diff options
Diffstat (limited to 'pi-hole-ftl/pihole-FTL.initd')
-rw-r--r-- | pi-hole-ftl/pihole-FTL.initd | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/pi-hole-ftl/pihole-FTL.initd b/pi-hole-ftl/pihole-FTL.initd new file mode 100644 index 0000000..c7e753f --- /dev/null +++ b/pi-hole-ftl/pihole-FTL.initd @@ -0,0 +1,134 @@ +#!/sbin/openrc-run + +description="A lightweight DNS, DHCP, RA, TFTP and PXE server" + +extra_commands="checkconfig" +description_checkconfig="Check configuration syntax" + +extra_started_commands="reload" +description_reload="Clear cache and reload hosts files" + +: ${DNSMASQ_CONFFILE:=/etc/dnsmasq.conf} + +command="/usr/sbin/dnsmasq" +# Tell dnsmasq to not create pidfile, that's responsibility of init system. +command_args="-k --pid-file= $DNSMASQ_OPTS --conf-file=$DNSMASQ_CONFFILE" +command_background="yes" +pidfile="/run/${RC_SVCNAME}.pid" +leasefile=/var/lib/misc/$RC_SVCNAME.leases + +if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ]; then + BRIDGE="${RC_SVCNAME#*.}" + : ${BRIDGE_ADDR:="10.0.3.1"} + : ${BRIDGE_NETMASK:="255.255.255.0"} + : ${BRIDGE_NETWORK:="10.0.3.0/24"} + : ${BRIDGE_DHCP_RANGE:="10.0.3.2,10.0.3.254"} + : ${BRIDGE_DHCP_MAX:="253"} + : ${BRIDGE_MAC:="00:16:3e:00:00:00" } + : ${DNSMASQ_LISTEN_BRIDGE_ADDR:=yes} +fi +. + +depend() { + provide dns + need localmount net + after bootmisc + use logger +} + +setup_firewall() { + local ins=$1 add=$2 + iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 67 -j ACCEPT + iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 67 -j ACCEPT + iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 53 -j ACCEPT + iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 53 -j ACCEPT + iptables -w $ins FORWARD -i ${BRIDGE} -j ACCEPT + iptables -w $ins FORWARD -o ${BRIDGE} -j ACCEPT + iptables -w -t nat $add POSTROUTING -s ${BRIDGE_NETWORK} ! -d ${BRIDGE_NETWORK} -j MASQUERADE + iptables -w -t mangle $add POSTROUTING -o ${BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill +} + +setup_bridge() { + if ! [ -d /sys/class/net/$BRIDGE ]; then + ip link add dev $BRIDGE type bridge + fi + + ip link set dev $BRIDGE address ${BRIDGE_MAC} && \ + for ADDR in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do + case "$ADDR" in + */*) ip addr add ${ADDR} dev $BRIDGE;; + *) ip addr add ${ADDR}/${BRIDGE_NETMASK} dev $BRIDGE;; + esac + done && ip link set dev $BRIDGE up + + echo 1 > /proc/sys/net/ipv4/ip_forward + echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/accept_dad || true + + if [ -n "$BRIDGE_IPV6_ADDR" ] && [ -n "$BRIDGE_IPV6_MASK" ] && [ "$BRIDGE_IPV6_NETWORK" ]; then + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/autoconf + ip -6 addr add dev ${BRIDGE} ${BRIDGE_IPV6_ADDR}/${BRIDGE_IPV6_MASK} + if [ "$BRIDGE_IPV6_NAT" = "true" ]; then + ip6tables -w -t nat -A POSTROUTING -s ${BRIDGE_IPV6_NETWORK} ! -d ${BRIDGE_IPV6_NETWORK} -j MASQUERADE + fi + command_args="$command_args --dhcp-range=${BRIDGE_IPV6_ADDR},ra-only --listen-address ${BRIDGE_IPV6_ADDR}" + fi + +} + +start_pre() { + $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \ + || $command --test || return 1 + checkpath -m 0644 -o dnsmasq:dnsmasq -f $leasefile || return 1 + + if [ -n "$DNSMASQ_CONFFILE" ]; then + command_args="$command_args --conf-file=$DNSMASQ_CONFFILE" + fi + if [ -z "$BRIDGE" ]; then + return 0 + fi + + setup_bridge + if [ -z "$DISABLE_IPTABLES" ]; then + setup_firewall -I -A + fi + if yesno "$DNSMASQ_LISTEN_BRIDGE_ADDR"; then + local addr + for addr in $BRIDGE_ADDR; do + command_args="$command_args --listen-address ${addr%/*}" + done + fi + command_args="$command_args --strict-order --bind-interfaces --except-interface=lo --interface=$BRIDGE --dhcp-range $BRIDGE_DHCP_RANGE --dhcp-lease-max=$BRIDGE_DHCP_MAX --dhcp-no-override --dhcp-leasefile=$leasefile --dhcp-authoritative" +} + +stop_post() { + if [ -n "$BRIDGE" ]; then + local addr + for addr in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do + case "$addr" in + */*) ip addr del $addr dev $BRIDGE;; + *) ip addr del $addr/${BRIDGE_NETMASK} dev $BRIDGE;; + esac + done + ip link set dev $BRIDGE down + if [ -z "$DISABLE_IPTABLES" ]; then + setup_firewall -D -D + fi + # dont destroy if there are attached interfaces + ls /sys/class/net/${BRIDGE}/brif/* > /dev/null 2>&1 || ip link delete ${BRIDGE} + fi +} + +reload() { + ebegin "Reloading $RC_SVCNAME" + $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \ + || $command --test || return 1 + start-stop-daemon --signal HUP --pidfile "$pidfile" + eend $? +} + +checkconfig() { + ebegin "Checking $RC_SVCNAME configuration" + $command --test --conf-file=$DNSMASQ_CONFFILE + eend $? +} |