shorewall_code/Shorewall6/ipv6

173 lines
4.6 KiB
Plaintext
Raw Normal View History

#!/bin/sh
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net)
#
# On most distributions, this file should be called /etc/init.d/shorewall.
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc.,51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301 USA
#
# If an error occurs while starting or restarting the firewall, the
# firewall is automatically stopped.
#
# Commands are:
#
# ipv6 start Starts ipv6
# ipv6 restart Restarts ipv6
# ipv6 reload Restarts ipv6
# ipv6 stop Stops ipv6
# ipv6 status Displays ipv6 status
#
# chkconfig: 2345 4 99
# description: Configure a 6to4 tunnel
### BEGIN INIT INFO
# Provides: ipv6
# Required-Start: boot.udev
# Required-Stop:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: starts and stops ipv6
### END INIT INFO
################################################################################
# Interfaces to be configured
#
# External Interface
#
SIT="sit1"
#
# If the external interface is a 6to4 tunnel (sit device) then specify the
# IPv4 address here. Otherwise, leave this variable enpty
#
ADDRESS4=206.124.146.180
#
# Internal interfaces of the firewall -- space separated
#
INTERFACES="eth0"
#
# Bits 48-63 of the first internal interface address. Will be incremented
# for each additional internal interface.
#
SLA=1
#
# Default Gateway -- for 6to4, this is ::192.88.99.1
#
GATEWAY=::192.88.99.1
#
# For 6to4 configurations, the ADDRESS6 variable is calculated as follows.
#
# For other configurations, you need to specify ADDRESS6.
#
# ADDRESS6 is assumed to be a 48-bit prefix. If not, then the logic for
# addressing on the internal networks needs to be replaced below.
#
ADDRESS6=$(printf 2002:%02x%02x:%02x%02x $(echo $ADDRESS4 | tr '.' ' '))
#
# The global address of $SIT
#
SITADDR=${ADDRESS6}::1
################################################################################
# Give Usage Information #
################################################################################
usage() {
echo "Usage: $0 start|stop|reload|restart|status"
exit 1
}
################################################################################
# Start IPv6
################################################################################
do_start()
{
local interface
if [ -n "$SIT" ]; then
if [ -n "$ADDRESS4" ]; then
#
# 6to4 -- create tunnel
#
modprobe sit
/sbin/ip tunnel add $SIT mode sit ttl 64 remote any local $ADDRESS4
fi
#
# Configure the external IP address
#
/sbin/ip -6 addr add ${SITADDR} dev $SIT
[ -n "$ADDRESS4" ] && /sbin/ip link set dev $SIT up
[ -n "$GATEWAY" ] && /sbin/ip -6 route add default via $GATEWAY dev $SIT metric 1
fi
for interface in $INTERFACES ; do
/sbin/ip -6 addr add ${ADDRESS6}:$SLA::1/64 dev $interface
SLA=$(($SLA + 1 ))
done
}
################################################################################
# Stop IPv6
################################################################################
do_stop()
{
local interface
local device
device=1
local original_sla
original_sli=$SLA
if [ -n "$SIT" ]; then
if [ -n "$ADDRESS4" ]; then
/sbin/ip link set $SIT down
else
/sbin/ip -6 addr del ${SITADDR} dev $SIT
[ -n "$GATEWAY" ] && /sbin/ip -6 route del default via $GATEWAY dev $SIT metric 1
fi
[ -n "$ADDRESS4" ] && /sbin/ip tunnel del $SIT
fi
for interface in $INTERFACES; do
/sbin/ip -6 addr del ${ADDRESS6}:$SLA::1/64 dev $interface
SLA=$(($SLA + 1 ))
done
SLA=$original_sla #In case this is a restart/reload
}
################################################################################
# E X E C U T I O N B E G I N S H E R E #
################################################################################
command="$1"
case "$command" in
start)
do_start
;;
stop)
do_stop
;;
restart|reload)
do_stop
do_start
;;
status)
/sbin/ip -6 addr list
/sbin/ip -6 route list
;;
*)
usage
;;
esac