if network_is_up $item ; then
network_get_ipaddrs addr $item
test $? -eq 0 && result="$result $addr"
fi
done
result=$(echo $result)
echo "$result"
}
# EOF /etc/racoon/functions.sh
|
