forked from extern/shorewall_code
Rearrange script samples in the Multi-ISP document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
468167f9e5
commit
551be3ed39
@ -2245,7 +2245,83 @@ defaults {
|
||||
|
||||
include /etc/lsm/shorewall.conf</programlisting>
|
||||
|
||||
<para><filename>/etc/lsm/script</filename><programlisting>#!/bin/sh
|
||||
<para><filename>/etc/lsm/script</filename> (Shorewall 4.4.23 and
|
||||
later)<programlisting>#!/bin/sh
|
||||
#
|
||||
# (C) 2009 Mika Ilmaranta <ilmis@nullnet.fi>
|
||||
# (C) 2009 Tom Eastep <teastep@shorewall.net>
|
||||
#
|
||||
# License: GPLv2
|
||||
#
|
||||
|
||||
STATE=${1}
|
||||
NAME=${2}
|
||||
CHECKIP=${3}
|
||||
DEVICE=${4}
|
||||
WARN_EMAIL=${5}
|
||||
REPLIED=${6}
|
||||
WAITING=${7}
|
||||
TIMEOUT=${8}
|
||||
REPLY_LATE=${9}
|
||||
CONS_RCVD=${10}
|
||||
CONS_WAIT=${11}
|
||||
CONS_MISS=${12}
|
||||
AVG_RTT=${13}
|
||||
|
||||
if [ -f /usr/share/shorewall-lite/lib.base ]; then
|
||||
VARDIR=/var/lib/shorewall-lite
|
||||
STATEDIR=/etc/shorewall-lite
|
||||
TOOL=/sbin/shorewall-lite
|
||||
else
|
||||
VARDIR=/var/lib/shorewall
|
||||
STATEDIR=/etc/shorewall
|
||||
TOOL=/sbin/shorewall
|
||||
fi
|
||||
|
||||
[ -f ${STATEDIR}/vardir ] && . ${STATEDIR}/vardir
|
||||
|
||||
cat <<EOM | mail -s "${NAME} ${STATE}, DEV ${DEVICE}" ${WARN_EMAIL}
|
||||
|
||||
Hi,
|
||||
|
||||
Connection ${NAME} is now ${STATE}.
|
||||
|
||||
Following parameters were passed:
|
||||
newstate = ${STATE}
|
||||
name = ${NAME}
|
||||
checkip = ${CHECKIP}
|
||||
device = ${DEVICE}
|
||||
warn_email = ${WARN_EMAIL}
|
||||
|
||||
Packet counters:
|
||||
replied = ${REPLIED} packets replied
|
||||
waiting = ${WAITING} packets waiting for reply
|
||||
timeout = ${TIMEOUT} packets that have timed out (= packet loss)
|
||||
reply_late = ${REPLY_LATE} packets that received a reply after timeout
|
||||
cons_rcvd = ${CONS_RCVD} consecutively received replies in sequence
|
||||
cons_wait = ${CONS_WAIT} consecutive packets waiting for reply
|
||||
cons_miss = ${CONS_MISS} consecutive packets that have timed out
|
||||
avg_rtt = ${AVG_RTT} average rtt, notice that waiting and timed out packets have rtt = 0 when calculating this
|
||||
|
||||
Your LSM Daemon
|
||||
|
||||
EOM
|
||||
|
||||
if [ ${STATE} = up ]; then
|
||||
# echo 0 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier
|
||||
${VARDIR}/firewall enable ${DEVICE}
|
||||
else
|
||||
# echo 1 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier
|
||||
${VARDIR}/firewall disable ${DEVICE}
|
||||
fi
|
||||
|
||||
$TOOL show routing >> /var/log/lsm
|
||||
|
||||
exit 0
|
||||
|
||||
#EOF</programlisting>Prior to Shorewall 4.4.23, it was necessary to restart
|
||||
the firewall when an interface transitions between the usable and
|
||||
unusable states.<programlisting>#!/bin/sh
|
||||
#
|
||||
# (C) 2009 Mika Ilmaranta <ilmis@nullnet.fi>
|
||||
# (C) 2009 Tom Eastep <teastep@shorewall.net>
|
||||
@ -2311,88 +2387,12 @@ EOM
|
||||
# [ ${STATE} = up ] && state=0 || state=1
|
||||
# echo $state > ${VARDIR}/${DEVICE}.status
|
||||
|
||||
$TOOL restart -f >> /var/log/lsm 2>&1
|
||||
<emphasis role="bold">$TOOL restart -f >> /var/log/lsm 2>&1</emphasis>
|
||||
|
||||
$TOOL show routing >> /var/log/lsm
|
||||
|
||||
exit 0
|
||||
|
||||
#EOF</programlisting>Beginning with Shorewall 4.4.23, it is not necessary to
|
||||
restart the firewall when an interface transitions between the usable
|
||||
and unusable
|
||||
states.<filename>/etc/lsm/script</filename><programlisting>#!/bin/sh
|
||||
#
|
||||
# (C) 2009 Mika Ilmaranta <ilmis@nullnet.fi>
|
||||
# (C) 2009 Tom Eastep <teastep@shorewall.net>
|
||||
#
|
||||
# License: GPLv2
|
||||
#
|
||||
|
||||
STATE=${1}
|
||||
NAME=${2}
|
||||
CHECKIP=${3}
|
||||
DEVICE=${4}
|
||||
WARN_EMAIL=${5}
|
||||
REPLIED=${6}
|
||||
WAITING=${7}
|
||||
TIMEOUT=${8}
|
||||
REPLY_LATE=${9}
|
||||
CONS_RCVD=${10}
|
||||
CONS_WAIT=${11}
|
||||
CONS_MISS=${12}
|
||||
AVG_RTT=${13}
|
||||
|
||||
if [ -f /usr/share/shorewall-lite/lib.base ]; then
|
||||
VARDIR=/var/lib/shorewall-lite
|
||||
STATEDIR=/etc/shorewall-lite
|
||||
TOOL=/sbin/shorewall-lite
|
||||
else
|
||||
VARDIR=/var/lib/shorewall
|
||||
STATEDIR=/etc/shorewall
|
||||
TOOL=/sbin/shorewall
|
||||
fi
|
||||
|
||||
[ -f ${STATEDIR}/vardir ] && . ${STATEDIR}/vardir
|
||||
|
||||
cat <<EOM | mail -s "${NAME} ${STATE}, DEV ${DEVICE}" ${WARN_EMAIL}
|
||||
|
||||
Hi,
|
||||
|
||||
Connection ${NAME} is now ${STATE}.
|
||||
|
||||
Following parameters were passed:
|
||||
newstate = ${STATE}
|
||||
name = ${NAME}
|
||||
checkip = ${CHECKIP}
|
||||
device = ${DEVICE}
|
||||
warn_email = ${WARN_EMAIL}
|
||||
|
||||
Packet counters:
|
||||
replied = ${REPLIED} packets replied
|
||||
waiting = ${WAITING} packets waiting for reply
|
||||
timeout = ${TIMEOUT} packets that have timed out (= packet loss)
|
||||
reply_late = ${REPLY_LATE} packets that received a reply after timeout
|
||||
cons_rcvd = ${CONS_RCVD} consecutively received replies in sequence
|
||||
cons_wait = ${CONS_WAIT} consecutive packets waiting for reply
|
||||
cons_miss = ${CONS_MISS} consecutive packets that have timed out
|
||||
avg_rtt = ${AVG_RTT} average rtt, notice that waiting and timed out packets have rtt = 0 when calculating this
|
||||
|
||||
Your LSM Daemon
|
||||
|
||||
EOM
|
||||
|
||||
<emphasis role="bold">if [ ${STATE} = up ]; then
|
||||
# echo 0 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier
|
||||
${VARDIR}/firewall enable ${DEVICE}
|
||||
else
|
||||
# echo 1 > ${VARDIR}/${DEVICE}.status # Uncomment this line if you are running Shorewall 4.4.x or earlier
|
||||
${VARDIR}/firewall disable ${DEVICE}
|
||||
fi
|
||||
</emphasis>
|
||||
$TOOL show routing >> /var/log/lsm
|
||||
|
||||
exit 0
|
||||
|
||||
#EOF</programlisting></para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user