diff options
Diffstat (limited to 'recipes-core/ocg-scripts/ocg-scripts-1.0')
-rwxr-xr-x | recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-cell-router | 147 | ||||
-rwxr-xr-x | recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-dhcpd | 65 | ||||
-rwxr-xr-x | recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-set-apn | 40 | ||||
-rwxr-xr-x | recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-wifi-ap | 165 |
4 files changed, 417 insertions, 0 deletions
diff --git a/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-cell-router b/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-cell-router new file mode 100755 index 0000000..1607c32 --- /dev/null +++ b/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-cell-router @@ -0,0 +1,147 @@ +#!/usr/bin/env bash + +# Copyright (C) 2014 Multi-Tech Systems + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +set -e + +do_start() { + lan_interfaces=$(echo "$lan" | sed "s/,/ /g") + + echo "Configuring firewall rules..." + # Flush all the tables first + iptables -t filter -F + iptables -t nat -F + iptables -t mangle -F + + # Drop all incoming packets by default + iptables -t filter -P INPUT DROP + # Accept all on local loopback + iptables -t filter -A INPUT -i lo -j ACCEPT + # Allow packets in for existing socket connections + iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + + # Accept all from LAN interfaces + for i in $lan_interfaces; do + iptables -t filter -A INPUT -i $i -j ACCEPT + + # Accept ssh from the LAN (Wired) + #iptables -t filter -A INPUT -i $i -p tcp --dport 22 -j ACCEPT + # Accept http from the LAN (Wired) + #iptables -t filter -A INPUT -i $i -p tcp --dport 80 -j ACCEPT + # Accept tftp from the LAN (Wired) + #iptables -t filter -A INPUT -i $i -p udp --dport 69 -j ACCEPT + done + + # Accept ssh from the WAN (Wireless) + #iptables -t filter -A INPUT -i $wan -p tcp --dport 22 -j ACCEPT + # Accept http from the WAN (Wireless) + #iptables -t filter -A INPUT -i $wan -p tcp --dport 80 -j ACCEPT + + # Allow packet fowarding from LAN interfaces to WAN (cell router) + iptables -t filter -P FORWARD DROP + iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT + for i in $lan_interfaces; do + iptables -t filter -A FORWARD -i $i -o $wan -j ACCEPT + done + + # Allow all output packets + iptables -t filter -P OUTPUT ACCEPT + + # enable NAT for cell router + iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE + + echo "Enabling packet forwarding..." + # turn on packet forwarding last + echo 1 > /proc/sys/net/ipv4/ip_forward + echo "Done" +} + +do_stop() { + echo "Clearing firewall rules..." + # clear all tables + iptables -t filter -F + iptables -t nat -F + iptables -t mangle -F + # reset policies to ACCEPT + iptables -t filter -P INPUT ACCEPT + iptables -t filter -P OUTPUT ACCEPT + iptables -t filter -P FORWARD ACCEPT + + # turn off packet forwarding + echo "Disabling packet forwarding..." + echo 0 > /proc/sys/net/ipv4/ip_forward + echo "Done" +} + +usage() { + echo "Usage: $(basename $0) start|stop [options]" + echo " options:" + echo " -l <lan-interfaces> LAN interfaces to allow, comma-separated (defaults to \"eth0\")" + echo " -w <wan-interface> WAN interface to route out (defaults to \"ppp0\")" + exit 1 +} + +# main +if [[ $# < 1 ]]; then + usage +fi + +cmd=$1 +shift + +while getopts "l:w:h" opt; do + case "$opt" in + l) + l=$OPTARG + ;; + w) + w=$OPTARG + ;; + h) + usage + ;; + *) + usage + ;; + esac +done + +# default lan to eth0 if not specified +lan=${l-eth0} +# default wan to ppp0 if not specified +wan=${w-ppp0} + +case $cmd in + start) + echo "LAN: $lan" + echo "WAN: $wan" + do_start + ;; + stop) + do_stop + ;; + *) + usage + ;; +esac + +exit 0 + diff --git a/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-dhcpd b/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-dhcpd new file mode 100755 index 0000000..976b138 --- /dev/null +++ b/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-dhcpd @@ -0,0 +1,65 @@ +#!/bin/bash + +# Copyright (C) 2014 Multi-Tech Systems + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +do_start() { + echo "starting dhcp daemon" + udhcpd -S /etc/udhcpd.conf +} + +do_stop() { + echo "stopping dhcp daemon" + killall udhcpd +} + +usage() { + echo "Usage: $(basename $0) start|stop|restart" + exit 1 +} + +# main +if [[ $# != 1 ]]; then + usage +fi + +case $1 in + start) + if [[ ! -f "/etc/udhcpd.conf" ]] + then + echo "/etc/udhcpd.conf does not exist" + exit 1 + fi + do_start + ;; + stop) + do_stop + ;; + restart) + do_stop + sleep 1 + do_start + ;; + *) + usage + ;; +esac + +exit 0 diff --git a/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-set-apn b/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-set-apn new file mode 100755 index 0000000..371ba7e --- /dev/null +++ b/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-set-apn @@ -0,0 +1,40 @@ +#!/bin/bash + +# Copyright (C) 2014 Multi-Tech Systems + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +if [[ $# != 1 ]]; then + echo "Usage: $(basename $0) APN" + exit 1 +fi + +apn=$1 +chat_file=/etc/ppp/peers/gsm_chat + +sed -r -i "s/^OK\s+'AT\+CGDCONT=1,\"IP\",\"[^\"]*\"'$/OK 'AT\+CGDCONT=1,\"IP\",\"${apn}\"'/" $chat_file + +if [[ $? != 0 ]]; then + echo "Failed to change APN" + exit 1 +else + echo "Set APN to \"${apn}\" in $chat_file" +fi + +exit 0 diff --git a/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-wifi-ap b/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-wifi-ap new file mode 100755 index 0000000..b0bc7ec --- /dev/null +++ b/recipes-core/ocg-scripts/ocg-scripts-1.0/ocg-wifi-ap @@ -0,0 +1,165 @@ +#!/bin/bash + +# Copyright (C) 2014 Multi-Tech Systems + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +dhcpd_file=/etc/udhcpd.conf +hostapd_file=/etc/hostapd.conf +interface=wlan0 +bridge_mode=0 + +do_start() { + if [ "$bridge_mode" = 1 ]; then + interface=$b + if ! grep -E -q "^bridge=$interface\s*$" $hostapd_file; then + echo "Enabling bridge=br0 in $hostapd_file" + sed -r -i "s/^#?bridge=.*$/bridge=$interface/" $hostapd_file + fi + else + if grep -E -q "^bridge=.*$" $hostapd_file; then + echo "Disabling bridge in $hostapd_file" + sed -r -i "s/^bridge=/#bridge=/" $hostapd_file + fi + fi + + echo "Starting hostap daemon" + /etc/init.d/hostapd start + + if [ "$bridge_mode" != 1 ]; then + echo "Setting IP address to $ip" + ifconfig $interface $ip + # strip off end of IP address to get subnet + # assumes subnet of /24 + subnet=${ip%.*} + # escape periods for regex + subnet_regex=${subnet//./\\.} + ip_regex=${ip//./\\.} + # set default address range for dhcpd + addr_start=100 + addr_end=254 + if ! grep -E -q "^start\s+$subnet_regex\." $dhcpd_file; then + echo "Changing dhcpd start to $subnet.$addr_start" + sed -r -i "s/^start\s+.*$/start $subnet.$addr_start/" $dhcpd_file + fi + if ! grep -E -q "^end\s+$subnet_regex\." $dhcpd_file; then + echo "Changing dhcpd end to $subnet.$addr_end" + sed -r -i "s/^end\s+.*$/end $subnet.$addr_end/" $dhcpd_file + fi + # update dhcpd addresses if needed + if ! grep -E -q "^option\s+router\s+$ip_regex" $dhcpd_file; then + echo "Changing dhcpd router to $ip" + sed -r -i "s/^option\s+router\s+.*$/option router $ip/" $dhcpd_file + fi + else + # unset ip address for bridge mode + ifconfig wlan0 0.0.0.0 + fi + + if ! grep -E -q "^interface\s+$interface" $dhcpd_file; then + echo "Changing dhcpd interface to $interface" + sed -r -i "s/^interface\s+.*$/interface $interface/" $dhcpd_file + fi + ocg-dhcpd start +} + +do_stop() { + echo "Stopping hostap daemon" + /etc/init.d/hostapd stop + ocg-dhcpd stop +} + +usage() { + echo "Usage: $(basename $0) start|stop|restart [options]" + echo " options:" + echo " -a <address> Sets AP IP address (defaults to 192.168.3.1)" + echo " -b <interface> Add AP to specified bridge interface (conflicts with -a)" + exit 1 +} + +# main +if [[ $# < 1 ]]; then + usage +fi + +cmd=$1 +shift + +while getopts "a:b:h" opt; do + case "$opt" in + a) + a=$OPTARG + ;; + b) + b=$OPTARG + bridge_mode=1 + ;; + h) + usage + ;; + *) + usage + ;; + esac +done + +# can't specify both address and bridge mode +if [ -n "$a" ] && [ -n "$b" ]; then + usage +fi + +if [ -n "$a" ]; then + ret=1 + if [[ $a =~ ^([0-9]{1,3}\.){3,3}[0-9]{1,3}$ ]] + then + OIFS=$IFS + IFS='.' + ip=($a) + IFS=$OFIS + [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]] + ret=$? + fi + if [[ ret -ne 0 ]] + then + echo "invalid IP address" + exit 1 + fi + ip=$a +else + ip="192.168.3.1" +fi + +case $cmd in + start) + do_start + ;; + stop) + do_stop + ;; + restart) + do_stop + sleep 1 + do_start + ;; + *) + usage + ;; +esac + +exit 0 |