Commit cd35f7ec authored by iv's avatar iv

Autodetect shill options, add config file for ip6tables, fix bug

parent b1c404a3
......@@ -5,7 +5,6 @@ mountpoint="/media/removable"
configdir="/home/chronos/user/.re6stconf"
configfile="${configdir}/re6stnet.conf"
options=""
save=0
install -d ${configdir}
......@@ -33,11 +32,11 @@ if [ "$save" == "y" -o "$save" == "Y" -o "$save" == "" ] ; then
else
echo "no external device partition mounted on /media/removable"
fi
fi
read -e -p "Where the configuration directory should be saved (use tabulation for autocompletion): " place
place+="/re6stconf"
echo "configuration will be saved in $place"
else
save=0
echo "Configuration will be placed in ${configfile}, please do manually backup later or you could lose your access."
fi
......@@ -47,9 +46,24 @@ for opt in $options; do
echo "$opt" >> ${configfile}
done
echo """
*filter
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p udp -m udp --dport 6696 -j ACCEPT
-A INPUT -p udp -m udp --dport 326 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9684 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 50005 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 6696 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 326 -j ACCEPT
COMMIT
""" > ${configdir}/ip6tables.conf
if [ $save -a $place ] ; then
sudo install -d "${place}"
sudo cp ${configdir}/* "${place}"
for file in "${configdir}"/* ; do
install ${file} "${place}"
done
fi
echo "Use grdn-run command to run re6st."
......@@ -4,11 +4,11 @@
mountpoint="/media/removable"
configdir="/home/chronos/user/.re6stconf"
configfile="${configdir}/re6stnet.conf"
options=""
shill_options="BLACKLISTED_DEVICES=re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2"
# shill should not care about these devices
blacklist_option="re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2"
echo "After having run this script, you will connect to the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6."
if [[ $(ps -A | grep re6stnet) ]] ; then
if [[ $(pgrep re6stnet) ]] ; then
read -p "re6stnet is already running. Stop it [y/N] ?" stop
if [ "$stop" == "y" -o "$stop" == "Y" ] ; then
echo "Killing re6stnet process..."
......@@ -66,28 +66,38 @@ ip6tables-save > ${configdir}/ip6tables.save
cleanup() {
printf "\nCleaning up and exiting...\n"
if [ -r ${configdir}/ip6tables.save ] ; then
cat ${configdir}/ip6tables.save | ip6tables-restore
fi
echo "Removing changes in ip6tables rules"
ip6tables-restore < ${configdir}/ip6tables.save
rm ${configdir}/ip6tables.save
fi
echo ""
exit 0
}
trap cleanup SIGHUP SIGINT SIGTERM
# firewall configuration
ip6tables -P FORWARD ACCEPT
ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A INPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT
# TODO: how to get environment variables used by shill upstart script/shill options
# setup shill network manager
if [ -r "${configdir}"/ip6tables.conf ] ; then
ip6tables-restore < "${configdir}"/ip6tables.conf
else
# accept ports needed for re6stnet
ip6tables -P FORWARD ACCEPT
ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A INPUT -p udp --dport 326 -j ACCEPT
# Accept ports needed for running any webrunner
ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT
fi
read -p "Was the network manager shill already started with the right blacklisted devices? (It should be the case if you run this script since you boot. Answering n will restart shill.) [y/N]? " confirm
if [ "$confirm" != "y" -a "$confirm" != "Y" ] ; then
# setup shill network manager
if [[ $( pgrep -a shill | grep ${blacklist_option} ) ]] ; then
echo "shill was started with the right blacklist."
else
read -p "The network manager shill was not started with the right blacklisted devices list. Restart it [Y/n]? " confirm
if [ "$confirm" != "n" -a "$confirm" != "N" ] ; then
if [[ $( status shill_respawn | grep running ) ]] ; then
# shill_respawn job does not allow to pass arguments to shill
stop shill_respawn
......@@ -95,22 +105,18 @@ if [ "$confirm" != "y" -a "$confirm" != "Y" ] ; then
if [[ $( status shill | grep running ) ]] ; then
stop shill
fi
start shill ${shill_options}
start shill BLACKLISTED_DEVICES="${blacklist_option}"
fi
fi
read -p "Should the interface accept router advertisement via IPv6 [y/N]? " accept_ra
# give some time for interfaces to be back
for i in {0..2} ; do
echo -n "." ; sleep 1
done
echo ""
interface="$(netstat -i | grep RU | cut -d' ' -f1 | grep 0 || netstat -i | grep RU | cut -d' ' -f1 | grep 1)"
interface_names="$( ip -o link show | awk -F': ' '{print $2}' )"
interface="$( ip -o link show | grep 'state UP' | awk -F': ' '{print $2}' || echo ${interface_names} | grep 0 || echo ${interface_names} | grep 1)"
read -p "Is $interface the name of the interface that is used to access the Internet (via IPv4) [Y/n]? " confirm
if [ "$confirm" != "y" -a "$confirm" != "Y" -a "$confirm" != "" ] ; then
printf "running interfaces found:\n$(netstat -i | grep RU | cut -d' ' -f1)\n"
printf "running interfaces found:\n${interface_names}\n"
read -p "name of the interface used to access the Internet (via IPv4): " interface
fi
......@@ -131,10 +137,11 @@ while [[ $( grep default ${configfile} ) && $( ip -6 r | grep default ) ]] ; do
printf "Default route was found for interface '${interface}':\n $( ip -6 r | grep default )\nwhereas option 'default' is in ${configfile}.\n"
read -p "Use ip route (i) or try restarting shill (s) [I/s]: " choice
if [ "$choice" != "s" -a "$confirm" != "S" ] ; then
echo ip -6 route del $( ip -6 r | grep default | sed "s/ dev .*/ /" )
ip -6 route del $( ip -6 r | grep default | sed "s/ dev .*/ /" )
route="$( ip -6 r | grep default | sed 's/ dev .*//' )"
ip -6 route del ${route}
echo removed route: "${route}"
else
restart shill ${shill_options}
restart shill BLACKLISTED_DEVICES="${blacklist_option}"
fi
done
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment