diff options
Diffstat (limited to 'package/base-files/default/etc/init.d')
-rwxr-xr-x | package/base-files/default/etc/init.d/S10boot | 38 | ||||
-rwxr-xr-x | package/base-files/default/etc/init.d/S40network | 14 | ||||
-rwxr-xr-x | package/base-files/default/etc/init.d/S45firewall | 92 | ||||
-rwxr-xr-x | package/base-files/default/etc/init.d/S50dnsmasq | 27 | ||||
-rwxr-xr-x | package/base-files/default/etc/init.d/S50httpd | 2 | ||||
-rwxr-xr-x | package/base-files/default/etc/init.d/S50telnet | 2 | ||||
-rwxr-xr-x | package/base-files/default/etc/init.d/S99done | 4 | ||||
-rwxr-xr-x | package/base-files/default/etc/init.d/rcS | 8 |
8 files changed, 187 insertions, 0 deletions
diff --git a/package/base-files/default/etc/init.d/S10boot b/package/base-files/default/etc/init.d/S10boot new file mode 100755 index 0000000000..22096d5fbb --- /dev/null +++ b/package/base-files/default/etc/init.d/S10boot @@ -0,0 +1,38 @@ +#!/bin/sh +echo "S" > /proc/jffs2_bbc + +mkdir -p /var/run +mkdir -p /var/log +touch /var/log/wtmp +touch /var/log/lastlog + +[ "$(nvram get il0macaddr)" = "00:90:4c:5f:00:2a" ] && { + # if default wifi mac, set two higher than the lan mac + nvram set il0macaddr=$(nvram get et0macaddr| + awk '{OFS=FS=":";for(x=7,y=2;--x;){$x=sprintf("%02x",(y+="0x"$x)%256);y/=256}print}') +} + +# set up the vlan*ports variables for the asus wl-500g deluxe +# if they don't already exist +[ "$(nvram get boardtype)" = "bcm95365r" \ +-a "$(nvram get boardnum)" = "45" \ +-a -z "$(nvram get vlan0ports)$(nvram get vlan1ports)" ] && { + nvram set vlan0ports="1 2 3 4 5*" + nvram set vlan1ports="0 5" +} + +sed 's/^[^#]/insmod &/' /etc/modules /etc/modules.d/* 2>&-|ash + +ifconfig lo 127.0.0.1 up +ifconfig eth0 promisc + +HOSTNAME=$(nvram get wan_hostname) +HOSTNAME=${HOSTNAME%%.*} +echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname + +vconfig set_name_type VLAN_PLUS_VID_NO_PAD + +# automagically run firstboot +[ -z "$FAILSAFE" ] && { + { mount|grep "on / type jffs2" 1>&-; } || firstboot +} diff --git a/package/base-files/default/etc/init.d/S40network b/package/base-files/default/etc/init.d/S40network new file mode 100755 index 0000000000..d8b4e4125e --- /dev/null +++ b/package/base-files/default/etc/init.d/S40network @@ -0,0 +1,14 @@ +#!/bin/sh +case "$1" in + start|restart) + ifup lan + ifup wan + ifup wifi + wifi up + + for route in $(nvram get static_route); do { + eval "set $(echo $route | sed 's/:/ /g')" + $DEBUG route add -net $1 netmask $2 gw $3 metric $4 dev $5 + } done + ;; +esac diff --git a/package/base-files/default/etc/init.d/S45firewall b/package/base-files/default/etc/init.d/S45firewall new file mode 100755 index 0000000000..8350ccbfef --- /dev/null +++ b/package/base-files/default/etc/init.d/S45firewall @@ -0,0 +1,92 @@ +#!/bin/sh + +## Please make changes in /etc/firewall.user + +. /etc/functions.sh +WAN=$(nvram get wan_ifname) +LAN=$(nvram get lan_ifname) + +## CLEAR TABLES +for T in filter nat mangle; do + iptables -t $T -F + iptables -t $T -X +done + +iptables -N input_rule +iptables -N output_rule +iptables -N forwarding_rule + +iptables -t nat -N prerouting_rule +iptables -t nat -N postrouting_rule + +### INPUT +### (connections with the router as destination) + + # base case + iptables -P INPUT DROP + iptables -A INPUT -m state --state INVALID -j DROP + iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP + + # + # insert accept rule or to jump to new accept-check table here + # + iptables -A INPUT -j input_rule + + # allow + iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces + iptables -A INPUT -p icmp -j ACCEPT # allow ICMP + iptables -A INPUT -p gre -j ACCEPT # allow GRE + + # reject (what to do with anything not allowed earlier) + iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset + iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable + +### OUTPUT +### (connections with the router as source) + + # base case + iptables -P OUTPUT DROP + iptables -A OUTPUT -m state --state INVALID -j DROP + iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + + # + # insert accept rule or to jump to new accept-check table here + # + iptables -A OUTPUT -j output_rule + + # allow + iptables -A OUTPUT -j ACCEPT #allow everything out + + # reject (what to do with anything not allowed earlier) + iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset + iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable + +### FORWARDING +### (connections routed through the router) + + # base case + iptables -P FORWARD DROP + iptables -A FORWARD -m state --state INVALID -j DROP + iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu + iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT + + # + # insert accept rule or to jump to new accept-check table here + # + iptables -A FORWARD -j forwarding_rule + + # allow + iptables -A FORWARD -i br0 -o br0 -j ACCEPT + iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT + + # reject (what to do with anything not allowed earlier) + # uses the default -P DROP + +### MASQ + iptables -t nat -A PREROUTING -j prerouting_rule + iptables -t nat -A POSTROUTING -j postrouting_rule + iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE + +## USER RULES +[ -f /etc/firewall.user ] && . /etc/firewall.user diff --git a/package/base-files/default/etc/init.d/S50dnsmasq b/package/base-files/default/etc/init.d/S50dnsmasq new file mode 100755 index 0000000000..6a5af0f05f --- /dev/null +++ b/package/base-files/default/etc/init.d/S50dnsmasq @@ -0,0 +1,27 @@ +#!/bin/sh +. /etc/functions.sh + +# interface to use for DHCP +iface=lan + +ifname=$(nvram get ${iface}_ifname) +ipaddr=$(nvram get ${iface}_ipaddr) +netmask=$(nvram get ${iface}_netmask) + +( + # check for existing DHCP server + udhcpc -n -q -R -s /dev/zero -i $ifname >&- || { + + ipaddr=$(ip2int $ipaddr) + netmask=$(ip2int ${netmask:-255.255.255.0}) + network=$((ipaddr&netmask)) + + start=$(nvram get dhcp_start) + start=$((network+${start:-100})) + end=$(nvram get dhcp_num) + end=$((start+${end:-150})) + + args="-l /tmp/dhcp.leases -K -F $(int2ip $start),$(int2ip $end),$(int2ip $netmask),12h" + } + dnsmasq ${args} +) & diff --git a/package/base-files/default/etc/init.d/S50httpd b/package/base-files/default/etc/init.d/S50httpd new file mode 100755 index 0000000000..9cf551e5c6 --- /dev/null +++ b/package/base-files/default/etc/init.d/S50httpd @@ -0,0 +1,2 @@ +#!/bin/sh +httpd -p 80 -h /www -r WRT54G Router diff --git a/package/base-files/default/etc/init.d/S50telnet b/package/base-files/default/etc/init.d/S50telnet new file mode 100755 index 0000000000..599c3540eb --- /dev/null +++ b/package/base-files/default/etc/init.d/S50telnet @@ -0,0 +1,2 @@ +#!/bin/sh +telnetd -l /bin/login diff --git a/package/base-files/default/etc/init.d/S99done b/package/base-files/default/etc/init.d/S99done new file mode 100755 index 0000000000..ce60337212 --- /dev/null +++ b/package/base-files/default/etc/init.d/S99done @@ -0,0 +1,4 @@ +#!/bin/sh +# set leds to normal state +echo "0x00" > /proc/sys/diag +sysctl -p >&- diff --git a/package/base-files/default/etc/init.d/rcS b/package/base-files/default/etc/init.d/rcS new file mode 100755 index 0000000000..e6daddc593 --- /dev/null +++ b/package/base-files/default/etc/init.d/rcS @@ -0,0 +1,8 @@ +#!/bin/sh +syslogd -C 16 +klogd +${FAILSAFE:+telnetd -l /bin/login; ifup lan; exit} + +for i in /etc/init.d/S*; do + $i start 2>&1 +done | logger -s -p 6 -t '' & |