Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #DEBUG= # uncomment/comment to enable/disable debug mode
- # name: merlin-ac68u-add-networks.sh
- # version: 2.0.0, 30-jul-2022, by eibgrad
- # purpose: add ip networks using vlans, aps/vaps, bridges, etc.
- # type(s): dnsmasq.postconf (optional), firewall-start (optional),
- # service-event-end, services-start
- # href: https://tinyurl.com/kumyymcw (version 1.x.x)
- # href: https://tinyurl.com/ycxxmw6d (version 2.x.x)
- # installation:
- # 1. enable jffs custom scripts and configs (administration->system)
- # 2. ssh to router and copy/paste the following command:
- # curl -kLs bit.ly/merlin-installer|tr -d '\r'|sh -s hvHHic1V
- # 3. modify script w/ your preferred options using nano editor:
- # nano /jffs/configs/merlin-ac68u-add-networks.options
- # 4. reboot
- # compatibility checks
- if [ "$(nvram get sw_mode)" != '1' ]; then
- echo 'error: script only supports a routed configuration'
- exit 1
- elif ! which robocfg &>/dev/null; then
- echo 'error: script is NOT compatible w/ this firmware; requires robocfg'
- exit 1
- fi
- CONFIGS_DIR='/jffs/configs'
- CONFIG="$CONFIGS_DIR/merlin-ac68u-add-networks.options"
- SCRIPTS_DIR='/jffs/scripts'
- SCRIPT1="$SCRIPTS_DIR/merlin-ac68u-add-networks.dnsmasq"
- SCRIPT2="$SCRIPTS_DIR/merlin-ac68u-add-networks.firewall"
- SCRIPT3="$SCRIPTS_DIR/merlin-ac68u-add-networks.service-event-end"
- SCRIPT4="$SCRIPTS_DIR/merlin-ac68u-add-networks.services-start"
- SCRIPT5="$SCRIPTS_DIR/dnsmasq.postconf"
- SCRIPT6="$SCRIPTS_DIR/firewall-start"
- SCRIPT7="$SCRIPTS_DIR/service-event-end"
- SCRIPT8="$SCRIPTS_DIR/services-start"
- mkdir -p $CONFIGS_DIR $SCRIPTS_DIR
- # ----------------- begin merlin-ac68u-add-networks.options ------------------ #
- cat << 'EOF' > $CONFIG
- # ------------------------------ BEGIN OPTIONS ------------------------------- #
- # VLANS_PORTS='[<vlan-id>[/<port>...] ...]'
- VLANS_PORTS='1/1/2/3 3/4' # vlan1 ports 1 2 3, vlan3 port 4
- #VLANS_PORTS='1/1/2 3/3/4' # vlan1 ports 1 2, vlan3 ports 3 4
- #VLANS_PORTS='1 10/1/2/3/4' # vlan1 no ports, vlan10 ports 1 2 3 4
- #VLANS_PORTS='1/1 10/2 11/3 12/4' # vlan1/vlan10/vlan11/vlan12, one port each
- #VLANS_PORTS='1/1/2/3/4t 3/4t' # vlan1/vlan3 port 4 trunk
- # VLANS_WL='[<vlan-id>[/<wireless-if>...] ...]'
- #VLANS_WL='' # no wireless changes required
- #VLANS_WL='3/eth1' # bridge vlan3 w/ 2.4ghz
- VLANS_WL='3/eth2' # bridge vlan3 w/ 5ghz
- #VLANS_WL='3/wl0.1/wl1.1' # bridge vlan3 w/ guest 1 (2.4+5ghz)
- #VLANS_WL='3/wl0.1 4/wl1.1' # bridge vlan3/vlan4 w/ guest 1 (2.4/5ghz)
- #VLANS_WL='10/wl0.1/wl1.1' # bridge vlan10 w/ guest 1 (2.4+5ghz)
- #VLANS_WL='11/wl0.2/wl1.2' # bridge vlan11 w/ guest 2 (2.4+5ghz)
- #VLANS_WL='12/wl0.3/wl1.3' # bridge vlan12 w/ guest 3 (2.4+5ghz)
- # bridge vlans 10/11/12 /w guests 1/2/3 respectively
- #VLANS_WL='10/wl0.1/wl1.1 11/wl0.2/wl1.2 12/wl0.3/wl1.3'
- #VLANS_PORTS=''; VLANS_WL='' # for cleanup purposes only
- # ip network prefix (default is based on private network (e.g., 192.168.))
- #IP_PFX='10.99.' # first two dotted octets only
- # uncomment/comment to include/exclude pre-defined dnsmasq directives
- # warning: any change requires reinstallation w/ this script!
- INCLUDE_DNSMASQ=
- # uncomment/comment to use specified/default dns server(s)
- DNS_SERVERS='8.8.8.8,8.8.4.4' # comma-separated
- # uncomment/comment to include/exclude pre-defined firewall rules
- # warning: any change requires reinstallation w/ this script!
- INCLUDE_FIREWALL=
- # uncomment/comment to allow/deny access from private network to new networks
- #ALLOW_PRIVATE_TO_ANY=
- # uncomment/comment to allow/deny access to/from openvpn clients/servers
- #ALLOW_OVPN_ACCESS=
- # these are just examples; uncomment and modify as you see fit
- DNSMASQ_ADDITIONS='
- # static leases (hostname and lease time optional)
- #dhcp-host=br3,47:b5:1d:54:5c:fb,192.168.3.100,desktop,24h
- #dhcp-host=br3,64:67:16:cd:c7:c0,59:21:2d:99:28:70,192.168.3.101
- # per-network static leases for device w/ multiple network adapters
- #dhcp-host=br0,b8:70:f4:b3:4d:6a,38:59:f9:14:1f:d3,192.168.1.99,laptop
- #dhcp-host=br10,b8:70:f4:b3:4d:6a,38:59:f9:14:1f:d3,192.168.10.99,laptop
- #dhcp-host=br11,b8:70:f4:b3:4d:6a,38:59:f9:14:1f:d3,192.168.11.99,laptop
- #dhcp-host=br12,b8:70:f4:b3:4d:6a,38:59:f9:14:1f:d3,192.168.12.99,laptop
- # hostnames (dynamic leases only)
- #dhcp-host=a3:fa:ca:ba:07:2c,somehostname1
- #dhcp-host=43:f3:52:dd:67:d9,somehostname2
- '
- # function firewall_additions( vlan-id )
- firewall_additions() {
- local brx=br${1} # generalize reference to current bridge under examination
- # useful constants
- local LAN_IP="$(nvram get lan_ipaddr)" # (e.g., 192.168.1.1)
- local LAN_NET="$LAN_IP/$(nvram get lan_netmask)" # (e.g., 192.168.1.0/24)
- local LAN_PFX="$(echo $LAN_IP | grep -o '^.*\.')" # (e.g., 192.168.1.)
- case "$1" in
- # these are just examples; uncomment and modify as you see fit
- 3) ### vlan3/br3 rules go here ###
- # allow access to printer hosted on router
- #iptables -I INPUT -p tcp -i $brx --dport 9100 -j ACCEPT
- :;; # DO NOT DISTURB
- 4) ### vlan4/br4 rules go here ###
- # deny routing to internet based on source ip range
- #iptables -I FORWARD -i $brx -o $WAN_IF -m iprange \
- # --src-range "${IP_PFX}${1}.110-${IP_PFX}${1}.119" -j REJECT
- # deny routing to internet based on source mac address
- #iptables -I FORWARD -i $brx -o $WAN_IF -m mac --mac-source \
- # 0a:32:13:75:7d:95 -j REJECT
- :;; # DO NOT DISTURB
- 5) ### vlan5/br5 rules go here ###
- # deny routing from 10:00PM to 6:00AM, Sunday->Friday (student schedule)
- #iptables -I FORWARD -i $brx -m time --timestart 22:00 --timestop 00:00 \
- # --weekdays Sun,Mon,Tue,Wed,Thu --kerneltz -j REJECT
- #iptables -I FORWARD -i $brx -m time --timestart 00:00 --timestop 06:00 \
- # --weekdays Mon,Tue,Wed,Thu,Fri --kerneltz -j REJECT
- :;; # DO NOT DISTURB
- # repeat as necessary for additional vlans/bridges
- *) ### rules that apply across all vlans/bridges (br+) go here ###
- # allow access to printer hosted on private network (other than router)
- #iptables -I FORWARD -p tcp -i $brx -o br0 -d "${LAN_PFX}100" \
- # --dport 9100 -j ACCEPT
- :;; # DO NOT DISTURB
- esac
- }
- # ------------------------------- END OPTIONS -------------------------------- #
- # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
- # shared/global functions and constants (do NOT touch!)
- debug_enabled() { set -o | egrep -q '^xtrace\s+on$'; }
- BASENAME="$(basename $0)"
- NOW="$(date +'%Y-%m-%d-%H%M%S')"
- LOG="$(debug_enabled && echo /tmp/${BASENAME}_${NOW}_$$.log || echo /dev/null)"
- MIN_VID=3 MAX_VID=255 MIN_PORT=1 MAX_PORT=4
- [ "$IP_PFX" ] || IP_PFX="$(nvram get lan_ipaddr | egrep -o '^(.{1,3}\.){2}')"
- EOF
- echo "installed: $CONFIG"
- # ------------------ end merlin-ac68u-add-networks.options ------------------- #
- # ----------------- begin merlin-ac68u-add-networks.dnsmasq ------------------ #
- if grep -q '^INCLUDE_DNSMASQ=' $CONFIG; then
- cat << 'EOF' > $SCRIPT1
- #!/bin/sh
- #set -x # comment/uncomment to disable/enable debug mode
- . $CONFIG
- {
- . /usr/sbin/helper.sh
- DNSMASQ_CONFIG="$1"
- # function write( string )
- write() { pc_append "$1" $DNSMASQ_CONFIG; }
- # function validate_vlan_id( vlan-id )
- validate_vlan_id() {
- local vlan_id=$1
- if ! echo $vlan_id | egrep -q '^[0-9]+$'; then
- return 1
- elif [[ $vlan_id -lt $MIN_VID || $vlan_id -gt $MAX_VID ]]; then
- return 1
- fi
- return 0
- }
- # function add_dhcp_server( bridge-index )
- add_dhcp_server() {
- write "interface=br${1}"
- write "dhcp-range=br${1},${IP_PFX}${1}.100,${IP_PFX}${1}.254,255.255.255.0,24h"
- write "dhcp-option=br${1},3,${IP_PFX}${1}.1"
- [ "$DNS_SERVERS" ] && write "dhcp-option=br${1},6,$DNS_SERVERS"
- }
- write "# --- begin additions by $BASENAME --- #"
- # add dhcp server configuration for each new bridge
- for vp in $VLANS_PORTS; do
- vlan_id="$(echo $vp | cut -d/ -f1)"
- # ignore bad/missing input
- [ $vlan_id ] || continue
- # validate and add dhcp server for this vlan-id
- validate_vlan_id $vlan_id && add_dhcp_server $vlan_id
- done
- # add user-defined directives
- OIFS="$IFS"; IFS=$'\n'
- for line in $DNSMASQ_ADDITIONS; do
- echo $line | grep -Eq '^[[:space:]]*(#|$)' || write "$line"
- done
- IFS="$OIFS"
- write "# ---- end additions by $BASENAME ---- #"
- exit 0
- } 2>&1 | tee $LOG | logger -t $BASENAME[$$]
- EOF
- [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT1
- sed -i "s:\$CONFIG:$CONFIG:g" $SCRIPT1
- chmod +x $SCRIPT1
- echo "installed: $SCRIPT1"
- fi
- # ------------------ end merlin-ac68u-add-networks.dnsmasq ------------------- #
- # ----------------- begin merlin-ac68u-add-networks.firewall ----------------- #
- if grep -q '^INCLUDE_FIREWALL=' $CONFIG; then
- cat << 'EOF' > $SCRIPT2
- #!/bin/sh
- #set -x # comment/uncomment to disable/enable debug mode
- . $CONFIG
- {
- WAN_IF="$([ $1 ] && echo $1 || echo $(nvram get wan0_ifname))"
- # function validate_vlan_id( vlan-id )
- validate_vlan_id() {
- local vlan_id=$1
- if ! echo $vlan_id | egrep -q '^[0-9]+$'; then
- return 1
- elif [[ $vlan_id -lt $MIN_VID || $vlan_id -gt $MAX_VID ]]; then
- return 1
- fi
- return 0
- }
- # function add_rules( bridge-index )
- add_rules() {
- # limit new bridge to essential router services (dhcp, dns, ping)
- iptables -I INPUT -i br${1} -j REJECT
- iptables -I INPUT -i br${1} -d ${IP_PFX}${1}.1 -p icmp -j ACCEPT
- if [ ! "$DNS_SERVERS" ]; then
- iptables -I INPUT -i br${1} -d ${IP_PFX}${1}.1 -p tcp --dport 53 -j ACCEPT
- iptables -I INPUT -i br${1} -d ${IP_PFX}${1}.1 -p udp --dport 53 -j ACCEPT
- fi
- iptables -I INPUT -i br${1} -p udp --dport 67 -j ACCEPT
- # define routing limits of new bridge (default is internet only)
- iptables -I FORWARD -i br${1} -j REJECT
- if [ ! ${ALLOW_PRIVATE_TO_ANY+x} ]; then
- iptables -I FORWARD -i br0 -o br${1} -j REJECT
- fi
- if [ ${ALLOW_OVPN_ACCESS+x} ]; then
- iptables -I FORWARD -i tun2+ -o br${1} -j ACCEPT
- iptables -I FORWARD -i br${1} -o tun1+ -j ACCEPT
- fi
- iptables -I FORWARD -i br${1} -m conntrack --ctstate DNAT -j ACCEPT
- iptables -I FORWARD -i br${1} -o $WAN_IF -j ACCEPT
- }
- # add firewall rules for each new bridge
- for vp in $VLANS_PORTS; do
- vlan_id="$(echo $vp | cut -d/ -f1)"
- # ignore bad/missing input
- [ $vlan_id ] || continue
- validate_vlan_id $vlan_id || continue
- # add rules for this vlan-id
- add_rules $vlan_id
- # add user-defined rules (if any) for this vlan-id
- firewall_additions $vlan_id
- done
- # add user-defined rules that apply across all bridges (br+)
- firewall_additions '+'
- exit 0
- } 2>&1 | tee $LOG | logger -t $BASENAME[$$]
- EOF
- [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT2
- sed -i "s:\$CONFIG:$CONFIG:g" $SCRIPT2
- chmod +x $SCRIPT2
- echo "installed: $SCRIPT2"
- fi
- # ------------------ end merlin-ac68u-add-networks.firewall ------------------ #
- # -------------- begin merlin-ac68u-add-networks.services-start -------------- #
- cat << 'EOF' > $SCRIPT3
- #!/bin/sh
- #set -x # comment/uncomment to disable/enable debug mode
- . $CONFIG
- {
- CPU_PORT="$(robocfg show | awk '/vlan1:/{print $NF}')"
- # function validate_vlan_id( vlan-id )
- validate_vlan_id() {
- local vlan_id=$1
- if [ $vlan_id != '1' ]; then
- if [ $vlan_id == '2' ]; then
- echo "error: changes to vlan2 (wan) NOT supported"
- return 1
- elif ! echo $vlan_id | egrep -q '^[0-9]+$'; then
- echo "error: vlan-id ${vlan_id} not numeric"
- return 1
- elif [[ $vlan_id -lt $MIN_VID || $vlan_id -gt $MAX_VID ]]; then
- echo "error: vlan${vlan_id} out of range ($MIN_VID-$MAX_VID)"
- return 1
- fi
- fi
- return 0
- }
- # function add_vlan_and_bridge( vlan-id ports )
- add_vlan_and_bridge() {
- local vlan_id=$1
- local ports="$2"
- # create new vlan w/ specified port(s)
- robocfg vlan $vlan_id ports "$ports"
- # add new vlan to eth0 (cpu) network interface
- vconfig add eth0 $vlan_id
- # bring up new vlan
- ifconfig vlan${vlan_id} up
- # create new bridge and add new vlan
- brctl addbr br${vlan_id}
- brctl addif br${vlan_id} vlan${vlan_id}
- # configure new bridge w/ preferred settings
- stp=$([ "$(nvram get lan_stp)" == '1' ] && echo 'on' || echo 'off')
- brctl stp br${vlan_id} $stp # stp to prevent bridge loops
- brctl setfd br${vlan_id} 2 # stp forward delay (2 secs)
- # config ip on new bridge and bring up network
- ifconfig br${vlan_id} ${IP_PFX}${vlan_id}.1 netmask 255.255.255.0 up
- }
- # respond to *all* wireless events (start/restart/stop)
- [ "$2" == 'wireless' ] || exit 0
- # cleanup any previous vlan/bridge configurations
- n=$MIN_VID
- while [ "$(nvram get br${n}_ifname)" ]; do
- br="$(nvram get br${n}_ifname)"
- vl="$(nvram get br${n}_ifnames | cut -d' ' -f1)"
- ifconfig $br down 2>/dev/null && brctl delbr $br && vconfig rem $vl
- nvram unset br${n}_ifname
- nvram unset br${n}_ifnames
- nvram unset lan${n}_ifname
- nvram unset lan${n}_ifnames
- [ $((++n)) -le $MAX_VID ] || break
- done
- # commit changes from cleanup if no other actions requested/required
- [[ $((n)) -gt $MIN_VID && ! "$VLANS_PORTS" && ! "$VLANS_WL" ]] && nvram commit
- # assign ports to vlans
- for vp in $VLANS_PORTS; do
- vlan_id="$(echo $vp | cut -d/ -f1)"
- # ignore bad/missing input
- [ $vlan_id ] || continue
- validate_vlan_id $vlan_id || continue
- # isolate ports from vlan-id
- vlan_ports="$(echo $vp | awk -F/ '{$1=""; print $0}')"
- # validate ports
- for p in $vlan_ports; do
- if ! echo $p | egrep -q '^[0-9]+[tu*]{0,1}$'; then
- echo "error: port $p specification not valid"
- continue 2
- fi
- _p="$(echo $p | egrep -o '^[0-9]*')"
- if [[ $_p -lt $MIN_PORT || $_p -gt $MAX_PORT ]]; then
- echo "error: port $p out of range ($MIN_PORT-$MAX_PORT)"
- continue 2
- fi
- done
- # add cpu port to ports
- vlan_ports="$(echo $vlan_ports $CPU_PORT)"
- if [ $vlan_id == '1' ]; then
- robocfg vlan 1 ports "$vlan_ports"
- continue
- fi
- add_vlan_and_bridge $vlan_id "$vlan_ports"
- # determine next available bridge/lan index
- #n=$vlan_id # doesn't work; must be assigned sequentially
- n=$MIN_VID; while [ "$(nvram get lan${n}_ifname)" ]; do let n++; done
- # add and initialize network interface names
- nvram set br${n}_ifname=br${vlan_id}
- nvram set br${n}_ifnames=vlan${vlan_id}
- nvram set lan${n}_ifname=br${vlan_id}
- nvram set lan${n}_ifnames=vlan${vlan_id}
- done
- # bridge wireless to vlans
- for vw in $VLANS_WL; do
- vlan_id="$(echo $vw | cut -d/ -f1)"
- # ignore bad/missing input
- [ $vlan_id ] || continue
- validate_vlan_id $vlan_id || continue
- # validate vlan-id usage
- if ! ifconfig vlan${vlan_id} &>/dev/null; then
- echo "error: vlan${vlan_id} not found"
- continue
- fi
- # isolate wireless network interfaces from vlan-id
- vlan_wl="$(echo $(echo $vw | awk -F/ '{$1=""; print $0}'))"
- # move wireless network interfaces to new bridge
- for wl in $vlan_wl; do
- # validate wireless network interface
- case $wl in
- 'eth1'|'eth2'|'wl0.1'|'wl1.1'|'wl0.2'|'wl1.2'|'wl0.3'|'wl1.3') :;;
- *) echo "error: unknown wireless network interface: ${wl}"; continue 2;;
- esac
- # wireless network interface must be up and running
- if ! ifconfig $wl &>/dev/null; then
- echo "error: wireless network interface not available: ${wl}"
- continue 2
- fi
- # delete wireless network interface from current bridge
- n=0
- if brctl show | grep -q "\s${wl}\$"; then
- while ! brctl delif br${n} $wl 2>/dev/null; do
- if [ $((++n)) -gt $MAX_VID ]; then
- echo "program error: wireless network interface not found: ${wl}"
- break
- fi
- done
- fi
- # add wireless network interface to new bridge
- brctl addif br${vlan_id} $wl
- done
- # find bridge/lan index for this vlan
- n=$MIN_VID
- while ! nvram get br${n}_ifnames | egrep -q "^vlan${vlan_id}( |$)"; do
- if [ $((++n)) -gt $MAX_VID ]; then
- echo "program error: bridge/lan index not found: ($n)"
- continue 2
- fi
- done
- # add wireless network interface names to corresponding bridge/lan
- nvram set br${n}_ifnames="$(nvram get br${n}_ifnames) $vlan_wl"
- nvram set lan${n}_ifnames="$(nvram get lan${n}_ifnames) $vlan_wl"
- # convert wireless network interface names to sed search mask
- mask=''; for wl in $vlan_wl; do mask="${mask}${wl}(\s|\$)|"; done
- # remove wireless network interface names from system bridges/lans
- for i in 0 1 2; do
- [ "$(nvram get br${i}_ifnames)" ] && \
- nvram set br${i}_ifnames="$(echo $(nvram get br${i}_ifnames | \
- sed -r s/$mask//g))"
- [ "$i" == '0' ] && j='' || j="$i"
- [ "$(nvram get lan${j}_ifnames)" ] && \
- nvram set lan${j}_ifnames="$(echo $(nvram get lan${j}_ifnames | \
- sed -r s/$mask//g))"
- done
- done
- # force system to recognize any changes
- eapd
- exit 0
- } 2>&1 | tee $LOG | logger -t $BASENAME[$$]
- EOF
- [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT3
- sed -i "s:\$CONFIG:$CONFIG:g" $SCRIPT3
- chmod +x $SCRIPT3
- echo "installed: $SCRIPT3"
- # --------------- end merlin-ac68u-add-networks.services-start --------------- #
- # ------------ begin merlin-ac68u-add-networks.service-event-end ------------- #
- cat << 'EOF' > $SCRIPT4
- #!/bin/sh
- #set -x # comment/uncomment to disable/enable debug mode
- . $CONFIG
- {
- # on bootup, the router does NOT generate a service-event-end event for the
- # wireless service (bug?), so we have to generate our own after all services
- # have been started
- /jffs/scripts/service-event-end 'start' 'wireless'
- exit 0
- } 2>&1 | tee $LOG | logger -t $BASENAME[$$]
- EOF
- [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT4
- sed -i "s:\$CONFIG:$CONFIG:g" $SCRIPT4
- chmod +x $SCRIPT4
- echo "installed: $SCRIPT4"
- # ------------- end merlin-ac68u-add-networks.service-event-end -------------- #
- # -------------------------- begin dnsmasq.postconf -------------------------- #
- if grep -q '^INCLUDE_DNSMASQ=' $CONFIG; then
- create_script() {
- cat << 'EOF' > $SCRIPT5
- #!/bin/sh
- #set -x # comment/uncomment to disable/enable debug mode
- {
- $SCRIPT1 "$1"
- } 2>&1 | logger -t $(basename $0)[$$]
- EOF
- [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT5
- sed "s:\$SCRIPT1:$SCRIPT1:g" -i $SCRIPT5
- chmod +x $SCRIPT5
- }
- if [ -f $SCRIPT5 ]; then
- echo "error: $SCRIPT5 already exists; requires manual installation"
- else
- create_script
- echo "installed: $SCRIPT5"
- fi
- fi
- # ------------------------ end begin dnsmasq.postconf ------------------------ #
- # --------------------------- begin firewall-start --------------------------- #
- if grep -q '^INCLUDE_FIREWALL=' $CONFIG; then
- create_script() {
- cat << 'EOF' > $SCRIPT6
- #!/bin/sh
- #set -x # comment/uncomment to disable/enable debug mode
- {
- $SCRIPT2 "$1"
- } 2>&1 | logger -t $(basename $0)[$$]
- EOF
- [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT6
- sed "s:\$SCRIPT2:$SCRIPT2:g" -i $SCRIPT6
- chmod +x $SCRIPT6
- }
- if [ -f $SCRIPT6 ]; then
- echo "error: $SCRIPT6 already exists; requires manual installation"
- else
- create_script
- echo "installed: $SCRIPT6"
- fi
- fi
- # ---------------------------- end firewall-start ---------------------------- #
- # ------------------------- begin service-event-end -------------------------- #
- create_script() {
- cat << 'EOF' > $SCRIPT7
- #!/bin/sh
- #set -x # comment/uncomment to disable/enable debug mode
- {
- $SCRIPT3 "$1" "$2"
- } 2>&1 | logger -t $(basename $0)[$$]
- EOF
- [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT7
- sed "s:\$SCRIPT3:$SCRIPT3:g" -i $SCRIPT7
- chmod +x $SCRIPT7
- }
- if [ -f $SCRIPT7 ]; then
- echo "error: $SCRIPT7 already exists; requires manual installation"
- else
- create_script
- echo "installed: $SCRIPT7"
- fi
- # -------------------------- end service-event-end --------------------------- #
- # --------------------------- begin services-start --------------------------- #
- create_script() {
- cat << 'EOF' > $SCRIPT8
- #!/bin/sh
- #set -x # comment/uncomment to disable/enable debug mode
- {
- $SCRIPT4
- } 2>&1 | logger -t $(basename $0)[$$]
- EOF
- [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT8
- sed "s:\$SCRIPT4:$SCRIPT4:g" -i $SCRIPT8
- chmod +x $SCRIPT8
- }
- if [ -f $SCRIPT8 ]; then
- echo "error: $SCRIPT8 already exists; requires manual installation"
- else
- create_script
- echo "installed: $SCRIPT8"
- fi
- # ---------------------------- end services-start ---------------------------- #
Add Comment
Please, Sign In to add comment
