You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

137 lines
2.4 KiB

#!/bin/sh
#
# Copyright (C) 2015 Vitaly Protsko <villy@sft.ru>
errno=0
get_fieldval() {
local __data="$3"
local __rest
test -z "$1" && return
while true ; do
__rest=${__data#* }
test "$__rest" = "$__data" && break
if [ "${__data/ *}" = "$2" ]; then
eval "$1=${__rest/ *}"
break
fi
__data="$__rest"
done
}
manage_fw() {
local cmd=/usr/sbin/iptables
local mode
local item
if [ -z "$4" ]; then
$log "Bad usage of manage_fw"
errno=3; return 3
fi
case "$1" in
add|up|1) mode=A ;;
del|down|0) mode=D ;;
*) return 3 ;;
esac
for item in $4 ; do
$cmd -$mode forwarding_$2_rule -s $item -j ACCEPT
$cmd -$mode output_$3_rule -d $item -j ACCEPT
$cmd -$mode forwarding_$3_rule -d $item -j ACCEPT
$cmd -t nat -$mode postrouting_$3_rule -d $item -j ACCEPT
done
}
manage_sa() {
local spdcmd
local rtcmd
local gate
local litem
local ritem
if [ -z "$4" ]; then
$log "Bad usage of manage_sa"
errno=3; return 3
fi
case "$1" in
add|up|1) spdcmd=add; rtcmd=add ;;
del|down|0) spdcmd=delete; rtcmd=del ;;
*) errno=3; return 3 ;;
esac
get_fieldval gate src "$(/usr/sbin/ip route get $4)"
if [ -z "$gate" ]; then
$log "Can not find outbound IP for $4"
errno=3; return 3
fi
for litem in $2 ; do
for ritem in $3 ; do
echo "
spd$spdcmd $litem $ritem any -P out ipsec esp/tunnel/$gate-$4/require;
spd$spdcmd $ritem $litem any -P in ipsec esp/tunnel/$4-$gate/require;
" | /usr/sbin/setkey -c 1>&2
done
done
test -n "$5" && gate=$5
for ritem in $3 ; do
(sleep 3; /usr/sbin/ip route $rtcmd $ritem via $gate) &
done
}
. /lib/functions/network.sh
get_zoneiflist() {
local item
local data
local addr
item=0
data=$(uci get firewall.@zone[0].name)
while [ -n "$data" ]; do
test "$data" = "$1" && break
let "item=$item+1"
data=$(uci get firewall.@zone[$item].name)
done
if [ -z "$data" ]; then
errno=1
return $errno
fi
data=$(uci get firewall.@zone[$item].network)
echo "$data"
}
get_zoneiplist() {
local item
local addr
local data
local result
data=$(get_zoneiflist $1)
test $? -gt 0 -o $errno -gt 0 -o -z "$data" && return $errno
for item in $data ; do
if network_is_up $item ; then
network_get_ipaddrs addr $item
test $? -eq 0 && result="$result $addr"
fi
done
result=$(echo $result)
echo "$result"
}
# EOF /etc/racoon/functions.sh