#! /bin/sh # default updown script # Copyright (C) 2000 D. Hugh Redelmeier, Henry Spencer # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See . # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: _updown,v 1.5 2000/03/22 17:14:50 henry Exp $ # CAUTION: Installing a new version of FreeS/WAN will install a new # copy of this script, wiping out any custom changes you make. If # you need changes, it's probably better to make a copy of this under # another name, and modify that, and use the (left/right)updown parameters # in ipsec.conf to make FreeS/WAN use yours instead of this one. # check interface version case "$PLUTO_VERSION" in 1.0) ;; *) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2 exit 2 ;; esac # check parameter(s) case "$*" in '') ;; ipfwadm) # caused by (left/right)firewall=yes ;; *) echo "$0: unknown parameter \`$1'" >&2 exit 2 ;; esac # utility functions for route manipulation # Meddling with this stuff should never be necessary and is most unwise. uproute() { route add -net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK \ dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP } downroute() { route del -net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK \ dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP } # the big choice case "$PLUTO_VERB:$1" in prepare-host:*|prepare-client:*) # delete possibly-existing route (preliminary to adding a route) oops="`route del -net $PLUTO_PEER_CLIENT_NET \ netmask $PLUTO_PEER_CLIENT_MASK 2>&1`" status="$?" if test " $oops" = " " -a " $status" != " 0" then oops="silent error in route command, exit status $status" fi case "$oops" in 'SIOCDELRT: No such process') # This is what route (currently -- not documented!) gives # for "could not find such a route". status=0 ;; esac exit $status ;; route-host:*|route-client:*) # connection to this host or client being routed uproute ;; unroute-host:*|unroute-client:*) # connection to this host or client being unrouted downroute ;; up-host:*) # connection to this host coming up ;; down-host:*) # connection to this host going down ;; up-client:) # connection to client subnet coming up ;; down-client:) # connection to client subnet going down ;; up-client:ipfwadm) # connection to client subnet, through forwarding firewall, coming up # beware: read the CAUTION comment up at the top before changing this ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; down-client:ipfwadm) # connection to client subnet, through forwarding firewall, going down # beware: read the CAUTION comment up at the top before changing this ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 exit 1 ;; esac