Commit cd35f7ec authored by iv's avatar iv

Autodetect shill options, add config file for ip6tables, fix bug

parent b1c404a3
...@@ -5,7 +5,6 @@ mountpoint="/media/removable" ...@@ -5,7 +5,6 @@ mountpoint="/media/removable"
configdir="/home/chronos/user/.re6stconf" configdir="/home/chronos/user/.re6stconf"
configfile="${configdir}/re6stnet.conf" configfile="${configdir}/re6stnet.conf"
options="" options=""
save=0
install -d ${configdir} install -d ${configdir}
...@@ -33,11 +32,11 @@ if [ "$save" == "y" -o "$save" == "Y" -o "$save" == "" ] ; then ...@@ -33,11 +32,11 @@ if [ "$save" == "y" -o "$save" == "Y" -o "$save" == "" ] ; then
else else
echo "no external device partition mounted on /media/removable" echo "no external device partition mounted on /media/removable"
fi fi
fi
read -e -p "Where the configuration directory should be saved (use tabulation for autocompletion): " place read -e -p "Where the configuration directory should be saved (use tabulation for autocompletion): " place
place+="/re6stconf" place+="/re6stconf"
echo "configuration will be saved in $place" echo "configuration will be saved in $place"
else else
save=0
echo "Configuration will be placed in ${configfile}, please do manually backup later or you could lose your access." echo "Configuration will be placed in ${configfile}, please do manually backup later or you could lose your access."
fi fi
...@@ -47,9 +46,24 @@ for opt in $options; do ...@@ -47,9 +46,24 @@ for opt in $options; do
echo "$opt" >> ${configfile} echo "$opt" >> ${configfile}
done done
echo """
*filter
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p udp -m udp --dport 6696 -j ACCEPT
-A INPUT -p udp -m udp --dport 326 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9684 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 50005 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 6696 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 326 -j ACCEPT
COMMIT
""" > ${configdir}/ip6tables.conf
if [ $save -a $place ] ; then if [ $save -a $place ] ; then
sudo install -d "${place}" sudo install -d "${place}"
sudo cp ${configdir}/* "${place}" for file in "${configdir}"/* ; do
install ${file} "${place}"
done
fi fi
echo "Use grdn-run command to run re6st." echo "Use grdn-run command to run re6st."
...@@ -4,11 +4,11 @@ ...@@ -4,11 +4,11 @@
mountpoint="/media/removable" mountpoint="/media/removable"
configdir="/home/chronos/user/.re6stconf" configdir="/home/chronos/user/.re6stconf"
configfile="${configdir}/re6stnet.conf" configfile="${configdir}/re6stnet.conf"
options="" # shill should not care about these devices
shill_options="BLACKLISTED_DEVICES=re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2" blacklist_option="re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2"
echo "After having run this script, you will connect to the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6." echo "After having run this script, you will connect to the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6."
if [[ $(ps -A | grep re6stnet) ]] ; then if [[ $(pgrep re6stnet) ]] ; then
read -p "re6stnet is already running. Stop it [y/N] ?" stop read -p "re6stnet is already running. Stop it [y/N] ?" stop
if [ "$stop" == "y" -o "$stop" == "Y" ] ; then if [ "$stop" == "y" -o "$stop" == "Y" ] ; then
echo "Killing re6stnet process..." echo "Killing re6stnet process..."
...@@ -66,28 +66,38 @@ ip6tables-save > ${configdir}/ip6tables.save ...@@ -66,28 +66,38 @@ ip6tables-save > ${configdir}/ip6tables.save
cleanup() { cleanup() {
printf "\nCleaning up and exiting...\n" printf "\nCleaning up and exiting...\n"
if [ -r ${configdir}/ip6tables.save ] ; then if [ -r ${configdir}/ip6tables.save ] ; then
cat ${configdir}/ip6tables.save | ip6tables-restore echo "Removing changes in ip6tables rules"
fi ip6tables-restore < ${configdir}/ip6tables.save
rm ${configdir}/ip6tables.save rm ${configdir}/ip6tables.save
fi
echo ""
exit 0 exit 0
} }
trap cleanup SIGHUP SIGINT SIGTERM trap cleanup SIGHUP SIGINT SIGTERM
# firewall configuration # firewall configuration
ip6tables -P FORWARD ACCEPT if [ -r "${configdir}"/ip6tables.conf ] ; then
ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT ip6tables-restore < "${configdir}"/ip6tables.conf
ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT else
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT # accept ports needed for re6stnet
ip6tables -A INPUT -p udp --dport 326 -j ACCEPT ip6tables -P FORWARD ACCEPT
ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
# TODO: how to get environment variables used by shill upstart script/shill options ip6tables -A INPUT -p udp --dport 326 -j ACCEPT
# setup shill network manager
# Accept ports needed for running any webrunner
ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT
fi
read -p "Was the network manager shill already started with the right blacklisted devices? (It should be the case if you run this script since you boot. Answering n will restart shill.) [y/N]? " confirm # setup shill network manager
if [ "$confirm" != "y" -a "$confirm" != "Y" ] ; then if [[ $( pgrep -a shill | grep ${blacklist_option} ) ]] ; then
echo "shill was started with the right blacklist."
else
read -p "The network manager shill was not started with the right blacklisted devices list. Restart it [Y/n]? " confirm
if [ "$confirm" != "n" -a "$confirm" != "N" ] ; then
if [[ $( status shill_respawn | grep running ) ]] ; then if [[ $( status shill_respawn | grep running ) ]] ; then
# shill_respawn job does not allow to pass arguments to shill # shill_respawn job does not allow to pass arguments to shill
stop shill_respawn stop shill_respawn
...@@ -95,22 +105,18 @@ if [ "$confirm" != "y" -a "$confirm" != "Y" ] ; then ...@@ -95,22 +105,18 @@ if [ "$confirm" != "y" -a "$confirm" != "Y" ] ; then
if [[ $( status shill | grep running ) ]] ; then if [[ $( status shill | grep running ) ]] ; then
stop shill stop shill
fi fi
start shill ${shill_options} start shill BLACKLISTED_DEVICES="${blacklist_option}"
fi
fi fi
read -p "Should the interface accept router advertisement via IPv6 [y/N]? " accept_ra read -p "Should the interface accept router advertisement via IPv6 [y/N]? " accept_ra
# give some time for interfaces to be back interface_names="$( ip -o link show | awk -F': ' '{print $2}' )"
for i in {0..2} ; do interface="$( ip -o link show | grep 'state UP' | awk -F': ' '{print $2}' || echo ${interface_names} | grep 0 || echo ${interface_names} | grep 1)"
echo -n "." ; sleep 1
done
echo ""
interface="$(netstat -i | grep RU | cut -d' ' -f1 | grep 0 || netstat -i | grep RU | cut -d' ' -f1 | grep 1)"
read -p "Is $interface the name of the interface that is used to access the Internet (via IPv4) [Y/n]? " confirm read -p "Is $interface the name of the interface that is used to access the Internet (via IPv4) [Y/n]? " confirm
if [ "$confirm" != "y" -a "$confirm" != "Y" -a "$confirm" != "" ] ; then if [ "$confirm" != "y" -a "$confirm" != "Y" -a "$confirm" != "" ] ; then
printf "running interfaces found:\n$(netstat -i | grep RU | cut -d' ' -f1)\n" printf "running interfaces found:\n${interface_names}\n"
read -p "name of the interface used to access the Internet (via IPv4): " interface read -p "name of the interface used to access the Internet (via IPv4): " interface
fi fi
...@@ -131,10 +137,11 @@ while [[ $( grep default ${configfile} ) && $( ip -6 r | grep default ) ]] ; do ...@@ -131,10 +137,11 @@ while [[ $( grep default ${configfile} ) && $( ip -6 r | grep default ) ]] ; do
printf "Default route was found for interface '${interface}':\n $( ip -6 r | grep default )\nwhereas option 'default' is in ${configfile}.\n" printf "Default route was found for interface '${interface}':\n $( ip -6 r | grep default )\nwhereas option 'default' is in ${configfile}.\n"
read -p "Use ip route (i) or try restarting shill (s) [I/s]: " choice read -p "Use ip route (i) or try restarting shill (s) [I/s]: " choice
if [ "$choice" != "s" -a "$confirm" != "S" ] ; then if [ "$choice" != "s" -a "$confirm" != "S" ] ; then
echo ip -6 route del $( ip -6 r | grep default | sed "s/ dev .*/ /" ) route="$( ip -6 r | grep default | sed 's/ dev .*//' )"
ip -6 route del $( ip -6 r | grep default | sed "s/ dev .*/ /" ) ip -6 route del ${route}
echo removed route: "${route}"
else else
restart shill ${shill_options} restart shill BLACKLISTED_DEVICES="${blacklist_option}"
fi fi
done done
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment