On Wed, 9 Oct 2002, Cedric Diebolt wrote:
Try this. It works for me (tm)
/etc/init.d/firewall is my code to start my firewall. I haven't
included it here. There is a version on my website - link in .sig
but it is probably a bit out of date.
Call downup.sh from crontab. I call it once every 5 minutes.
Regards,
Tim.
#!/bin/bash
#############################################################
#
# downup.sh
#
# Copyright (c) 2002 Tim Woodall ([EMAIL PROTECTED])
#
# This program is licenced under the GNU licence.
# See LICENCE for more details
#
# $Id: downup.sh,v 1.3 2002/10/09 22:12:46 tim Exp $
#
#############################################################
PING_TIMEOUT=20
PPPD_TIMEOUT=240
MCODE_TIMEOUT=240
LOCK_FILE=/root/firewall/lock
MCODE_LOADED=/root/firewall/mcode_loaded
kill_pppd()
{
echo kill_pppd at `/bin/date`
/usr/bin/killall pppd >/dev/null 2>&1
sleep 10
. /etc/sysconfig/firewall
while [ "$NET_IF" != "" ]; do
echo killall pppd at `/bin/date`
/usr/bin/killall pppd >/dev/null 2>&1
sleep 10
. /etc/sysconfig/firewall
done
/usr/bin/killall -9 pppoa3 >/dev/null 2>&1
sleep 10
rm -f /var/run/pppoa3-modem1.pid
echo finished kill_pppd with NET_IF = $NET_IF at `/bin/date`
}
start_pppd()
{
echo start_pppd at `/bin/date`
/usr/sbin/pppd call adsl
STOPTIME=$[$PPPD_TIMEOUT+`/bin/date +%s`]
. /etc/sysconfig/firewall
while [ "$NET_IF" = "" -a `/bin/date +%s` -lt $STOPTIME ]; do
sleep 1
. /etc/sysconfig/firewall
done
echo finished start_pppd with NET_IF = $NET_IF at `/bin/date`
}
#Dont call this directly - use reload_mcode
do_reload_mcode()
{
/usr/bin/killall modem_run >/dev/null 2>&1
/sbin/rmmod usb-uhci
sleep 5
rm -f $MCODE_LOADED
/sbin/modprobe usb-uhci
sleep 5
/usr/local/bin/modem_run -v 2 -f /usr/local/bin/mgmt.o -m
touch $MCODE_LOADED
}
load_mcode()
{
echo load_mcode at `/bin/date`
while [ ! -e $MCODE_LOADED ]; do
echo $MCODE_LOADED not found - reloading microcode at `/bin/date`
do_reload_mcode &
sleep 10
STOPTIME=$[$MCODE_TIMEOUT+`/bin/date +%s`]
while [ ! -e $MCODE_LOADED -a `/bin/date +%s` -lt $STOPTIME ]; do
sleep 10
done
done
echo finished load_mcode at `/bin/date`
}
reload_mcode()
{
echo reload_mcode at `/bin/date`
rm -f $MCODE_LOADED
load_mcode
echo finished reload_mcode at `/bin/date`
}
if [ -f ${LOCK_FILE} ]; then
echo Another downup.sh running at `/bin/date`
exit 0
fi
# Get config.
if [ ! -f /etc/sysconfig/firewall ]; then
echo
echo "ERROR IN CONFIGURATION: Can't find /etc/sysconfig/firewall"
exit 0
fi
touch ${LOCK_FILE}
while true; do
. /etc/sysconfig/firewall
if [ "$PTP_IP" != "" ]; then
STOPTIME=$[$PING_TIMEOUT+`/bin/date +%s`]
while [ `/bin/date +%s` -lt $STOPTIME ]; do
. /etc/sysconfig/firewall
if ( /bin/ping -c 1 $PTP_IP >/dev/null 2>&1 ); then
rm -f ${LOCK_FILE}
echo Connection OK at `/bin/date`
exit 0
else
/etc/init.d/firewall
sleep 1
fi
done
fi
echo restarting at `/bin/date`
kill_pppd
load_mcode
start_pppd
. /etc/sysconfig/firewall
while [ "$NET_IF" = "" ]; do
echo "Timed out after $PPPD_TIMEOUT seconds"
kill_pppd
reload_mcode
start_pppd
. /etc/sysconfig/firewall
done
/etc/init.d/firewall
done
exit 0
====================================
</etc/sysconfig/firewall>
====================================
#############################################################
#
# Firewall
#
# Copyright (c) 2002 Tim Woodall ([EMAIL PROTECTED])
#
# This program is licenced under the GNU licence.
# See LICENCE for more details
#
# $Id: firewallsetup,v 1.6 2002/02/09 13:02:29 tim Exp $
#
#############################################################
IPTABLES="/sbin/iptables"
SED="/bin/sed"
IFCONFIG="/sbin/ifconfig"
LAN_IF="eth0"
DMZ_IF="eth1"
NET_IF=`${IFCONFIG} | ${SED} -n "s/^\(ppp[0-9]\).*$/\1/p"`
LAN_IP=`${IFCONFIG} ${LAN_IF} | ${SED} -n "s/^.*inet addr:\([0-9\.]*\).*$/\1/p"`
DMZ_IP=`${IFCONFIG} ${DMZ_IF} | ${SED} -n "s/^.*inet addr:\([0-9\.]*\).*$/\1/p"`
NET_IP=`${IFCONFIG} ${NET_IF} | ${SED} -n "s/^.*inet addr:\([0-9\.]*\).*$/\1/p"`
PTP_IP=`${IFCONFIG} ${NET_IF} | ${SED} -n "s/^.*P-t-P:\([0-9\.]*\).*$/\1/p"`
LAN_NET="192.168.100.0/24"
DMZ_NET="192.168.1.0/24"
LOG_FLOOD="20/s"
SYN_FLOOD="40/s"
ICMP_FLOOD="5/s"
MASQ_NET="${LAN_NET} ${DMZ_NET}"
MASQ_IF=${NET_IF}
MASQ_IP=${NET_IP}
FILTER_CHAINS="SYNACCEPT LSYNACCEPT LDROP LREJECT"
EXISTING_CHAINS=`${IPTABLES} -L -n | ${SED} -n "s/Chain \(.*\) (.*references)$/\1/p"`
MANGLE_TOS_OPTIMIZE="TRUE" # TOS Optimizations on or off
(TRUE/FALSE toggle)
--
God said, "div D = rho, div B = 0, curl E = - @B/@t, curl H = J + @D/@t,"
and there was light.
http://tjw.hn.org/ http://www.locofungus.btinternet.co.uk/
Liste de diffusion modem ALCATEL SpeedTouch USB
Pour se d�sinscrire : mailto:[EMAIL PROTECTED]?subject=unsubscribe
