Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[5588] branches/1.0
|
From: <abe...@us...> - 2012-07-04 16:08:31
|
Revision: 5588
http://astlinux.svn.sourceforge.net/astlinux/?rev=5588&view=rev
Author: abelbeck
Date: 2012-07-04 16:08:21 +0000 (Wed, 04 Jul 2012)
Log Message:
-----------
miniupnpd, more tweaks...
o added support for rc.conf variables, see 'project/astlinux/target_skeleton/stat/etc/rc.conf' diff
o new variable UPNP_LISTEN replaces INTUPNP, INT2UPNP, INT3UPNP, and DMZUPNP
o /var/run/miniupnpd.pid is automatically deleted, so we shouldn't
o add sanity test if the UPNP_LISTEN interfaces does not match any active internal interfaces
o add sanity test if UUID is not found
o change the 'listening_ip=' directive to ip/mask instead of the interface
Modified Paths:
--------------
branches/1.0/package/miniupnpd/miniupnpd.init
branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
Modified: branches/1.0/package/miniupnpd/miniupnpd.init
===================================================================
--- branches/1.0/package/miniupnpd/miniupnpd.init 2012-07-03 22:57:57 UTC (rev 5587)
+++ branches/1.0/package/miniupnpd/miniupnpd.init 2012-07-04 16:08:21 UTC (rev 5588)
@@ -1,23 +1,39 @@
#!/bin/sh
-# If Astlinux GUI support added then some or all of these may come from rc.conf
-UPNP_ENABLE_NATPMP=yes
-UPNP_ENABLE_UPNP=yes
-UPNP_BITRATE_UP=1000000
-UPNP_BITRATE_DOWN=10000000
-UPNP_SECURE_MODE=no
-INTUPNP=yes
-INT2UPNP=yes
-INT3UPNP=yes
-DMZUPNP=yes
-
. /etc/rc.conf
+if [ "$UPNP_ENABLE_NATPMP" != "yes" ]; then
+ UPNP_ENABLE_NATPMP="no"
+fi
+if [ "$UPNP_ENABLE_UPNP" != "yes" ]; then
+ UPNP_ENABLE_UPNP="no"
+fi
+if [ "$UPNP_SECURE_MODE" != "yes" ]; then
+ UPNP_SECURE_MODE="no"
+fi
+UPNP_BITRATE_UP="${UPNP_BITRATE_UP:-1000000}"
+UPNP_BITRATE_DOWN="${UPNP_BITRATE_DOWN:-1000000}"
+
MINIUPNPD=/usr/sbin/miniupnpd
MINIUPNPD_CONF=/tmp/etc/miniupnpd.conf
IPTABLES_CREATE=/etc/miniupnpd/iptables_init.sh
IPTABLES_REMOVE=/etc/miniupnpd/iptables_removeall.sh
+is_upnp_enabled()
+{
+ # args: IF_Name
+ local ifname IFS
+
+ unset IFS
+ for ifname in $UPNP_LISTEN; do
+ if [ "$ifname" = "$1" ]; then
+ return 0
+ fi
+ done
+
+ return 1
+}
+
is_interface_enabled()
{
# args: IF, IP, NM
@@ -37,31 +53,43 @@
}
init () {
- local RULES=""
+ if [ "$UPNP_ENABLE_NATPMP" != "yes" -a "$UPNP_ENABLE_UPNP" != "yes" ]; then
+ if [ -f $MINIUPNPD_CONF ]; then
+ rm -f $MINIUPNPD_CONF
+ fi
+ return
+ fi
+
if [ -z "$UUID" ]; then
# Use the UUID assigned to the asturw filesystem.
UUID=$(blkid | sed -n -r -e 's/^.*: LABEL="ASTURW" UUID="([^"]*)" .*$/\1/p')
fi
+ local RULES=""
echo "## Auto generated file. Do not edit.
-## see miniupnpd init.d script
ext_ifname=$EXTIF" > $MINIUPNPD_CONF
- if [ "$INTUPNP" = "yes" ] && is_interface_enabled "$INTIF" "$INTIP" "$INTNM"; then
- echo "listening_ip=$INTIF" >> $MINIUPNPD_CONF
+ if is_upnp_enabled INTIF && is_interface_enabled "$INTIF" "$INTIP" "$INTNM"; then
+ echo "listening_ip=$INTIP/$INTNM" >> $MINIUPNPD_CONF
RULES="$RULES${RULES:+\n}allow 1024-65535 $(get_cidr $INTIP $INTNM) 1024-65535"
fi
- if [ "$INT2UPNP" = "yes" ] && is_interface_enabled "$INT2IF" "$INT2IP" "$INT2NM"; then
- echo "listening_ip=$INT2IF" >> $MINIUPNPD_CONF
+ if is_upnp_enabled INT2IF && is_interface_enabled "$INT2IF" "$INT2IP" "$INT2NM"; then
+ echo "listening_ip=$INT2IP/$INT2NM" >> $MINIUPNPD_CONF
RULES="$RULES${RULES:+\n}allow 1024-65535 $(get_cidr $INT2IP $INT2NM) 1024-65535"
fi
- if [ "$INT3UPNP" = "yes" ] && is_interface_enabled "$INT3IF" "$INT3IP" "$INT3NM"; then
- echo "listening_ip=$INT3IF" >> $MINIUPNPD_CONF
+ if is_upnp_enabled INT3IF && is_interface_enabled "$INT3IF" "$INT3IP" "$INT3NM"; then
+ echo "listening_ip=$INT3IP/$INT3NM" >> $MINIUPNPD_CONF
RULES="$RULES${RULES:+\n}allow 1024-65535 $(get_cidr $INT3IP $INT3NM) 1024-65535"
fi
- if [ "$DMZUPNP" = "yes" ] && is_interface_enabled "$DMZIF" "$DMZIP" "$DMZNM"; then
- echo "listening_ip=$DMZIF" >> $MINIUPNPD_CONF
+ if is_upnp_enabled DMZIF && is_interface_enabled "$DMZIF" "$DMZIP" "$DMZNM"; then
+ echo "listening_ip=$DMZIP/$DMZNM" >> $MINIUPNPD_CONF
RULES="$RULES${RULES:+\n}allow 1024-65535 $(get_cidr $DMZIP $DMZNM) 1024-65535"
fi
+
+ if [ -z "$RULES" -o -z "$UUID" ]; then
+ rm -f $MINIUPNPD_CONF
+ return
+ fi
+
echo "port=0
enable_natpmp=$UPNP_ENABLE_NATPMP
enable_upnp=$UPNP_ENABLE_UPNP
@@ -80,12 +108,10 @@
}
start () {
- if [ "$UPNP_ENABLE_NATPMP" = "yes" -o "$UPNP_ENABLE_UPNP" = "yes" ]; then
- if [ "$INTUPNP" = "yes" -o "$INT2UPNP" = "yes" -o "$INT3UPNP" = "yes" -o "$DMZUPNP" = "yes" ]; then
- echo "Starting miniupnpd..."
- $IPTABLES_CREATE > /dev/null 2>&1
- $MINIUPNPD -f $MINIUPNPD_CONF
- fi
+ if [ -f $MINIUPNPD_CONF ]; then
+ echo "Starting miniupnpd..."
+ $IPTABLES_CREATE > /dev/null 2>&1
+ $MINIUPNPD -f $MINIUPNPD_CONF
fi
}
@@ -93,7 +119,7 @@
if [ -f /var/run/miniupnpd.pid ]; then
echo "Stopping miniupnpd..."
kill $(cat /var/run/miniupnpd.pid) >/dev/null 2>&1
- rm -f /var/run/miniupnpd.pid
+ # /var/run/miniupnpd.pid automatically removed by killed process
$IPTABLES_REMOVE > /dev/null 2>&1
fi
}
Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-07-03 22:57:57 UTC (rev 5587)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-07-04 16:08:21 UTC (rev 5588)
@@ -407,6 +407,21 @@
## ADNAME is automatically (always) disabled whenever the web interface Network Tab is saved.
ADNAME="AstLinux PBX"
+## Universal Plug and Play (UPnP)
+## WARNING: UPnP has security implications. Do not enable without fully researching.
+## Either UPNP_ENABLE_NATPMP and/or UPNP_ENABLE_UPNP must be "yes" to enable
+#UPNP_ENABLE_NATPMP="yes"
+#UPNP_ENABLE_UPNP="yes"
+## UPnP internal interfaces, UPNP_LISTEN, at least one must be specified.
+## Define: Interface_Name, space separated for multiple
+## Interface_Name is "INTIF" for 1st, "INT2IF" for 2nd, and "INT3IF" for 3rd Internal Interface
+## "DMZIF" for DMZ Interface
+#UPNP_LISTEN="INTIF"
+## UPnP Options
+#UPNP_BITRATE_UP=1000000
+#UPNP_BITRATE_DOWN=1000000
+#UPNP_SECURE_MODE="no"
+
## Proxy ENV variables (http_proxy, ftp_proxy, etc.) for curl, wget, etc.
## Format: http://user:pass@proxyhost:proxyport"
## The "user" and "pass" are optional
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
