blob: c7e753fd4b9c5a1fc966a0a5f167e37164b78dd4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
#!/sbin/openrc-run
description="A lightweight DNS, DHCP, RA, TFTP and PXE server"
extra_commands="checkconfig"
description_checkconfig="Check configuration syntax"
extra_started_commands="reload"
description_reload="Clear cache and reload hosts files"
: ${DNSMASQ_CONFFILE:=/etc/dnsmasq.conf}
command="/usr/sbin/dnsmasq"
# Tell dnsmasq to not create pidfile, that's responsibility of init system.
command_args="-k --pid-file= $DNSMASQ_OPTS --conf-file=$DNSMASQ_CONFFILE"
command_background="yes"
pidfile="/run/${RC_SVCNAME}.pid"
leasefile=/var/lib/misc/$RC_SVCNAME.leases
if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ]; then
BRIDGE="${RC_SVCNAME#*.}"
: ${BRIDGE_ADDR:="10.0.3.1"}
: ${BRIDGE_NETMASK:="255.255.255.0"}
: ${BRIDGE_NETWORK:="10.0.3.0/24"}
: ${BRIDGE_DHCP_RANGE:="10.0.3.2,10.0.3.254"}
: ${BRIDGE_DHCP_MAX:="253"}
: ${BRIDGE_MAC:="00:16:3e:00:00:00" }
: ${DNSMASQ_LISTEN_BRIDGE_ADDR:=yes}
fi
.
depend() {
provide dns
need localmount net
after bootmisc
use logger
}
setup_firewall() {
local ins=$1 add=$2
iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 67 -j ACCEPT
iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 67 -j ACCEPT
iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 53 -j ACCEPT
iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 53 -j ACCEPT
iptables -w $ins FORWARD -i ${BRIDGE} -j ACCEPT
iptables -w $ins FORWARD -o ${BRIDGE} -j ACCEPT
iptables -w -t nat $add POSTROUTING -s ${BRIDGE_NETWORK} ! -d ${BRIDGE_NETWORK} -j MASQUERADE
iptables -w -t mangle $add POSTROUTING -o ${BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
}
setup_bridge() {
if ! [ -d /sys/class/net/$BRIDGE ]; then
ip link add dev $BRIDGE type bridge
fi
ip link set dev $BRIDGE address ${BRIDGE_MAC} && \
for ADDR in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do
case "$ADDR" in
*/*) ip addr add ${ADDR} dev $BRIDGE;;
*) ip addr add ${ADDR}/${BRIDGE_NETMASK} dev $BRIDGE;;
esac
done && ip link set dev $BRIDGE up
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/accept_dad || true
if [ -n "$BRIDGE_IPV6_ADDR" ] && [ -n "$BRIDGE_IPV6_MASK" ] && [ "$BRIDGE_IPV6_NETWORK" ]; then
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/autoconf
ip -6 addr add dev ${BRIDGE} ${BRIDGE_IPV6_ADDR}/${BRIDGE_IPV6_MASK}
if [ "$BRIDGE_IPV6_NAT" = "true" ]; then
ip6tables -w -t nat -A POSTROUTING -s ${BRIDGE_IPV6_NETWORK} ! -d ${BRIDGE_IPV6_NETWORK} -j MASQUERADE
fi
command_args="$command_args --dhcp-range=${BRIDGE_IPV6_ADDR},ra-only --listen-address ${BRIDGE_IPV6_ADDR}"
fi
}
start_pre() {
$command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \
|| $command --test || return 1
checkpath -m 0644 -o dnsmasq:dnsmasq -f $leasefile || return 1
if [ -n "$DNSMASQ_CONFFILE" ]; then
command_args="$command_args --conf-file=$DNSMASQ_CONFFILE"
fi
if [ -z "$BRIDGE" ]; then
return 0
fi
setup_bridge
if [ -z "$DISABLE_IPTABLES" ]; then
setup_firewall -I -A
fi
if yesno "$DNSMASQ_LISTEN_BRIDGE_ADDR"; then
local addr
for addr in $BRIDGE_ADDR; do
command_args="$command_args --listen-address ${addr%/*}"
done
fi
command_args="$command_args --strict-order --bind-interfaces --except-interface=lo --interface=$BRIDGE --dhcp-range $BRIDGE_DHCP_RANGE --dhcp-lease-max=$BRIDGE_DHCP_MAX --dhcp-no-override --dhcp-leasefile=$leasefile --dhcp-authoritative"
}
stop_post() {
if [ -n "$BRIDGE" ]; then
local addr
for addr in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do
case "$addr" in
*/*) ip addr del $addr dev $BRIDGE;;
*) ip addr del $addr/${BRIDGE_NETMASK} dev $BRIDGE;;
esac
done
ip link set dev $BRIDGE down
if [ -z "$DISABLE_IPTABLES" ]; then
setup_firewall -D -D
fi
# dont destroy if there are attached interfaces
ls /sys/class/net/${BRIDGE}/brif/* > /dev/null 2>&1 || ip link delete ${BRIDGE}
fi
}
reload() {
ebegin "Reloading $RC_SVCNAME"
$command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \
|| $command --test || return 1
start-stop-daemon --signal HUP --pidfile "$pidfile"
eend $?
}
checkconfig() {
ebegin "Checking $RC_SVCNAME configuration"
$command --test --conf-file=$DNSMASQ_CONFFILE
eend $?
}
|
