blob: acc26cba614899c7e40839a8346df3ef60ae23e3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
#!/bin/sh
#
# manage network interfaces and configure some networking options
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
if ! [ -x /sbin/ifup ]; then
exit 0
fi
spoofprotect_rp_filter () {
# This is the best method: turn on Source Address Verification and get
# spoof protection on all current and future interfaces.
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
for f in /proc/sys/net/ipv4/conf/*; do
[ -e $f/rp_filter ] && echo 1 > $f/rp_filter
done
return 0
else
return 1
fi
}
spoofprotect () {
echo -n "Setting up IP spoofing protection: "
if spoofprotect_rp_filter; then
echo "rp_filter."
else
echo "FAILED."
fi
}
ip_forward () {
if [ -e /proc/sys/net/ipv4/ip_forward ]; then
echo -n "Enabling packet forwarding... "
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "done."
fi
}
syncookies () {
if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then
echo -n "Enabling TCP/IP SYN cookies... "
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo "done."
fi
}
doopt () {
optname=$1
default=$2
opt=`grep "^$optname=" /etc/network/options`
if [ -z "$opt" ]; then
opt="$optname=$default"
fi
optval=${opt#$optname=}
if [ "$optval" = "yes" ]; then
eval $optname
fi
}
case "$1" in
start)
# /etc/sysctl.conf is preferred
if [ ! -f /etc/sysctl.conf ]; then
doopt spoofprotect yes
doopt syncookies no
doopt ip_forward no
fi
echo -n "Configuring network interfaces... "
ifup -a
echo "done."
;;
stop)
if sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\1 \2/p' /proc/mounts |
grep -q "^/ nfs$"; then
echo "NOT deconfiguring network interfaces: / is an NFS mount"
elif sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\1 \2/p' /proc/mounts |
grep -q "^/ smbfs$"; then
echo "NOT deconfiguring network interfaces: / is an SMB mount"
elif sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\2/p' /proc/mounts |
grep -qE '^(nfs|smbfs|ncp|coda)$'; then
echo "NOT deconfiguring network interfaces: network shares still mounted."
else
echo -n "Deconfiguring network interfaces... "
ifdown -a
echo "done."
fi
;;
force-reload|restart)
echo -n "Reconfiguring network interfaces... "
ifdown -a
ifup -a
echo "done."
;;
*)
echo "Usage: /etc/init.d/networking {start|stop|restart|force-reload}"
exit 1
;;
esac
exit 0
|