]>
Commit | Line | Data |
---|---|---|
12de71be | 1 | #!/bin/sh |
7742e157 AF |
2 | # |
3 | # network Bring up/down networking | |
4 | # | |
12de71be | 5 | # chkconfig: 2345 10 90 |
7742e157 AF |
6 | # description: Activates/Deactivates all network interfaces configured to \ |
7 | # start at boot time. | |
8 | # probe: true | |
9 | ||
10 | # Source function library. | |
11 | . /etc/rc.d/init.d/functions | |
12 | ||
13 | if [ ! -f /etc/sysconfig/network ]; then | |
45e88cd0 | 14 | NETWORKING="no" |
15 | exit 0 | |
7742e157 AF |
16 | fi |
17 | ||
18 | . /etc/sysconfig/network | |
19 | ||
45e88cd0 | 20 | if [ "${NETWORKING}" = "" ]; then |
21 | NETWORKING="no" | |
22 | fi | |
23 | ||
7742e157 AF |
24 | if [ -f /etc/sysconfig/pcmcia ]; then |
25 | . /etc/sysconfig/pcmcia | |
26 | fi | |
27 | ||
28 | if [ -f /etc/sysconfig/network-ip6 ]; then | |
12de71be | 29 | . /etc/sysconfig/network-ip6 |
7742e157 AF |
30 | fi |
31 | ||
12de71be | 32 | |
7742e157 | 33 | # Check that networking is up. |
12de71be | 34 | [ "${NETWORKING}" = "no" ] && exit 0 |
7742e157 AF |
35 | |
36 | [ -x /sbin/ifconfig ] || exit 0 | |
37 | ||
38 | # Load IPv6 module | |
6e968d25 | 39 | if [ "${IPV6NETWORKING}" = "yes" ]; then |
12de71be | 40 | if [ -r /lib/modules/`uname -r`/ipv6/ipv6.o ]; then |
41 | /sbin/modprobe net-pf-10 | |
42 | fi | |
7742e157 AF |
43 | fi |
44 | ||
45 | # Even if IPX is configured, without the utilities we can't do much | |
46 | [ ! -x /usr/bin/ipx_internal_net -o ! -x /usr/bin/ipx_configure ] && IPX= | |
47 | ||
6e968d25 | 48 | cd /etc/sysconfig/interfaces |
7742e157 AF |
49 | |
50 | # find all the interfaces besides loopback. | |
51 | # ignore aliases, alternative configurations, and editor backup files | |
6e968d25 | 52 | interfaces=`ls -1 | egrep -v ':' | egrep -v '^(lo|data)$' | egrep '[a-z0-9]+$'` |
7742e157 AF |
53 | |
54 | ipv4_forward_set () | |
55 | { | |
56 | # Turn IP forwarding on or off. We do this before bringing up the | |
57 | # interfaces to make sure we don't forward when we shouldn't, and | |
58 | # we do it even if networking isn't configured (why not?). | |
59 | if [ -d /proc/sys/net/ipv4 ]; then | |
60 | # people could have left this out of their kernel, which isn't | |
61 | # exactly an error | |
62 | if [ ! -f /proc/sys/net/ipv4/ip_forward ] ; then | |
63 | echo "/proc/sys/net/ipv4/ip_forward is missing --" \ | |
64 | "cannot control IP forwarding" >&2 | |
65 | else | |
66 | if [ "$FORWARD_IPV4" = "no" -o "$FORWARD_IPV4" = "false" ]; then | |
67 | value=0 | |
6955eb97 | 68 | message="Disabling IPv4 packet forwarding" |
7742e157 AF |
69 | else |
70 | value=1 | |
6955eb97 | 71 | message="Enabling IPv4 packet forwarding" |
7742e157 AF |
72 | fi |
73 | ||
74 | if [ $value != `cat /proc/sys/net/ipv4/ip_forward` ]; then | |
75 | show $message | |
76 | busy | |
77 | echo "$value" > /proc/sys/net/ipv4/ip_forward | |
12de71be | 78 | deltext; ok |
7742e157 AF |
79 | fi |
80 | fi | |
81 | fi | |
82 | } | |
83 | ||
12de71be | 84 | ipv4_spoofing_protection () |
85 | { | |
86 | if [ -d /proc/sys/net/ipv4 ]; then | |
87 | # people could have left this out of their kernel, which isn't | |
88 | # exactly an error | |
89 | if [ ! -f /proc/sys/net/ipv4/conf/all/rp_filter ] ; then | |
90 | echo "/proc/sys/net/ipv4/conf/all/rp_filter is missing --" \ | |
91 | "cannot control IP spoofing protection" >&2 | |
92 | else | |
93 | if [ "$SPOOFING_IPV4" = "no" -o "$SPOOFING_IPV4" = "false" ]; then | |
94 | value=0 | |
6955eb97 | 95 | message="Disabling IPv4 spoofing protection" |
12de71be | 96 | else |
97 | value=1 | |
6955eb97 | 98 | message="Enabling IPv4 spoofing protection" |
12de71be | 99 | fi |
100 | ||
101 | if [ $value != `cat /proc/sys/net/ipv4/conf/all/rp_filter` ]; then | |
102 | show $message | |
103 | busy | |
104 | for f in /proc/sys/net/ipv4/conf/*/rp_filter; do | |
105 | echo $value > $f | |
106 | done | |
107 | deltext | |
108 | ok | |
109 | fi | |
110 | fi | |
111 | fi | |
7742e157 AF |
112 | } |
113 | ||
12de71be | 114 | ipv4_icmp_echo_ignore_broadcasts () |
115 | { | |
116 | if [ -d /proc/sys/net/ipv4 ]; then | |
117 | # people could have left this out of their kernel, which isn't | |
118 | # exactly an error | |
119 | if [ ! -f /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ] ; then | |
120 | echo "/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts is missing --" \ | |
121 | "cannot control IP ignoring icmp to broadcasts" >&2 | |
122 | else | |
123 | if [ "$IGNORE_ICMP_BCAST_IPV4" = "no" -o "$IGNORE_ICMP_BCAST_IPV4" = "false" ]; then | |
124 | value=0 | |
6955eb97 | 125 | message="Disabling IPv4 ign icmp_echo to our bcasts" |
12de71be | 126 | else |
127 | value=1 | |
6955eb97 | 128 | message="Enabling IPv4 ign icmp_echo to our bcasts" |
12de71be | 129 | fi |
130 | ||
131 | if [ $value != `cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts` ]; then | |
132 | show $message | |
133 | busy | |
134 | echo "$value" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts | |
135 | deltext | |
136 | ok | |
137 | fi | |
138 | fi | |
139 | fi | |
140 | } | |
141 | ||
7742e157 AF |
142 | # See how we were called. |
143 | case "$1" in | |
144 | start) | |
145 | ipv4_forward_set | |
12de71be | 146 | ipv4_icmp_echo_ignore_broadcasts |
7742e157 | 147 | |
6e968d25 | 148 | /sbin/ifup lo |
7742e157 AF |
149 | |
150 | case "$IPX" in | |
151 | yes|true) | |
152 | /usr/bin/ipx_configure --auto_primary=$IPXAUTOPRIMARY \ | |
153 | --auto_interface=$IPXAUTOFRAME | |
154 | /usr/bin/ipx_internal_net add $IPXINTERNALNETNUM $IPXINTERNALNODENUM | |
155 | ;; | |
156 | esac | |
157 | ||
158 | for i in $interfaces; do | |
6e968d25 | 159 | [ -f $i ] && /sbin/ifup $i boot |
7742e157 AF |
160 | done |
161 | ||
12de71be | 162 | ipv4_spoofing_protection |
7742e157 AF |
163 | |
164 | touch /var/lock/subsys/network | |
165 | ;; | |
166 | stop) | |
12de71be | 167 | SPOOFING_IPV4=no |
168 | ipv4_spoofing_protection | |
169 | ||
7742e157 | 170 | for i in $interfaces; do |
6e968d25 | 171 | [ -f $i ] && /sbin/ifdown $i boot |
7742e157 AF |
172 | done |
173 | case "$IPX" in | |
174 | yes|true) | |
175 | /usr/bin/ipx_internal_net del | |
176 | ;; | |
177 | esac | |
6e968d25 | 178 | /sbin/ifdown lo |
6955eb97 | 179 | show "Disabling IPv4 packet forwarding" |
12de71be | 180 | busy |
7742e157 | 181 | echo 0 > /proc/sys/net/ipv4/ip_forward |
12de71be | 182 | deltext; ok |
183 | ||
184 | IGNORE_ICMP_BCAST_IPV4=no | |
185 | ipv4_icmp_echo_ignore_broadcasts | |
186 | ||
7742e157 AF |
187 | rm -f /var/lock/subsys/network |
188 | ;; | |
189 | status) | |
190 | echo "Configured devices:" | |
191 | echo lo $interfaces | |
192 | ||
12de71be | 193 | echo "Currently active devices:" |
194 | echo `/sbin/ifconfig | grep ^[a-z] | awk '{print $1}'` | |
7742e157 AF |
195 | ;; |
196 | restart) | |
197 | $0 stop | |
198 | $0 start | |
199 | ;; | |
7742e157 | 200 | *) |
12de71be | 201 | echo "Usage: network {start|stop|restart|status}" |
7742e157 AF |
202 | exit 1 |
203 | esac | |
204 | ||
205 | exit 0 |