Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- sleep 60
- ## List of all possible guest interfaces:
- GUESTS="wl0.1 wl0.2 wl0.3 wl1.1 wl1.2 wl1.3 vlan4000 vlan4001 vlan4002"
- get_ip () {
- /sbin/ifconfig $1 | /bin/sed -ne's/.*inet addr:\([^ ]*\).*$/\1/p'
- }
- LAN=$(get_ip br0) ## LAN ipaddr
- logger -s -- "$0: Determined br0 bridge address $LAN"
- TMPCONF=/tmp/dnsmasq.conf.add
- [ -e $TMPCONF ] && rm -f $TMPCONF
- ## Firewall rules for guest interfaces:
- firewall () {
- /usr/sbin/ebtables -t broute $1 BROUTING -p ipv4 -i $2 -j DROP
- /usr/sbin/ebtables -t broute $1 BROUTING -p ipv6 -i $2 -j DROP
- /usr/sbin/ebtables -t broute $1 BROUTING -p arp -i $2 -j DROP
- /usr/sbin/iptables $1 FORWARD -i $2 -j ACCEPT
- /usr/sbin/iptables $1 INPUT -i $2 -j ACCEPT
- /usr/sbin/iptables $1 FORWARD -i $2 -d $LAN/24 -j DROP
- /usr/sbin/iptables $1 INPUT -i $2 -d $LAN/24 -j DROP
- }
- IF_COUNTER=100
- GATEWAY=`ip route | grep default | sed 's/.*via //' | sed 's/ dev.*//'`
- /bin/cat <<-EOF >>$TMPCONF
- log-dhcp
- EOF
- ## Set up each guest interface in turn, skipping those that don't exist:
- for IFACE in $GUESTS ; do
- ifconfig $IFACE >/dev/null 2>&1 || continue
- IF_COUNTER=$(expr $IF_COUNTER + 1)
- logger -s -- "$0: Configuring $IFACE"
- /sbin/ifconfig $IFACE 192.168.$IF_COUNTER.1 netmask 255.255.255.0
- ## Update guest firewall rules for this interface:
- firewall -D $IFACE 2>/dev/null ## First pass: delete existing rules (if present).
- firewall -I $IFACE ## Second pass: add new rules
- ## Remove Merlin's default guest firewall rules:
- /usr/sbin/ebtables -D FORWARD -i $IFACE -j DROP 2>/dev/null
- /usr/sbin/ebtables -D FORWARD -o $IFACE -j DROP 2>/dev/null
- ## Add dnsmasq entries for this interface:
- /bin/cat <<-EOF >>$TMPCONF
- interface=$IFACE
- dhcp-range=$IFACE,192.168.$IF_COUNTER.150,192.168.$IF_COUNTER.199,255.255.255.0,8h
- dhcp-option=$IFACE,3,192.168.$IF_COUNTER.1
- dhcp-option=$IFACE,6,8.8.8.8,8.8.4.4
- dhcp-option=$IFACE,33,$GATEWAY,192.168.$IF_COUNTER.1
- dhcp-option=$IFACE,252,"\n"
- EOF
- done
- ## Replace existing config and restart dnsmasq, but only if something changed:
- DNSCONF=/jffs/configs/dnsmasq.conf.add
- new=$(cat $TMPCONF)
- old=$(cat $DNSCONF)
- if [ "$new" != "$old" ]; then
- ## Replace any existing postconf for dnsmasq:
- cat $TMPCONF > $DNSCONF
- /sbin/service restart_dnsmasq
- fi
- rm -f $TMPCONF
- exit 0
Add Comment
Please, Sign In to add comment