forked from extern/shorewall_code
d904a2de86
Signed-off-by: Tom Eastep <teastep@shorewall.net>
173 lines
4.6 KiB
Bash
Executable File
173 lines
4.6 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
|
#
|
|
# (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net)
|
|
#
|
|
# On most distributions, this file should be called /etc/init.d/shorewall.
|
|
#
|
|
# Complete documentation is available at http://shorewall.net
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of Version 2 of the GNU General Public License
|
|
# as published by the Free Software Foundation.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc.,51 Franklin Street, Fifth Floor,
|
|
# Boston, MA 02110-1301 USA
|
|
#
|
|
# If an error occurs while starting or restarting the firewall, the
|
|
# firewall is automatically stopped.
|
|
#
|
|
# Commands are:
|
|
#
|
|
# ipv6 start Starts ipv6
|
|
# ipv6 restart Restarts ipv6
|
|
# ipv6 reload Restarts ipv6
|
|
# ipv6 stop Stops ipv6
|
|
# ipv6 status Displays ipv6 status
|
|
#
|
|
|
|
# chkconfig: 2345 4 99
|
|
# description: Configure a 6to4 tunnel
|
|
|
|
### BEGIN INIT INFO
|
|
# Provides: ipv6
|
|
# Required-Start: boot.udev
|
|
# Required-Stop:
|
|
# Default-Start: 2 3 5
|
|
# Default-Stop: 0 1 6
|
|
# Description: starts and stops ipv6
|
|
### END INIT INFO
|
|
|
|
################################################################################
|
|
# Interfaces to be configured
|
|
#
|
|
# External Interface
|
|
#
|
|
SIT="sit1"
|
|
#
|
|
# If the external interface is a 6to4 tunnel (sit device) then specify the
|
|
# IPv4 address here. Otherwise, leave this variable enpty
|
|
#
|
|
ADDRESS4=206.124.146.180
|
|
#
|
|
# Internal interfaces of the firewall -- space separated
|
|
#
|
|
INTERFACES="eth0"
|
|
#
|
|
# Bits 48-63 of the first internal interface address. Will be incremented
|
|
# for each additional internal interface.
|
|
#
|
|
SLA=1
|
|
#
|
|
# Default Gateway -- for 6to4, this is ::192.88.99.1
|
|
#
|
|
GATEWAY=::192.88.99.1
|
|
#
|
|
# For 6to4 configurations, the ADDRESS6 variable is calculated as follows.
|
|
#
|
|
# For other configurations, you need to specify ADDRESS6.
|
|
#
|
|
# ADDRESS6 is assumed to be a 48-bit prefix. If not, then the logic for
|
|
# addressing on the internal networks needs to be replaced below.
|
|
#
|
|
ADDRESS6=$(printf 2002:%02x%02x:%02x%02x $(echo $ADDRESS4 | tr '.' ' '))
|
|
#
|
|
# The global address of $SIT
|
|
#
|
|
SITADDR=${ADDRESS6}::1
|
|
################################################################################
|
|
# Give Usage Information #
|
|
################################################################################
|
|
usage() {
|
|
echo "Usage: $0 start|stop|reload|restart|status"
|
|
exit 1
|
|
}
|
|
################################################################################
|
|
# Start IPv6
|
|
################################################################################
|
|
do_start()
|
|
{
|
|
local interface
|
|
|
|
if [ -n "$SIT" ]; then
|
|
if [ -n "$ADDRESS4" ]; then
|
|
#
|
|
# 6to4 -- create tunnel
|
|
#
|
|
modprobe sit
|
|
/sbin/ip tunnel add $SIT mode sit ttl 64 remote any local $ADDRESS4
|
|
fi
|
|
#
|
|
# Configure the external IP address
|
|
#
|
|
/sbin/ip -6 addr add ${SITADDR} dev $SIT
|
|
[ -n "$ADDRESS4" ] && /sbin/ip link set dev $SIT up
|
|
[ -n "$GATEWAY" ] && /sbin/ip -6 route add default via $GATEWAY dev $SIT metric 1
|
|
fi
|
|
|
|
for interface in $INTERFACES ; do
|
|
/sbin/ip -6 addr add ${ADDRESS6}:$SLA::1/64 dev $interface
|
|
SLA=$(($SLA + 1 ))
|
|
done
|
|
}
|
|
################################################################################
|
|
# Stop IPv6
|
|
################################################################################
|
|
do_stop()
|
|
{
|
|
local interface
|
|
local device
|
|
device=1
|
|
local original_sla
|
|
original_sli=$SLA
|
|
|
|
if [ -n "$SIT" ]; then
|
|
if [ -n "$ADDRESS4" ]; then
|
|
/sbin/ip link set $SIT down
|
|
else
|
|
/sbin/ip -6 addr del ${SITADDR} dev $SIT
|
|
[ -n "$GATEWAY" ] && /sbin/ip -6 route del default via $GATEWAY dev $SIT metric 1
|
|
fi
|
|
[ -n "$ADDRESS4" ] && /sbin/ip tunnel del $SIT
|
|
fi
|
|
|
|
for interface in $INTERFACES; do
|
|
/sbin/ip -6 addr del ${ADDRESS6}:$SLA::1/64 dev $interface
|
|
SLA=$(($SLA + 1 ))
|
|
done
|
|
|
|
SLA=$original_sla #In case this is a restart/reload
|
|
}
|
|
################################################################################
|
|
# E X E C U T I O N B E G I N S H E R E #
|
|
################################################################################
|
|
command="$1"
|
|
|
|
case "$command" in
|
|
start)
|
|
do_start
|
|
;;
|
|
stop)
|
|
do_stop
|
|
;;
|
|
restart|reload)
|
|
do_stop
|
|
do_start
|
|
;;
|
|
status)
|
|
/sbin/ip -6 addr list
|
|
/sbin/ip -6 route list
|
|
;;
|
|
*)
|
|
usage
|
|
;;
|
|
esac
|