KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add new rc.common for standardized init scripts, convert existing init scripts

Browse source 
SVN-Revision: 4915
This commit is contained in:
Felix Fietkau 2006-10-04 20:05:48 +00:00
parent 1bb321cbec
commit af5f6ac550
16 changed files with 1152 additions and 1024 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
openwrt/package/base-files/ar7-2.4/etc/init.d/S00adam2
View file

@ -1,8 +1,12 @@
#!/bin/sh #!/bin/sh /etc/rc.common
# ADAM2 patcher for Netgear DG834 and compatible # ADAM2 patcher for Netgear DG834 and compatible
MD5="$(md5sum /dev/mtdblock/0 | awk '{print $1}')" # Copyright (C) 2006 OpenWrt.org
[ "$MD5" = "0530bfdf00ec155f4182afd70da028c1" ] && {
mtd unlock adam2 start() {
/sbin/adam2patcher /dev/mtdblock/0 MD5="$(md5sum /dev/mtdblock/0 | awk '{print $1}')"
[ "$MD5" = "0530bfdf00ec155f4182afd70da028c1" ] && {
mtd unlock adam2
/sbin/adam2patcher /dev/mtdblock/0
}
rm -f /etc/init.d/S00adam2 /sbin/adam2patcher >&- 2>&-
} }
rm -f /etc/init.d/S00adam2 /sbin/adam2patcher >&- 2>&-

159
openwrt/package/base-files/brcm-2.4/etc/init.d/S05netconfig
View file

@ -1,86 +1,87 @@
#!/bin/sh #!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org # Copyright (C) 2006 OpenWrt.org
[ -e /etc/config/network ] && exit 0 start() {
[ -e /etc/config/network ] && exit 0
mkdir -p /etc/config mkdir -p /etc/config
( (
if grep -E 'mtd0: 000(6|a)0000' /proc/mtd 2>&- >&-; then if grep -E 'mtd0: 000(6|a)0000' /proc/mtd 2>&- >&-; then
# WGT634u # WGT634u
echo boardtype=wgt634u echo boardtype=wgt634u
else else
strings /dev/mtdblock/3 strings /dev/mtdblock/3
fi fi
) | awk ' ) | awk '
function p(cfgname, name) { function p(cfgname, name) {
if (c[name] != "") print " option " cfgname " \"" c[name] "\"" if (c[name] != "") print " option " cfgname " \"" c[name] "\""
} }
BEGIN { BEGIN {
FS="=" FS="="
c["lan_ifname"]="eth0.0 wl0" c["lan_ifname"]="eth0.0 wl0"
c["wan_ifname"]="eth0.1" c["wan_ifname"]="eth0.1"
c["vlan0ports"]="1 2 3 4 5*" c["vlan0ports"]="1 2 3 4 5*"
c["vlan1ports"]="0 5" c["vlan1ports"]="0 5"
} }
($1 == "boardnum") || ($1 == "boardtype") || ($1 == "boardflags") { ($1 == "boardnum") || ($1 == "boardtype") || ($1 == "boardflags") {
nvram[$1] = $2 nvram[$1] = $2
} }
END { END {
# v1 hardware # v1 hardware
if (nvram["boardtype"] == "bcm94710dev") { if (nvram["boardtype"] == "bcm94710dev") {
# Asus WL-500g # Asus WL-500g
if (nvram["boardnum"] == "asusX") { if (nvram["boardnum"] == "asusX") {
c["lan_ifname"]="eth0 eth1 wl0" # FIXME c["lan_ifname"]="eth0 eth1 wl0" # FIXME
c["wan_ifname"]=""
}
}
if (nvram["boardtype"] == "wgt634u") {
c["vlan0ports"] = "0 1 2 3 5*"
c["vlan1ports"] = "4 5"
c["lan_ifname"] = "eth0.0 ath0"
}
if ((nvram["boardtype"] == "0x0467") || (nvram["boardtype"] == "0x042f")) {
c["vlan0ports"] = "0 1 2 3 5*"
c["vlan1ports"] = "4 5"
}
# WAP54G
if ((nvram["boardnum"] == "2") || \
(nvram["boardnum"] == "1024")) {
c["lan_ifname"]="eth0 wl0"
c["wan_ifname"]="" c["wan_ifname"]=""
} }
}
if (nvram["boardtype"] == "wgt634u") { print "#### VLAN configuration "
c["vlan0ports"] = "0 1 2 3 5*" print "config switch eth0"
c["vlan1ports"] = "4 5" p("vlan0", "vlan0ports")
c["lan_ifname"] = "eth0.0 ath0" p("vlan1", "vlan1ports")
} print ""
if ((nvram["boardtype"] == "0x0467") || (nvram["boardtype"] == "0x042f")) { print ""
c["vlan0ports"] = "0 1 2 3 5*" print "#### Loopback configuration"
c["vlan1ports"] = "4 5" print "config interface loopback"
} print " option ifname \"lo\""
print " option proto static"
# WAP54G print " option ipaddr 127.0.0.1"
if ((nvram["boardnum"] == "2") || \ print " option netmask 255.0.0.0"
(nvram["boardnum"] == "1024")) { print ""
c["lan_ifname"]="eth0 wl0" print ""
c["wan_ifname"]="" print "#### LAN configuration"
} print "config interface lan"
print " option type bridge"
print "#### VLAN configuration " p("ifname", "lan_ifname")
print "config switch eth0" print " option proto static"
p("vlan0", "vlan0ports") print " option ipaddr 192.168.1.1"
p("vlan1", "vlan1ports") print " option netmask 255.255.255.0"
print "" print ""
print "" print ""
print "#### Loopback configuration" print "#### WAN configuration"
print "config interface loopback" print "config interface wan"
print " option ifname \"lo\"" p("ifname", "wan_ifname")
print " option proto static" print " option proto dhcp"
print " option ipaddr 127.0.0.1" }' > /etc/config/network
print " option netmask 255.0.0.0"
print ""
print ""
print "#### LAN configuration"
print "config interface lan"
print " option type bridge"
p("ifname", "lan_ifname")
print " option proto static"
print " option ipaddr 192.168.1.1"
print " option netmask 255.255.255.0"
print ""
print ""
print "#### WAN configuration"
print "config interface wan"
p("ifname", "wan_ifname")
print " option proto dhcp"
} }
' > /etc/config/network

163
openwrt/package/base-files/brcm-2.6/etc/init.d/S05netconfig
View file

@ -1,86 +1,87 @@
#!/bin/sh #!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org # Copyright (C) 2006 OpenWrt.org
[ -e /etc/config/network ] && exit 0 start() {
[ -e /etc/config/network ] && exit 0
mkdir -p /etc/config
mkdir -p /etc/config
(
if grep -E 'mtd0: 000(6|a)0000' /proc/mtd 2>&- >&-; then (
# WGT634u if grep -E 'mtd0: 000(6|a)0000' /proc/mtd 2>&- >&-; then
echo boardtype=wgt634u # WGT634u
else echo boardtype=wgt634u
strings /dev/mtdblock/3 else
fi strings /dev/mtdblock/3
) | awk ' fi
function p(cfgname, name) { ) | awk '
if (c[name] != "") print " option " cfgname " \"" c[name] "\"" function p(cfgname, name) {
} if (c[name] != "") print " option " cfgname " \"" c[name] "\""
}
BEGIN {
FS="=" BEGIN {
c["lan_ifname"]="eth0.0 wl0" FS="="
c["wan_ifname"]="eth0.1" c["lan_ifname"]="eth0.0 wl0"
c["vlan0ports"]="1 2 3 4 5*" c["wan_ifname"]="eth0.1"
c["vlan1ports"]="0 5" c["vlan0ports"]="1 2 3 4 5*"
} c["vlan1ports"]="0 5"
}
($1 == "boardnum") || ($1 == "boardtype") || ($1 == "boardflags") {
nvram[$1] = $2 ($1 == "boardnum") || ($1 == "boardtype") || ($1 == "boardflags") {
} nvram[$1] = $2
}
END {
# v1 hardware END {
if (nvram["boardtype"] == "bcm94710dev") { # v1 hardware
# Asus WL-500g if (nvram["boardtype"] == "bcm94710dev") {
if (nvram["boardnum"] == "asusX") { # Asus WL-500g
c["lan_ifname"]="eth0 eth1 wl0" # FIXME if (nvram["boardnum"] == "asusX") {
c["lan_ifname"]="eth0 eth1 wl0" # FIXME
c["wan_ifname"]=""
}
}
if (nvram["boardtype"] == "wgt634u") {
c["vlan0ports"] = "0 1 2 3 5*"
c["vlan1ports"] = "4 5"
c["lan_ifname"] = "eth0.0 ath0"
}
if ((nvram["boardtype"] == "0x0467") || (nvram["boardtype"] == "0x042f")) {
c["vlan0ports"] = "0 1 2 3 5*"
c["vlan1ports"] = "4 5"
}
# WAP54G
if ((nvram["boardnum"] == "2") || \
(nvram["boardnum"] == "1024")) {
c["lan_ifname"]="eth0 wl0"
c["wan_ifname"]="" c["wan_ifname"]=""
} }
}
if (nvram["boardtype"] == "wgt634u") { print "#### VLAN configuration "
c["vlan0ports"] = "0 1 2 3 5*" print "config switch eth0"
c["vlan1ports"] = "4 5" p("vlan0", "vlan0ports")
c["lan_ifname"] = "eth0.0 ath0" p("vlan1", "vlan1ports")
} print ""
if ((nvram["boardtype"] == "0x0467") || (nvram["boardtype"] == "0x042f")) { print ""
c["vlan0ports"] = "0 1 2 3 5*" print "#### Loopback configuration"
c["vlan1ports"] = "4 5" print "config interface loopback"
} print " option ifname \"lo\""
print " option proto static"
# WAP54G print " option ipaddr 127.0.0.1"
if ((nvram["boardnum"] == "2") || \ print " option netmask 255.0.0.0"
(nvram["boardnum"] == "1024")) { print ""
c["lan_ifname"]="eth0 wl0" print ""
c["wan_ifname"]="" print "#### LAN configuration"
} print "config interface lan"
print " option type bridge"
print "#### VLAN configuration " p("ifname", "lan_ifname")
print "config switch eth0" print " option proto static"
p("vlan0", "vlan0ports") print " option ipaddr 192.168.1.1"
p("vlan1", "vlan1ports") print " option netmask 255.255.255.0"
print "" print ""
print "" print ""
print "#### Loopback configuration" print "#### WAN configuration"
print "config interface loopback" print "config interface wan"
print " option ifname \"lo\"" p("ifname", "wan_ifname")
print " option proto static" print " option proto dhcp"
print " option ipaddr 127.0.0.1" }' > /etc/config/network
print " option netmask 255.0.0.0"
print ""
print ""
print "#### LAN configuration"
print "config interface lan"
print " option type bridge"
p("ifname", "lan_ifname")
print " option proto static"
print " option ipaddr 192.168.1.1"
print " option netmask 255.255.255.0"
print ""
print ""
print "#### WAN configuration"
print "config interface wan"
p("ifname", "wan_ifname")
print " option proto dhcp"
} }
' > /etc/config/network

46
openwrt/package/base-files/default/etc/init.d/S10boot
View file

@ -1,25 +1,25 @@
#!/bin/sh #!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org # Copyright (C) 2006 OpenWrt.org
. /etc/functions.sh start() {
[ -f /proc/mounts ] || /sbin/mount_root
[ -f /proc/mounts ] || /sbin/mount_root [ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc
[ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc vconfig set_name_type DEV_PLUS_VID_NO_PAD
vconfig set_name_type DEV_PLUS_VID_NO_PAD
HOSTNAME=${wan_hostname%%.*}
HOSTNAME=${wan_hostname%%.*} echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname
echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname
mkdir -p /var/run
mkdir -p /var/run mkdir -p /var/log
mkdir -p /var/log mkdir -p /var/lock
mkdir -p /var/lock touch /var/log/wtmp
touch /var/log/wtmp touch /var/log/lastlog
touch /var/log/lastlog [ "$FAILSAFE" = "true" ] && touch /tmp/.failsafe
[ "$FAILSAFE" = "true" ] && touch /tmp/.failsafe
# manually trigger hotplug before loading modules
# manually trigger hotplug before loading modules for iface in $(awk -F: '/:/ {print $1}' /proc/net/dev); do
for iface in $(awk -F: '/:/ {print $1}' /proc/net/dev); do /usr/bin/env -i ACTION=add INTERFACE="$iface" /sbin/hotplug net
/usr/bin/env -i ACTION=add INTERFACE="$iface" /sbin/hotplug net done
done
load_modules /etc/modules /etc/modules.d/*
load_modules /etc/modules /etc/modules.d/* }

14
openwrt/package/base-files/default/etc/init.d/S40network
View file

@ -1,9 +1,11 @@
#!/bin/sh #!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org # Copyright (C) 2006 OpenWrt.org
setup_switch() { return 0; } start() {
setup_switch() { return 0; }
include /lib/network
setup_switch
/sbin/wifi
}
. /etc/functions.sh
include /lib/network
setup_switch
/sbin/wifi

10
openwrt/package/base-files/default/etc/init.d/S50httpd
View file

@ -1,4 +1,10 @@
#!/bin/sh #!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org # Copyright (C) 2006 OpenWrt.org
[ -d /www ] && httpd -p 80 -h /www -r OpenWrt start() {
[ -d /www ] && httpd -p 80 -h /www -r OpenWrt
}
stop() {
killall httpd
}

10
openwrt/package/base-files/default/etc/init.d/S50telnet
View file

@ -1,4 +1,10 @@
#!/bin/sh #!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org # Copyright (C) 2006 OpenWrt.org
if awk -F: '/^root:/ && $2 !~ /\!/ {exit 1}' /etc/passwd 2>/dev/null; then telnetd -l /bin/login; fi start() {
if awk -F: '/^root:/ && $2 !~ /\!/ {exit 1}' /etc/passwd 2>/dev/null; then telnetd -l /bin/login; fi
}
stop() {
killall telnetd
}

14
openwrt/package/base-files/default/etc/init.d/S60cron
View file

@ -1,6 +1,12 @@
#!/bin/sh #!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org # Copyright (C) 2006 OpenWrt.org
mkdir -p /var/spool/cron start () {
ln -s /etc/crontabs /var/spool/cron/crontabs mkdir -p /var/spool/cron
crond -c /etc/crontabs ln -s /etc/crontabs /var/spool/cron/crontabs
crond -c /etc/crontabs
}
stop() {
killall crond
}

11
openwrt/package/base-files/default/etc/init.d/S98done
View file

@ -1,11 +0,0 @@
#!/bin/sh
# Copyright (C) 2006 OpenWrt.org
sysctl -p >&-
# automagically run firstboot
{ mount|grep "on / type tmpfs" 1>&-; } && {
lock /tmp/.switch2jffs
firstboot switch2jffs
lock -u /tmp/.switch2jffs
}

17
openwrt/package/base-files/default/etc/init.d/rcS
View file

@ -10,6 +10,17 @@ ${FAILSAFE:+exit}
syslogd -C 16 #${log_ipaddr:+-L -R $log_ipaddr} syslogd -C 16 #${log_ipaddr:+-L -R $log_ipaddr}
klogd klogd
for i in /etc/init.d/S*; do (
$i start 2>&1 for i in /etc/init.d/S*; do
done | logger -s -p 6 -t '' & $i start 2>&1
done
sysctl -p >&-
# automagically run firstboot
{ mount|grep "on / type tmpfs" 1>&-; } && {
lock /tmp/.switch2jffs
firstboot switch2jffs
lock -u /tmp/.switch2jffs
}
) | logger -s -p 6 -t '' &

77
openwrt/package/base-files/default/etc/rc.common Executable file
View file

@ -0,0 +1,77 @@
#!/bin/sh
. /etc/functions.sh
start() {
return 0
}
stop() {
return 0
}
reload() {
return 1
}
restart() {
stop
start
}
boot() {
start
}
shutdown() {
return 0
}
disable() {
rm -f /etc/rc.d/${initscript##*/}
}
enable() {
disable
ln -s /etc/init.d/${initscript##*/} /etc/rc.d/${initscript##*/}
}
depends() {
return 0
}
help() {
cat <<EOF
Syntax: $0 [command]
Available commands:
start Start the service
stop Stop the service
restart Restart the service
reload Reload configuration files (or restart if that fails)
enable Enable the service (load at boot time)
disable Disable the service
$EXTRA_HELP
EOF
}
initscript="$1"
action="$2"
. "$initscript"
cmds=
for cmd in $EXTRA_COMMANDS; do
cmds="$cmd) $cmd;;"
done
eval "case \"\$action\" in
start) start;;
stop) stop;;
reload) reload || restart;;
restart) restart;;
enable) enable;;
disable) disable;;
boot) boot;;
shutdown) shutdown;;
$cmds
*) help;;
esac"

103
openwrt/package/dnsmasq/files/dnsmasq.init
View file

@ -1,50 +1,57 @@
#!/bin/sh #!/bin/sh /etc/rc.common
. /etc/functions.sh # Copyright (C) 2006 OpenWrt.org
include /lib/network
scan_interfaces
# The following is to automatically configure the DHCP settings start() {
# based on config settings. Feel free to replace all this crap include /lib/network
# with a simple "dnsmasq" and manage everything via the scan_interfaces
# /etc/dnsmasq.conf config file
# The following is to automatically configure the DHCP settings
# based on config settings. Feel free to replace all this crap
# with a simple "dnsmasq" and manage everything via the
# /etc/dnsmasq.conf config file
[ -f /etc/dnsmasq.conf ] || exit
args=""
iface=lan
config_get ifname "$iface" ifname
config_get proto "$iface" proto
[ "$proto" = static ] && dhcp_enable="${dhcp_enable:-1}"
dhcp_start="${dhcp_start:-100}"
dhcp_num="${dhcp_num:-50}"
dhcp_lease="${dhcp_lease:-12h}"
# if dhcp_enable is unset and there is a dhcp server on the network already, default to dhcp_enable=0
[ -z "$dhcp_enable" ] && udhcpc -n -q -R -s /bin/true -i $ifname >&- && dhcp_enable="${dhcp_enable:-0}"
# dhcp_enable=0 disables the dhcp server
(
[ -z "$dhcp_enable" -o "$dhcp_enable" -eq 1 ] && {
# no existing DHCP server?
# calculate settings
config_get ipaddr "$iface" ipaddr
config_get netmask "$iface" netmask
eval $(ipcalc $ipaddr $netmask ${dhcp_start:-100} ${dhcp_num:-150})
# and pass the args via config parser defines
echo "${dhcp_enable:+@define dhcp_enable 1}"
echo "@define netmask $NETMASK"
echo "@define start $START"
echo "@define end $END"
echo "@define lease ${dhcp_lease:-12h}"
}
# ignore requests from wan interface
config_get wan_proto wan proto
config_get wan_ifname wan ifname
[ -z "$wan_proto" -o "$wan_proto" = "none" ] || echo "@define wan_ifname $wan_ifname"
cat /etc/dnsmasq.conf
) | awk -f /usr/lib/parse-config.awk | dnsmasq -C /proc/self/fd/0
}
[ -f /etc/dnsmasq.conf ] || exit stop() {
killall dnsmasq
args="" }
iface=lan
config_get ifname "$iface" ifname
config_get proto "$iface" proto
[ "$proto" = static ] && dhcp_enable="${dhcp_enable:-1}"
dhcp_start="${dhcp_start:-100}"
dhcp_num="${dhcp_num:-50}"
dhcp_lease="${dhcp_lease:-12h}"
# if dhcp_enable is unset and there is a dhcp server on the network already, default to dhcp_enable=0
[ -z "$dhcp_enable" ] && udhcpc -n -q -R -s /bin/true -i $ifname >&- && dhcp_enable="${dhcp_enable:-0}"
# dhcp_enable=0 disables the dhcp server
(
[ -z "$dhcp_enable" -o "$dhcp_enable" -eq 1 ] && {
# no existing DHCP server?
# calculate settings
config_get ipaddr "$iface" ipaddr
config_get netmask "$iface" netmask
eval $(ipcalc $ipaddr $netmask ${dhcp_start:-100} ${dhcp_num:-150})
# and pass the args via config parser defines
echo "${dhcp_enable:+@define dhcp_enable 1}"
echo "@define netmask $NETMASK"
echo "@define start $START"
echo "@define end $END"
echo "@define lease ${dhcp_lease:-12h}"
}
# ignore requests from wan interface
config_get wan_proto wan proto
config_get wan_ifname wan ifname
[ -z "$wan_proto" -o "$wan_proto" = "none" ] || echo "@define wan_ifname $wan_ifname"
cat /etc/dnsmasq.conf
) | awk -f /usr/lib/parse-config.awk | dnsmasq -C /proc/self/fd/0

33
openwrt/package/dropbear/files/dropbear.init
View file

@ -1,16 +1,19 @@
#!/bin/sh #!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org
for type in rsa dss; do { start() {
# check for keys for type in rsa dss; do {
key=/etc/dropbear/dropbear_${type}_host_key # check for keys
[ ! -f $key ] && { key=/etc/dropbear/dropbear_${type}_host_key
# generate missing keys [ ! -f $key ] && {
mkdir -p /etc/dropbear # generate missing keys
[ -x /usr/bin/dropbearkey ] && { mkdir -p /etc/dropbear
/usr/bin/dropbearkey -t $type -f $key 2>&- >&- && exec $0 $* [ -x /usr/bin/dropbearkey ] && {
} & /usr/bin/dropbearkey -t $type -f $key 2>&- >&- && exec $0 $*
exit 0 } &
} exit 0
}; done }
}; done
/usr/sbin/dropbear
/usr/sbin/dropbear
}

208
openwrt/package/iptables/files/firewall.init
View file

@ -1,103 +1,115 @@
#!/bin/sh #!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org # Copyright (C) 2006 OpenWrt.org
## Please make changes in /etc/firewall.user ## Please make changes in /etc/firewall.user
. /etc/functions.sh start() {
include /lib/network include /lib/network
scan_interfaces
scan_interfaces
config_get WAN wan ifname config_get WAN wan ifname
config_get LAN lan ifname config_get LAN lan ifname
## CLEAR TABLES ## CLEAR TABLES
for T in filter nat; do for T in filter nat; do
iptables -t $T -F iptables -t $T -F
iptables -t $T -X iptables -t $T -X
done done
iptables -N input_rule iptables -N input_rule
iptables -N output_rule iptables -N output_rule
iptables -N forwarding_rule iptables -N forwarding_rule
iptables -t nat -N prerouting_rule iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule iptables -t nat -N postrouting_rule
iptables -N LAN_ACCEPT iptables -N LAN_ACCEPT
[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN [ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
iptables -A LAN_ACCEPT -j ACCEPT iptables -A LAN_ACCEPT -j ACCEPT
### INPUT ### INPUT
### (connections with the router as destination) ### (connections with the router as destination)
# base case # base case
iptables -P INPUT DROP iptables -P INPUT DROP
iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP
# #
# insert accept rule or to jump to new accept-check table here # insert accept rule or to jump to new accept-check table here
# #
iptables -A INPUT -j input_rule iptables -A INPUT -j input_rule
# allow # allow
iptables -A INPUT -j LAN_ACCEPT # allow from lan/wifi interfaces iptables -A INPUT -j LAN_ACCEPT # allow from lan/wifi interfaces
iptables -A INPUT -p icmp -j ACCEPT # allow ICMP iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
iptables -A INPUT -p gre -j ACCEPT # allow GRE iptables -A INPUT -p gre -j ACCEPT # allow GRE
# reject (what to do with anything not allowed earlier) # reject (what to do with anything not allowed earlier)
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
### OUTPUT ### OUTPUT
### (connections with the router as source) ### (connections with the router as source)
# base case # base case
iptables -P OUTPUT DROP iptables -P OUTPUT DROP
iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# #
# insert accept rule or to jump to new accept-check table here # insert accept rule or to jump to new accept-check table here
# #
iptables -A OUTPUT -j output_rule iptables -A OUTPUT -j output_rule
# allow # allow
iptables -A OUTPUT -j ACCEPT #allow everything out iptables -A OUTPUT -j ACCEPT #allow everything out
# reject (what to do with anything not allowed earlier) # reject (what to do with anything not allowed earlier)
iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
### FORWARDING ### FORWARDING
### (connections routed through the router) ### (connections routed through the router)
# base case # base case
iptables -P FORWARD DROP iptables -P FORWARD DROP
iptables -A FORWARD -m state --state INVALID -j DROP iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# #
# insert accept rule or to jump to new accept-check table here # insert accept rule or to jump to new accept-check table here
# #
iptables -A FORWARD -j forwarding_rule iptables -A FORWARD -j forwarding_rule
# allow # allow
iptables -A FORWARD -i br0 -o br0 -j ACCEPT iptables -A FORWARD -i br0 -o br0 -j ACCEPT
[ -z "$WAN" ] || iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT [ -z "$WAN" ] || iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
# reject (what to do with anything not allowed earlier) # reject (what to do with anything not allowed earlier)
# uses the default -P DROP # uses the default -P DROP
### MASQ ### MASQ
iptables -t nat -A PREROUTING -j prerouting_rule iptables -t nat -A PREROUTING -j prerouting_rule
iptables -t nat -A POSTROUTING -j postrouting_rule iptables -t nat -A POSTROUTING -j postrouting_rule
[ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE [ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
## USER RULES ## USER RULES
[ -f /etc/firewall.user ] && . /etc/firewall.user [ -f /etc/firewall.user ] && . /etc/firewall.user
[ -n "$WAN" -a -e /etc/config/firewall ] && { [ -n "$WAN" -a -e /etc/config/firewall ] && {
awk -f /usr/lib/common.awk -f /usr/lib/firewall.awk /etc/config/firewall | ash awk -f /usr/lib/common.awk -f /usr/lib/firewall.awk /etc/config/firewall | ash
}
}
stop() {
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -F
} }

6
openwrt/package/madwifi/files/madwifi.init
View file

@ -1,2 +1,4 @@
#!/bin/sh #!/bin/sh /etc/rc.common
iwpriv ath0 mode 3 start() {
iwpriv ath0 mode 3
}

1289
openwrt/target/linux/brcm-2.4/patches/001-bcm47xx.patch
View file

File diff suppressed because it is too large Load diff