[Astlinux-commits] SF.net SVN: astlinux:[5590] branches/1.0/package

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 5590
          http://astlinux.svn.sourceforge.net/astlinux/?rev=5590&view=rev
Author:   abelbeck
Date:     2012-07-05 02:57:21 +0000 (Thu, 05 Jul 2012)
Log Message:
-----------
miniupnpd, add AIF plugin to manage iptables

Modified Paths:
--------------
    branches/1.0/package/arnofw/arnofw.mk
    branches/1.0/package/arnofw/arnofw.serial
    branches/1.0/package/miniupnpd/miniupnpd.init
    branches/1.0/package/miniupnpd/miniupnpd.mk

Added Paths:
-----------
    branches/1.0/package/arnofw/miniupnpd/
    branches/1.0/package/arnofw/miniupnpd/50miniupnpd.plugin.sh
    branches/1.0/package/arnofw/miniupnpd/miniupnpd-astlinux.conf

Modified: branches/1.0/package/arnofw/arnofw.mk
===================================================================

--- branches/1.0/package/arnofw/arnofw.mk	2012-07-04 19:35:09 UTC (rev 5589)
+++ branches/1.0/package/arnofw/arnofw.mk	2012-07-05 02:57:21 UTC (rev 5590)
@@ -118,6 +118,13 @@
 		$(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/50pptp-vpn.plugin
 	$(INSTALL) -m 0644 package/arnofw/pptp-vpn/pptp-vpn-astlinux.conf \
 		$(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/pptp-vpn.conf
+	@echo
+	@echo "Install local version of miniupnpd plugin."
+	@echo
+	$(INSTALL) -m 0644 package/arnofw/miniupnpd/50miniupnpd.plugin.sh \
+		$(TARGET_DIR)$(ARNOFW_PLUGIN_SCRIPT_DIR)/50miniupnpd.plugin
+	$(INSTALL) -m 0644 package/arnofw/miniupnpd/miniupnpd-astlinux.conf \
+		$(TARGET_DIR)/stat$(ARNOFW_PLUGIN_CONFIG_DIR)/miniupnpd.conf
 
 arnofw: $(TARGET_DIR)$(ARNOFW_TARGET_BINARY)
 

Modified: branches/1.0/package/arnofw/arnofw.serial
===================================================================
--- branches/1.0/package/arnofw/arnofw.serial	2012-07-04 19:35:09 UTC (rev 5589)
+++ branches/1.0/package/arnofw/arnofw.serial	2012-07-05 02:57:21 UTC (rev 5590)
@@ -1 +1 @@
-0002~0014~0000~0000~0000~
+0002~0015~0000~0000~0000~

Added: branches/1.0/package/arnofw/miniupnpd/50miniupnpd.plugin.sh
===================================================================
--- branches/1.0/package/arnofw/miniupnpd/50miniupnpd.plugin.sh	                        (rev 0)
+++ branches/1.0/package/arnofw/miniupnpd/50miniupnpd.plugin.sh	2012-07-05 02:57:21 UTC (rev 5590)
@@ -0,0 +1,145 @@
+# ------------------------------------------------------------------------------
+#            -= Arno's iptables firewall - MiniUPnPd plugin =-
+#
+PLUGIN_NAME="MiniUPnPd plugin"
+PLUGIN_VERSION="1.0"
+PLUGIN_CONF_FILE="miniupnpd.conf"
+#
+# Last changed          : July 4, 2012
+# Requirements          : AIF 2.0.0+ with miniupnpd daemon
+# Comments              : Setup of the iptables chains that the miniupnpd daemon manages
+#
+# Author                : (C) Copyright 2012 by Lonnie Abelbeck & Arno van Amersfoort
+# Homepage              : http://rocky.eld.leidenuniv.nl/
+# Freshmeat homepage    : http://freshmeat.net/projects/iptables-firewall/?topic_id=151
+# Email                 : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
+#                         (note: you must remove all spaces and substitute the @ and the .
+#                         at the proper locations!)
+# ------------------------------------------------------------------------------
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# version 2 as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+# ------------------------------------------------------------------------------
+
+# Plugin start function
+plugin_start()
+{
+  ip4tables -t nat -N MINIUPNPD 2>/dev/null
+  ip4tables -t nat -F MINIUPNPD
+
+  ip4tables -N MINIUPNPD 2>/dev/null
+  ip4tables -F MINIUPNPD
+
+  plugin_restart
+
+  return 0
+}
+
+
+# Plugin restart function
+plugin_restart()
+{
+  local IFS
+
+  # Skip plugin_stop on a restart
+  # Reconnect both MINIUPNPD chains, flushed on a restart
+
+  IFS=' ,'
+  for eif in $EXT_IF; do
+    ip4tables -t nat -A NAT_PREROUTING_CHAIN -i $eif -j MINIUPNPD
+
+    ip4tables -A FORWARD_CHAIN -i $eif ! -o $eif -j MINIUPNPD
+  done
+
+  return 0
+}
+
+
+# Plugin stop function
+plugin_stop()
+{
+  local IFS
+
+  IFS=' ,'
+  for eif in $EXT_IF; do
+    ip4tables -t nat -D NAT_PREROUTING_CHAIN -i $eif -j MINIUPNPD
+
+    ip4tables -D FORWARD_CHAIN -i $eif ! -o $eif -j MINIUPNPD
+  done
+
+  ip4tables -t nat -F MINIUPNPD
+  ip4tables -t nat -X MINIUPNPD 2>/dev/null
+
+  ip4tables -F MINIUPNPD
+  ip4tables -X MINIUPNPD 2>/dev/null
+
+  return 0
+}
+
+
+# Plugin status function
+plugin_status()
+{
+  return 0
+}
+
+
+# Check sanity of eg. environment
+plugin_sanity_check()
+{
+  return 0
+}
+
+
+############
+# Mainline #
+############
+
+# Check where to find the config file
+CONF_FILE=""
+if [ -n "$PLUGIN_CONF_PATH" ]; then
+  CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE"
+fi
+
+# Check if the config file exists
+if [ ! -e "$CONF_FILE" ]; then
+  printf "NOTE: Config file \"$CONF_FILE\" not found!\n        Plugin \"$PLUGIN_NAME v$PLUGIN_VERSION\" ignored!\n" >&2
+  PLUGIN_RET_VAL=0
+else
+  # Source the plugin config file
+  . "$CONF_FILE"
+
+  if [ "$ENABLED" = "1" -a "$PLUGIN_CMD" != "stop-restart" ] ||
+     [ "$ENABLED" = "0" -a "$PLUGIN_CMD" = "stop-restart" ] ||
+     [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "stop" ] ||
+     [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "status" ]; then
+    # Show who we are:
+    echo "${INDENT}$PLUGIN_NAME v$PLUGIN_VERSION"
+
+    # Increment indention
+    INDENT="$INDENT "
+    
+    # Only proceed if environment ok
+    if plugin_sanity_check; then
+      case $PLUGIN_CMD in
+        start|'') plugin_start; PLUGIN_RET_VAL=$?;;
+        restart ) plugin_restart; PLUGIN_RET_VAL=$?;;
+        stop|stop-restart) plugin_stop; PLUGIN_RET_VAL=$?;;
+        status  ) plugin_status; PLUGIN_RET_VAL=$?;;
+        *       ) PLUGIN_RET_VAL=1; printf "\033[40m\033[1;31m  ERROR: Invalid plugin option \"$PLUGIN_CMD\"!\033[0m\n" >&2;;
+      esac
+    fi
+  else
+    PLUGIN_RET_VAL=0
+  fi
+fi
+

Added: branches/1.0/package/arnofw/miniupnpd/miniupnpd-astlinux.conf
===================================================================
--- branches/1.0/package/arnofw/miniupnpd/miniupnpd-astlinux.conf	                        (rev 0)
+++ branches/1.0/package/arnofw/miniupnpd/miniupnpd-astlinux.conf	2012-07-05 02:57:21 UTC (rev 5590)
@@ -0,0 +1,20 @@
+# ------------------------------------------------------------------------------
+#            -= Arno's iptables firewall - MiniUPnPd plugin =-
+# ------------------------------------------------------------------------------
+
+# To actually enable this plugin make ENABLED=1:
+# ------------------------------------------------------------------------------
+ENABLED=0
+
+# ------------------------------------------------------------------------------
+# *** Do Not Edit Below Here ***
+# AstLinux specific mappings, either edit your /mnt/kd/rc.conf.d/user.conf file
+# or, use the Network tab from the web interface.
+# ------------------------------------------------------------------------------
+# Indent script section so script variables won't be merged
+
+  ENABLED=0
+  if [ "$UPNP_ENABLE_NATPMP" = "yes" -o "$UPNP_ENABLE_UPNP" = "yes" ]; then
+    ENABLED=1
+  fi
+

Modified: branches/1.0/package/miniupnpd/miniupnpd.init
===================================================================
--- branches/1.0/package/miniupnpd/miniupnpd.init	2012-07-04 19:35:09 UTC (rev 5589)
+++ branches/1.0/package/miniupnpd/miniupnpd.init	2012-07-05 02:57:21 UTC (rev 5590)
@@ -16,8 +16,6 @@
 
 MINIUPNPD=/usr/sbin/miniupnpd
 MINIUPNPD_CONF=/tmp/etc/miniupnpd.conf
-IPTABLES_CREATE=/etc/miniupnpd/iptables_init.sh
-IPTABLES_REMOVE=/etc/miniupnpd/iptables_removeall.sh
 
 is_upnp_enabled()
 {
@@ -110,7 +108,6 @@
 start () {
   if [ -f $MINIUPNPD_CONF ]; then
     echo "Starting miniupnpd..."
-    $IPTABLES_CREATE > /dev/null 2>&1
     $MINIUPNPD -f $MINIUPNPD_CONF
   fi
 }
@@ -120,7 +117,6 @@
     echo "Stopping miniupnpd..."
     kill $(cat /var/run/miniupnpd.pid) >/dev/null 2>&1
     # /var/run/miniupnpd.pid automatically removed by killed process
-    $IPTABLES_REMOVE > /dev/null 2>&1
   fi
 }
 

Modified: branches/1.0/package/miniupnpd/miniupnpd.mk
===================================================================
--- branches/1.0/package/miniupnpd/miniupnpd.mk	2012-07-04 19:35:09 UTC (rev 5589)
+++ branches/1.0/package/miniupnpd/miniupnpd.mk	2012-07-05 02:57:21 UTC (rev 5590)
@@ -33,8 +33,8 @@
 define MINIUPNPD_INSTALL_TARGET_CMDS
 	$(INSTALL) -D -m 0755 package/miniupnpd/miniupnpd.init $(TARGET_DIR)/etc/init.d/miniupnpd
 	$(INSTALL) -D $(@D)/miniupnpd $(TARGET_DIR)/usr/sbin/miniupnpd
-	-mkdir $(TARGET_DIR)/etc/miniupnpd
-	$(INSTALL) -D $(@D)/netfilter/iptables_*.sh $(TARGET_DIR)/etc/miniupnpd/
+#	-mkdir $(TARGET_DIR)/etc/miniupnpd
+#	$(INSTALL) -D $(@D)/netfilter/iptables_*.sh $(TARGET_DIR)/etc/miniupnpd/
 #	$(INSTALL) -D $(@D)/netfilter/ip6tables_*.sh $(TARGET_DIR)/etc/miniupnpd/
 	ln -snf ../../init.d/miniupnpd $(TARGET_DIR)/etc/runlevels/default/S54miniupnpd
 	ln -snf ../../init.d/miniupnpd $(TARGET_DIR)/etc/runlevels/default/K09miniupnpd

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



