mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-24 15:18:53 +01:00
Rearrange script samples in the Multi-ISP document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
468167f9e5
commit
551be3ed39
@ -2245,7 +2245,83 @@ defaults {
|
|||||||
|
|
||||||
include /etc/lsm/shorewall.conf</programlisting>
|
include /etc/lsm/shorewall.conf</programlisting>
|
||||||
|
|
||||||
<para><filename>/etc/lsm/script</filename><programlisting>#!/bin/sh
|
<para><filename>/etc/lsm/script</filename> (Shorewall 4.4.23 and
|
||||||
|
later)<programlisting>#!/bin/sh
|
||||||
|
#
|
||||||
|
# (C) 2009 Mika Ilmaranta <ilmis@nullnet.fi>
|
||||||
|
# (C) 2009 Tom Eastep <teastep@shorewall.net>
|
||||||
|
#
|
||||||
|
# License: GPLv2
|
||||||
|
#
|
||||||
|
|
||||||
|
STATE=${1}
|
||||||
|
NAME=${2}
|
||||||
|
CHECKIP=${3}
|
||||||
|
DEVICE=${4}
|
||||||
|
WARN_EMAIL=${5}
|
||||||
|
REPLIED=${6}
|
||||||
|
WAITING=${7}
|
||||||
|
TIMEOUT=${8}
|
||||||
|
REPLY_LATE=${9}
|
||||||
|
CONS_RCVD=${10}
|
||||||
|
CONS_WAIT=${11}
|
||||||
|
CONS_MISS=${12}
|
||||||
|
AVG_RTT=${13}
|
||||||
|
|
||||||
|
if [ -f /usr/share/shorewall-lite/lib.base ]; then
|
||||||
|
VARDIR=/var/lib/shorewall-lite
|
||||||
|
STATEDIR=/etc/shorewall-lite
|
||||||
|
TOOL=/sbin/shorewall-lite
|
||||||
|
else
|
||||||
|
VARDIR=/var/lib/shorewall
|
||||||
|
STATEDIR=/etc/shorewall
|
||||||
|
TOOL=/sbin/shorewall
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ -f ${STATEDIR}/vardir ] && . ${STATEDIR}/vardir
|
||||||
|
|
||||||
|
cat <<EOM | mail -s "${NAME} ${STATE}, DEV ${DEVICE}" ${WARN_EMAIL}
|
||||||
|
|
||||||
|
Hi,
|
||||||
|
|
||||||
|
Connection ${NAME} is now ${STATE}.
|
||||||
|
|
||||||
|
Following parameters were passed:
|
||||||
|
newstate = ${STATE}
|
||||||
|
name = ${NAME}
|
||||||
|
checkip = ${CHECKIP}
|
||||||
|
device = ${DEVICE}
|
||||||
|
warn_email = ${WARN_EMAIL}
|
||||||
|
|
||||||
|
Packet counters:
|
||||||
|
replied = ${REPLIED} packets replied
|
||||||
|
waiting = ${WAITING} packets waiting for reply
|
||||||
|
timeout = ${TIMEOUT} packets that have timed out (= packet loss)
|
||||||
|
reply_late = ${REPLY_LATE} packets that received a reply after timeout
|
||||||
|
cons_rcvd = ${CONS_RCVD} consecutively received replies in sequence
|
||||||
|
cons_wait = ${CONS_WAIT} consecutive packets waiting for reply
|
||||||
|
cons_miss = ${CONS_MISS} consecutive packets that have timed out
|
||||||
|
avg_rtt = ${AVG_RTT} average rtt, notice that waiting and timed out packets have rtt = 0 when calculating this
|
||||||
|
|
||||||
|
Your LSM Daemon
|
||||||
|
|
||||||
|
EOM
|
||||||
|
|
||||||
|
if [ ${STATE} = up ]; then
|
||||||
|
# echo 0 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier
|
||||||
|
${VARDIR}/firewall enable ${DEVICE}
|
||||||
|
else
|
||||||
|
# echo 1 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier
|
||||||
|
${VARDIR}/firewall disable ${DEVICE}
|
||||||
|
fi
|
||||||
|
|
||||||
|
$TOOL show routing >> /var/log/lsm
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
#EOF</programlisting>Prior to Shorewall 4.4.23, it was necessary to restart
|
||||||
|
the firewall when an interface transitions between the usable and
|
||||||
|
unusable states.<programlisting>#!/bin/sh
|
||||||
#
|
#
|
||||||
# (C) 2009 Mika Ilmaranta <ilmis@nullnet.fi>
|
# (C) 2009 Mika Ilmaranta <ilmis@nullnet.fi>
|
||||||
# (C) 2009 Tom Eastep <teastep@shorewall.net>
|
# (C) 2009 Tom Eastep <teastep@shorewall.net>
|
||||||
@ -2311,88 +2387,12 @@ EOM
|
|||||||
# [ ${STATE} = up ] && state=0 || state=1
|
# [ ${STATE} = up ] && state=0 || state=1
|
||||||
# echo $state > ${VARDIR}/${DEVICE}.status
|
# echo $state > ${VARDIR}/${DEVICE}.status
|
||||||
|
|
||||||
$TOOL restart -f >> /var/log/lsm 2>&1
|
<emphasis role="bold">$TOOL restart -f >> /var/log/lsm 2>&1</emphasis>
|
||||||
|
|
||||||
$TOOL show routing >> /var/log/lsm
|
$TOOL show routing >> /var/log/lsm
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
#EOF</programlisting>Beginning with Shorewall 4.4.23, it is not necessary to
|
|
||||||
restart the firewall when an interface transitions between the usable
|
|
||||||
and unusable
|
|
||||||
states.<filename>/etc/lsm/script</filename><programlisting>#!/bin/sh
|
|
||||||
#
|
|
||||||
# (C) 2009 Mika Ilmaranta <ilmis@nullnet.fi>
|
|
||||||
# (C) 2009 Tom Eastep <teastep@shorewall.net>
|
|
||||||
#
|
|
||||||
# License: GPLv2
|
|
||||||
#
|
|
||||||
|
|
||||||
STATE=${1}
|
|
||||||
NAME=${2}
|
|
||||||
CHECKIP=${3}
|
|
||||||
DEVICE=${4}
|
|
||||||
WARN_EMAIL=${5}
|
|
||||||
REPLIED=${6}
|
|
||||||
WAITING=${7}
|
|
||||||
TIMEOUT=${8}
|
|
||||||
REPLY_LATE=${9}
|
|
||||||
CONS_RCVD=${10}
|
|
||||||
CONS_WAIT=${11}
|
|
||||||
CONS_MISS=${12}
|
|
||||||
AVG_RTT=${13}
|
|
||||||
|
|
||||||
if [ -f /usr/share/shorewall-lite/lib.base ]; then
|
|
||||||
VARDIR=/var/lib/shorewall-lite
|
|
||||||
STATEDIR=/etc/shorewall-lite
|
|
||||||
TOOL=/sbin/shorewall-lite
|
|
||||||
else
|
|
||||||
VARDIR=/var/lib/shorewall
|
|
||||||
STATEDIR=/etc/shorewall
|
|
||||||
TOOL=/sbin/shorewall
|
|
||||||
fi
|
|
||||||
|
|
||||||
[ -f ${STATEDIR}/vardir ] && . ${STATEDIR}/vardir
|
|
||||||
|
|
||||||
cat <<EOM | mail -s "${NAME} ${STATE}, DEV ${DEVICE}" ${WARN_EMAIL}
|
|
||||||
|
|
||||||
Hi,
|
|
||||||
|
|
||||||
Connection ${NAME} is now ${STATE}.
|
|
||||||
|
|
||||||
Following parameters were passed:
|
|
||||||
newstate = ${STATE}
|
|
||||||
name = ${NAME}
|
|
||||||
checkip = ${CHECKIP}
|
|
||||||
device = ${DEVICE}
|
|
||||||
warn_email = ${WARN_EMAIL}
|
|
||||||
|
|
||||||
Packet counters:
|
|
||||||
replied = ${REPLIED} packets replied
|
|
||||||
waiting = ${WAITING} packets waiting for reply
|
|
||||||
timeout = ${TIMEOUT} packets that have timed out (= packet loss)
|
|
||||||
reply_late = ${REPLY_LATE} packets that received a reply after timeout
|
|
||||||
cons_rcvd = ${CONS_RCVD} consecutively received replies in sequence
|
|
||||||
cons_wait = ${CONS_WAIT} consecutive packets waiting for reply
|
|
||||||
cons_miss = ${CONS_MISS} consecutive packets that have timed out
|
|
||||||
avg_rtt = ${AVG_RTT} average rtt, notice that waiting and timed out packets have rtt = 0 when calculating this
|
|
||||||
|
|
||||||
Your LSM Daemon
|
|
||||||
|
|
||||||
EOM
|
|
||||||
|
|
||||||
<emphasis role="bold">if [ ${STATE} = up ]; then
|
|
||||||
# echo 0 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier
|
|
||||||
${VARDIR}/firewall enable ${DEVICE}
|
|
||||||
else
|
|
||||||
# echo 1 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier
|
|
||||||
${VARDIR}/firewall disable ${DEVICE}
|
|
||||||
fi
|
|
||||||
</emphasis>
|
|
||||||
$TOOL show routing >> /var/log/lsm
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
#EOF</programlisting></para>
|
#EOF</programlisting></para>
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
Loading…
Reference in New Issue
Block a user