(cd src; make CFLAGS="$(CFLAGS)")
install:
- mkdir -p $(ROOT)/etc/profile.d $(ROOT)/sbin/network-scripts $(ROOT)/etc/sysconfig/interfaces
+ install -d $(ROOT)/etc/profile.d $(ROOT)/sbin/network-scripts
+ install -d $(ROOT)/etc/sysconfig/{interfaces,ipchains.d}
install -m644 inittab $(ROOT)/etc
install -m644 adjtime $(ROOT)/etc
install -m644 inputrc $(ROOT)/etc
(cd src; make install ROOT=$(ROOT))
mkdir -p $(ROOT)/var/run/netreport
chmod og=rwx,o=rx $(ROOT)/var/run/netreport
+
+ install -m644 sysconfig/ipchains $(ROOT)/etc/sysconfig
+ cp -af sysconfig/ipchains.d $(ROOT)/etc/sysconfig
tag-archive:
@cvs -Q tag -F $(CVSTAG)
--- /dev/null
+
+Files in /sbin/network-scripts/
+========================================
+
+/sbin/network-scripts/ifup:
+/sbin/network-scripts/ifdown:
+
+ Symlinks to /sbin/ifup and /sbin/ifdown, respectively.
+ These are the only two scripts "in" this directory that should
+ be called directly; these two scripts call all the other
+ scripts as needed. These symlinks are here for legacy purposes
+ only -- they'll will probably be removed in future versions, so
+ only /sbin/ifup and /sbin/ifdown should currently be used.
+
+ These scripts take one argument normally: the name of the device
+ (e.g. eth0). They are called with a second argument of "boot"
+ during the boot sequence so that devices that are not meant to
+ be brought up on boot (ONBOOT=no, see below) can be ignored at
+ that time.
+
+/sbin/network-scripts/network-functions:
+
+ Not really a public file. Contains functions which the scripts use
+ for bringing interfaces up and down. In particular, it contains
+ most of the code for handling alternative interface configurations
+ and interface change notification through netreport.
+
+/sbin/network-scripts/ifup-post
+
+ Called when any network device EXCEPT a SLIP device comes
+ up. Calls /sbin/network-scripts/ifup-routes to
+ bring up static routes that depend on that device. Calls
+ /sbin/network-scripts/ifup-aliases to bring up
+ aliases for that device. Sets the hostname if it is not
+ already set and a hostname can be found for the IP for that
+ device. Sends SIGIO to any programs that have requested
+ notification of network events.
+
+ Could be extended to fix up nameservice configuration, call
+ arbitrary scripts, etc, as needed.
+
+/sbin/network-scripts/ifup-routes
+
+ Set up static routes for a device.
+
+/sbin/network-scripts/ifup-aliases
+
+ Bring up aliases for a device.
+
+/sbin/network-scripts/ifdhcpc-done
+
+ Called by dhcpcd once dhcp configuration is complete; sets
+ up /etc/resolv.conf from the version dhcpcd dropped in
+ /etc/dhcpc/resolv.conf
+
+Files in /etc/sysconfig/interfaces/
+========================================
+
+/etc/sysconfig/interfaces/<interface-name> and
+/etc/sysconfig/interfaces/<interface-name>-<clone-name>:
+
+ The first defines an interface, and the second contains
+ only the parts of the definition that are different in a
+ "clone" (or alternative) interface. For example, the
+ network numbers might be different, but everything else
+ might be the same, so only the network numbers would be
+ in the clone file, but all the device information would
+ be in the base ifcfg file.
+
+ The items that can be defined in an ifcfg file depend on the
+ interface type. The really obvious ones I'm not going to
+ bother to define; you can figure out what "IPADDR" is, I
+ think... :-)
+
+ Base items:
+ DEVICE=<name of physical device (except dynamically-allocated PPP
+ devices where it is the "logical name")
+ IPADDR=
+ IPV6ADDRS=<blank separated list of ipv6 addresses>
+ NETMASK=
+ GATEWAY=
+ ONBOOT=yes|no
+ USERCTL=yes|no
+ BOOTPROTO=none|bootp|dhcp
+
+ If BOOTPROTO is not "none", then the only other item that
+ must be set is the DEVICE item; all the rest will be determined
+ by the boot protocol. No "dummy" entries need to be created.
+
+ Base items being deprecated:
+ NETWORK=<will be calculated automatically with ifcalc>
+ BROADCAST=<will be calculated automatically with ifcalc>
+
+ Ethernet-only items:
+ {IPXNETNUM,IPXPRIMARY,IPXACTIVE}_{802_2,802_3,ETHERII,SNAP}
+ configuration matrix for IPX. Only used if IPX is active.
+ Managed from /etc/sysconfig/network-scripts/ifup-ipx
+
+ PPP/SLIP items:
+ PERSIST=yes|no
+ MODEMPORT=<device, say /dev/modem>
+ LINESPEED=<speed, say 115200>
+ DEFABORT=yes|no (tells netcfg whether or not to put default
+ abort strings in when creating/editing the chat script and/or
+ dip script for this interface)
+
+ PPP-specific items
+ DEFROUTE=yes|no (set this interface as default route?)
+ ESCAPECHARS=yes|no (simplified interface here doesn't let people
+ specify which characters to escape; almost everyone can use
+ asyncmap 00000000 anyway, and they can set PPPOPTIONS to
+ asyncmap foobar if they want to set options perfectly)
+ HARDFLOWCTL=yes|no (yes imples "modem crtscts" options)
+ PPPOPTIONS=<arbitrary option string; is placed last on the
+ command line, so it can override other options like asyncmap
+ that were specified differently>
+ PAPNAME=<"name $PAPNAME" on pppd command line> (note that
+ the "remotename" option is always specified as the logical
+ ppp device name, like "ppp0" (which might perhaps be the
+ physical device ppp1 if some other ppp device was brought
+ up earlier...), which makes it easy to manage pap/chap
+ files -- name/password pairs are associated with the
+ logical ppp device name so that they can be managed
+ together.
+
+ In principal, I'm not aware of anything that would keep
+ the logical PPP device names from being "worldnet" or
+ "myISP" instead of ppp0-pppN)
+ REMIP=<remote ip address, normally unspecified>
+ MTU=
+ MRU=
+ DISCONNECTTIMEOUT=<number of seconds, default currently 5>
+ (time to wait before re-establishing the connection after
+ a successfully-connected session terminates before attempting
+ to establish a new connection.)
+ RETRYTIMEOUT=<number of seconds, default currently 60>
+ (time to wait before re-attempting to establish a connection
+ after a previous attempt fails.)
+ INITSCRIPT=<modem command>
+ string which initialises your modem. Usualy something like
+ AT&F0&C1&D2
+ (PLD rc-scripts specific option)
+ DATAFORCHAT=<list of variables>
+ List of variables which should be exported to chat script.
+ Used mostly for passing USERNAME and PASSWORD into it. (see below)
+ (PLD rc-scripts specific option)
+ <anything>=<anything>
+ Variable name and it's value for use by chat script.
+ Note: You don't have to define variables here, if they are defined
+ in parent process enviroment they will be used.
+ in.ex. USERNAME usualy is.
+
+ IPIP/GRE/SIT tunnel-specific items
+ REMOTEIP=<ip_addres>
+ address of the remote end of tunnel
+ LOCALIP=<ip_addres>
+ address of the local end of tunnel
+
+
+
+/etc/sysconfig/interfaces/<interface-name>-<anything>!:
+
+ Template or backup file. This will not be interpreted
+ by net-scripts.
+
+/etc/sysconfig/interfaces/data/chat-<interface-name>:
+
+ chat script for PPP or SLIP connection intended to establish
+ the connection. For SLIP devices, a DIP script is written
+ from the chat script; for PPP devices, the chat script is used
+ directly.
+ In PLD version of rc-scripts, this file is parsed by shell
+ (actually by grep in firstplace to get rid of comments) before it
+ is passed to chat.
+ This allows you to substitute shell variables with their values
+ defined in <interface name> or more generally in current env.
+ If You wonder about purbose, imagine one chat-script for all links
+ at ISP's border router or computer in home where all users have own IPS's
+ accounts and want to pay only for themselfes.
+ Unfortunetly this parsing have impact on chat script syntax.
+ All characters that have special meaning for shell have to be escaped.
+
+
+/etc/sysconfig/interfaces/data/dip-<interface-name>
+
+ A write-only script created from the chat script by netcfg.
+ Do not modify this. In the future, this file may disappear
+ by default and created on-the-fly from the chat script if
+ it does not exist.
Summary(pl): inittab i skrypty startowe z katalogu /etc/rc.d
Summary(tr): inittab ve /etc/rc.d dosyalarý
Name: rc-scripts
-Version: 0.0.3
+Version: 0.0.4
Copyright: GPL
Group: Base
Group(pl): Bazowe
%description -n net-scripts
Scripts that activate and deactivate most network interfaces.
-%description -n net-scripts
+%description -l pl -n net-scripts
Skrypty s³u¿±ce do aktywacji i deaktywacji interfejsów sieciowych
+%package -n ipchains-setup
+Summary: firewall chains setup script
+Summary(pl): skrypty konfiguruj±cy regu³y filtrowania pakietów IP
+Group: Base
+Group(pl): Bazowe
+Requires: rc-scripts = %{version}
+Requires: ipchains
+Prereq: /sbin/chkconfig
+
+%description -n ipchains-setup
+Script making IP firewall rules setup easier
+
+%description -l pl -n ipchains-setup
+Skrypt u³atwiaj±cy konfigurowanie regu³ filtracji pakietów IP
+
%prep
%setup -q
/sbin/chkconfig --del network
fi
+%post -n ipchains-setup
+/sbin/chkconfig --add ipchains
+
+%preun -n ipchains-setup
+if [ "$1" = "0" ]; then
+ /sbin/chkconfig --del ipchains
+fi
+
%files
%defattr(644,root,root,754)
%doc sysconfig.txt.gz
/usr/man/man1/doexec.1.gz
%files -n net-scripts
+%defattr(644,root,root,754)
%doc /etc/sysconfig/interfaces/*-template!
%doc /etc/sysconfig/interfaces/data/chat-ppp*
%doc net-scripts.txt.gz
/usr/man/man1/usernetctl.1.gz
/usr/man/man1/ipcalc.1.gz
+%files -n ipchains-setup
+%defattr(644,root,root,754)
+%doc ipchains-setup.txt.gz
+%attr(754,root,root) /etc/rc.d/init.d/ipchains
+%attr(755,root,root) %dir /etc/sysconfig/ipchains.d/
+%attr(755,root,root) %dir /etc/sysconfig/interfaces/data
+%attr(755,root,root) %config(noreplace) %verify(not size mtime md5) /etc/sysconfig/ipchains.d/*
+%attr(644,root,root) %config(noreplace) %verify(not size mtime md5) /etc/sysconfig/ipchains
+
%changelog
+* Wed Apr 28 1999 Jacek Konieczny <jajcus@zeus.polsl.gliwice.pl>
+ [0.0.4-1]
+- added ipchains-setup
+
* Thu Apr 22 1999 Jacek Konieczny <jajcus@zeus.polsl.gliwice.pl>
[0.0.3-1]
- split into two packages: rc-scripts & net-scripts
# functions This file contains functions to be used by most or all
# shell scripts in the /etc/init.d directory.
#
-# Version: @(#) /etc/init.d/functions $Revision: 1.5 $ $Date: 1999/06/14 20:44:32 $
+# Version: @(#) /etc/init.d/functions $Revision: 1.6 $ $Date: 1999/06/14 21:05:09 $
#
# Author: Miquel van Smoorenburg, <miquels@drinkel.nl.mugnet.org>
# Hacked by: Greg Galloway and Marc Ewing
--- /dev/null
+#!/bin/sh
+#
+# ipchains Sets ipchains up
+#
+# chkconfig: 2345 09 91
+# description: ipchains is used to set up, maintain, and inspect the IP \
+# firewall rules in the Linux kernel. These rules can be \
+# divided into 4 different categories: the IP input chain, \
+# the IP output chain, the IP forwarding chain, and user \
+# defined chains
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+
+add_rule () {
+
+ # is this a comment or an empty line?
+ if [ -n "$2" ] && echo "$2" | egrep -v "^[#;]" >/dev/null ; then
+
+ # eval allows use of shell substitutions in rules
+ eval ipchains -A '"$1"' $2 >> $ERRFILE || return 1
+ fi
+ return 0
+}
+
+add_chain () {
+
+ # create new or flush existing chain
+ ipchains -N "$1" 2>/dev/null || ipchains -F "$1" 2>>$ERRFILE || ERROR=yes
+ {
+ LINENO=0
+ while read LINE ; do
+ add_rule "$1" "$LINE" $LINENO 2>>$ERRFILE || {
+ echo "Bad line $LINENO of /etc/sysconfig/ipchains.d/$1" >> $ERRFILE
+ ERROR=yes
+ }
+ LINENO=`expr $LINENO + 1`
+ done
+ } < "$1"
+}
+
+[ -x /sbin/ipchains ] || exit 1
+[ -d /etc/sysconfig/ipchains.d ] || exit 1
+
+[ -f /etc/sysconfig/ipchains ] && . /etc/sysconfig/ipchains
+
+
+ERRFILE=/tmp/ipchains-init.$$
+rm -f $ERRFILE
+touch $ERRFILE || exit 1
+ERROR=no
+
+# See how we were called.
+case "$1" in
+ start)
+ show "Setting up IPchains"
+ busy
+ [ -n "$INPUT_POLICY" ] && ipchains -P input $INPUT_POLICY
+ [ -n "$OUTPUT_POLICY" ] && ipchains -P input $OUTPUT_POLICY
+ [ -n "$FORWARD_POLICY" ] && ipchains -P input $FORWARD_POLICY
+
+ cd /etc/sysconfig/ipchains.d
+ for l in * ; do
+ [ -f "$l" ] && add_chain "$l"
+ done
+
+ if [ "$ERROR" != "no" ] ; then
+ deltext ; fail
+ cat $ERRFILE
+ rm -f $ERRFILE
+ exit 1
+ fi
+
+ deltext ; ok ;
+ touch /var/lock/subsys/ipchains
+ ;;
+ stop)
+ show "Clearing IPchains"
+ busy
+
+ # back to the default
+ ipchains -P input ACCEPT
+ ipchains -P input ACCEPT
+ ipchains -P input ACCEPT
+
+ cd /etc/sysconfig/ipchains.d
+ for l in * ; do
+ [ -f "$l" ] && ipchains -F "$l"
+ done
+ for l in * ; do
+ [ -f "$l" ] && ipchains -X "$l" 2>/dev/null
+ done
+
+ deltext ; ok ;
+ rm -f /var/lock/subsys/ipchains
+ ;;
+
+ status)
+ ipchains -L
+ ;;
+
+ restart)
+ $0 stop
+ $0 start
+ ;;
+
+ *)
+ echo "Usage: ipchains {start|stop|status|restart}"
+ rm -f $ERRFILE
+ exit 1
+esac
+
+rm -f $ERRFILE
+
+exit 0
[ -x /sbin/ifconfig ] || exit 0
# Load IPv6 module
-if [ "${IP6NETWORKING}" = "yes" ]; then
+if [ "${IPV6NETWORKING}" = "yes" ]; then
if [ -r /lib/modules/`uname -r`/ipv6/ipv6.o ]; then
/sbin/modprobe net-pf-10
fi
# Even if IPX is configured, without the utilities we can't do much
[ ! -x /usr/bin/ipx_internal_net -o ! -x /usr/bin/ipx_configure ] && IPX=
-cd /etc/sysconfig/network-scripts
+cd /etc/sysconfig/interfaces
# find all the interfaces besides loopback.
# ignore aliases, alternative configurations, and editor backup files
-interfaces=`ls ifcfg* | egrep -v '(ifcfg-lo|:)' | egrep 'ifcfg-[a-z0-9]+$' | \
- sed 's/^ifcfg-//g'`
+interfaces=`ls -1 | egrep -v ':' | egrep -v '^(lo|data)$' | egrep '[a-z0-9]+$'`
ipv4_forward_set ()
{
ipv4_forward_set
ipv4_icmp_echo_ignore_broadcasts
- ./ifup ifcfg-lo
+ /sbin/ifup lo
case "$IPX" in
yes|true)
esac
for i in $interfaces; do
- ./ifup $i boot
+ [ -f $i ] && /sbin/ifup $i boot
done
ipv4_spoofing_protection
ipv4_spoofing_protection
for i in $interfaces; do
- ./ifdown $i boot
+ [ -f $i ] && /sbin/ifdown $i boot
done
case "$IPX" in
yes|true)
/usr/bin/ipx_internal_net del
;;
esac
- ./ifdown ifcfg-lo
+ /sbin/ifdown lo
show "Disabling IPv4 packet forwarding"
busy
echo 0 > /proc/sys/net/ipv4/ip_forward
--- /dev/null
+#!/bin/sh
+
+. /etc/sysconfig/system
+
+# This script chnges on start up permission on /dev/hd? depending
+# IDE devices media type.
+
+if [ "$DO_AUTO_SETUP_MEDIA" = "yes" ]; then
+ for i in `(cd /dev; ls -a hd?)`; do
+ if [ -f /proc/ide/$i/media -a `cat /proc/ide/$i/media` = "cdrom" ];
+ then
+ # if deveice is cdrom change permission to allow read for
+ # all
+ chmod 664 /dev/$i
+ else
+ chmod 660 /dev/$i
+ fi
+ done
+fi
\ No newline at end of file
fi
fi
+# setup media type dependent parameters
+if [ -f /etc/rc.d/rc.media ]; then
+ . /etc/rc.d/rc.media
+fi
+
# Remount the root filesystem read-write.
echo "Remounting root filesystem in read-write mode."
mount -n -o remount,rw /
--- /dev/null
+# default policies for input, output and forward chains
+
+INPUT_POLICY=ACCEPT
+OUTPUT_POLICY=ACCEPT
+FORWARD_POLICY=ACCEPT
--- /dev/null
+PROTOCOL={ipv4|ipv6|ipx}
+
+if PROTOCOL=ipv4; then
+
+ [ ALIAS={no|yes} ]
+ if ALIAS=yes then
+ DEVICE=<real device name>:<aliasnumber>
+ else
+ DEVICE=<name>
+ [ BOOTPROTO={none|bootp|dhcp} ]
+ fi
+ ADDR=<IPv4 addres>
+ [ NETMASK= ]
+ [ NETWORK= ]
+ [ BROADCAST= ]
+ [ ONBOOT={no|yes} ]
+ [ MULTICAST={|no|yes} ]
+
+elif PROTOCOL=ipv6; then
+
+ DEVICE=<name>
+ ADDR=<IPv6 addres>/<prefix len>
+ [ ADDR=<IPv6 addres>/<prefix len>
+ ...
+ ADDR=STOP ]
+ [ ONBOOT={no|yes} ]
+ [ MULTICAST={|no|yes} ]
+
+elif PROTOCOL=ipx
+
+ DEVICE=<name>
+ FRAMETYPE={802_2|802_3|ETHERII|SNAP}
+ NETNUM=
+ [ ONBOOT={no|yes} ]
+ [ PRIMARY={no|yes} ]
+
+fi
+
+[ MTU= ]
+[ METRIC= ]
+
+if DEVICE=eth* ; then
+
+ [ MEDIA={auto|10baseT|10base2|AUI} ]
+ [ MAC=<hw addres> ]
+
+elif DEVICE=ppp* || DEVICE=slip* ; then
+
+ PERSIST=yes|no
+ MODEMPORT=<device, say /dev/modem>
+ LINESPEED=<speed, say 115200>
+ DEFABORT=yes|no
+
+ if DEVICE=ppp* ; then
+
+ DEFROUTE=yes|no
+ ESCAPECHARS=yes|no
+ HARDFLOWCTL=yes|no (yes imples "modem crtscts" options)
+ PPPOPTIONS=<arbitrary option string>
+ PAPNAME=<"name $PAPNAME" on pppd command line>
+ REMIP=<remote ip address, normally unspecified>
+ MRU=
+ DISCONNECTTIMEOUT=<number of seconds, default currently 5>
+ RETRYTIMEOUT=<number of seconds, default currently 60>
+ INITSCRIPT=<modem command>
+ DATAFORCHAT=<list of variables>
+ <anything>=<anything> (for chat script)
+
+ fi
+fi
+
+###########
# $RUN_SULOGIN_ON_ERR - if "yes" this cause run on any errors sulogin instead
# shell
+
RUN_SULOGIN_ON_ERR=yes
+
+###########
+# $DO_AUTO_SETUP_MEDIA - if "yes" perform automated setting up permission on
+# /dev/hd? devices (664 on cdrom, 660 on disk) and
+# prepare /etc/fstab for allow mount/umout for all
+# normal users
+
+DO_AUTO_SETUP_MEDIA=yes