aredn/files/usr/local/bin/vtun_up

#!/bin/sh
<<'LICENSE'
  Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
  Copyright (C) 2015 Joe Ayers  ae6xe@arrl.net
   See Contributors file for additional contributors

  This program is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation version 3 of the License.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program.  If not, see <http://www.gnu.org/licenses/>.

  Additional Terms:

  Additional use restrictions exist on the AREDN(TM) trademark and logo.
    See AREDNLicense.txt for more info.

  Attributions to the AREDN Project must be retained in the source code.
  If importing this code into a new or existing project attribution
  to the AREDN project must be added to the source code.

  You must not misrepresent the origin of the material contained within.

  Modified versions must be modified to attribute to the original source
  and be marked in reasonable ways as differentiate it from the original
  version.

LICENSE
# This script assumes a pre-existing OpenWRT-UCI netfilter table structure 
# $1 = tun0 | tun1 | ... | tun9
# $2 = up | down

interface=$1
action=$2
configmode=$(uci -q -c /etc/local/uci/ get hsmmmesh.settings.config)
echo "Firewall rules for $interface $action"

# Do nothing if node is not in mesh mode
if [ "$configmode" != "mesh" ] ; then exit 0; fi

if [ "$action" = "up" ] ; then
	# Adding route policies for tunnel interface
	# identical to hotplug for dtdlink
	if ( ! ip rule list | egrep "^20020:.*$interface.*30" > /dev/null ) then
	    if [ "$(/sbin/uci -q get aredn.@dmz[0].mode)" != "0" ] ; then
      	        ip rule add pref 20010 iif "$interface" lookup 29 # local interfaces
      	    fi
            ip rule add pref 20020 iif "$interface" lookup 30 # mesh
	    ip rule add pref 20080 iif "$interface" lookup 31 # gateway
	    ip rule add pref 20090 iif "$interface" lookup main 
            ip rule add pref 20099 iif "$interface" unreachable
        fi
else
    # Remove route policies for tunnel interface
    ip rule del pref 20010 iif "$interface" lookup 29
    ip rule del pref 20020 iif "$interface" lookup 30
    ip rule del pref 20080 iif "$interface" lookup 31
    ip rule del pref 20090 iif "$interface" lookup main
    ip rule del pref 20099 iif "$interface" unreachable
fi

exit 0;
initial deploy 2015-04-01 09:42:53 -06:00			`#!/bin/sh`
license: Add license header to vtun_up file 2016-01-09 16:10:02 -07:00			`<<'LICENSE'`
			`Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks`
			`Copyright (C) 2015 Joe Ayers ae6xe@arrl.net`
			`See Contributors file for additional contributors`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation version 3 of the License.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`

			`Additional Terms:`

			`Additional use restrictions exist on the AREDN(TM) trademark and logo.`
			`See AREDNLicense.txt for more info.`

			`Attributions to the AREDN Project must be retained in the source code.`
			`If importing this code into a new or existing project attribution`
			`to the AREDN project must be added to the source code.`

Sourcecode license text spelling correction. Inside the source files the word "contained" was mispelled as "conained" The website currently lists this correctly as "contained" This was an error in the intial stamping of the source files in changeset:5c3ee1d0686c6e6f2907fe4fc393d86d6c5a69b5/aredn_ar71xx Line is part of "Additional Conditions" permitted by GPLv3. Line does not impact coders prior to the AREDN setup date as it was added by the AREDN team. Change-Id: I3bc09aea548100f35c08aebe8686b8d4808d56d8 Signed-off-by: Conrad Lara - KG6JEI <KG6JEI@amsat.org> Signed-off-by: Joe Ayers <ae6xe@arrl.net> Signed-off-by: Darryl Quinn <k5dlq@arrl.net> Signed-off-by: Trevor Paskett - K7FPV <snoopytjp@gmail.com> 2016-12-23 22:23:58 -07:00			`You must not misrepresent the origin of the material contained within.`
license: Add license header to vtun_up file 2016-01-09 16:10:02 -07:00
			`Modified versions must be modified to attribute to the original source`
			`and be marked in reasonable ways as differentiate it from the original`
			`version.`

			`LICENSE`
initial deploy 2015-04-01 09:42:53 -06:00			`# This script assumes a pre-existing OpenWRT-UCI netfilter table structure`
			`# $1 = tun0 \| tun1 \| ... \| tun9`
			`# $2 = up \| down`

			`interface=$1`
			`action=$2`
cleanup: Cleanup shellcheck reported concerns in vtun_up Change-Id: I88c775243a33731a182fd81d411bca664538e536 2016-06-15 08:59:33 -06:00			`configmode=$(uci -q -c /etc/local/uci/ get hsmmmesh.settings.config)`
initial deploy 2015-04-01 09:42:53 -06:00			`echo "Firewall rules for $interface $action"`

			`# Do nothing if node is not in mesh mode`
			`if [ "$configmode" != "mesh" ] ; then exit 0; fi`

			`if [ "$action" = "up" ] ; then`
			`# Adding route policies for tunnel interface`
BUGFIX: tunnel firewall to behave same as dtdlink part 2 2015-05-24 16:57:44 -06:00			`# identical to hotplug for dtdlink`
cleanup: Cleanup shellcheck reported concerns in vtun_up Change-Id: I88c775243a33731a182fd81d411bca664538e536 2016-06-15 08:59:33 -06:00			`if ( ! ip rule list \| egrep "^20020:.$interface.30" > /dev/null ) then`
Dmz mode migrate fix (#169) * Migrate /etc/config/dmz-mode to /etc/dmz-mode * Migrate dmz_mode into /etc/config/aredn * Use cmd append * Changes should be in /etc/config.mesh * Add commit 2021-11-19 14:48:45 -07:00			`if [ "$(/sbin/uci -q get aredn.@dmz[0].mode)" != "0" ] ; then`
cleanup: Cleanup shellcheck reported concerns in vtun_up Change-Id: I88c775243a33731a182fd81d411bca664538e536 2016-06-15 08:59:33 -06:00			`ip rule add pref 20010 iif "$interface" lookup 29 # local interfaces`
initial deploy 2015-04-01 09:42:53 -06:00			`fi`
cleanup: Cleanup shellcheck reported concerns in vtun_up Change-Id: I88c775243a33731a182fd81d411bca664538e536 2016-06-15 08:59:33 -06:00			`ip rule add pref 20020 iif "$interface" lookup 30 # mesh`
			`ip rule add pref 20080 iif "$interface" lookup 31 # gateway`
			`ip rule add pref 20090 iif "$interface" lookup main`
			`ip rule add pref 20099 iif "$interface" unreachable`
initial deploy 2015-04-01 09:42:53 -06:00			`fi`
			`else`
			`# Remove route policies for tunnel interface`
cleanup: Cleanup shellcheck reported concerns in vtun_up Change-Id: I88c775243a33731a182fd81d411bca664538e536 2016-06-15 08:59:33 -06:00			`ip rule del pref 20010 iif "$interface" lookup 29`
			`ip rule del pref 20020 iif "$interface" lookup 30`
			`ip rule del pref 20080 iif "$interface" lookup 31`
			`ip rule del pref 20090 iif "$interface" lookup main`
			`ip rule del pref 20099 iif "$interface" unreachable`
initial deploy 2015-04-01 09:42:53 -06:00			`fi`

			`exit 0;`