/ Markus Amersdorfer:home / university / about:me /
\ Say NO to Software-Patents! \


/ comp / ipchains / how to use it... / the calling scripts /

to be always online, install the script /etc/ppp/ip-down.d/99-max_always-online:

  #!/bin/sh

  # /etc/ppp/ip-down.d/99-max_always-online:
  #
  # this script immediately re-dials the connection after it has been torn down.

  # If pppconfig or isdnctrl have been removed we are not supposed to do anything.
  test -f /usr/sbin/pppconfig || exit 1
  test -f /usr/sbin/isdnctrl || exit 1

  /usr/sbin/isdnctrl dial ippp0

i modified /etc/ppp/ip-up.d/00-ipppd in order to call the script inet_chains correctly:

  #!/bin/sh
  #/etc/ppp/ip-up.d/00-ipppd
  
  ####################################################################
  # max -- 02-01-27
  # call linux-user's inet_chains from this file to SET UP ipchains
  #
  # the script /etc/ppp/ip-up was called with the following arguments:
  #    Arg  Name                          Example
  #    $1   Interface name                ppp0
  #    $2   The tty                       ttyS1
  #    $3   The link speed                38400
  #    $4   Local IP number               12.34.56.78
  #    $5   Peer  IP number               12.34.56.99
  #    $6   Optional ``ipparam'' value    foo
  #
  #
  # and made them accessible through an export of the following varialbes:
  # (these variables are for the use of the scripts run by run-parts,
  # such as this one)
  #
  # PPP_IFACE="$1"
  # PPP_TTY="$2"
  # PPP_SPEED="$3"
  # PPP_LOCAL="$4"
  # PPP_REMOTE="$5"
  # PPP_IPPARAM="$6"
  #
  # call linux-user's inet_chains below with the following command:
  # /etc/ppp/inet_chains up $PPP_IFACE a-device_not-needed $PPP_SPEED $PPP_LOCAL $PPP_REMOTE
  #
  ####################################################################
  
  
  # example /etc/ppp/ip-up.d script for use with ipppd and dynamic IP numbers.
  # Edit / add to the entries to suit the requirements of the interface.
  
  # Use the network to enable the IP dynamic hack to reset old connections
  # (otherwise the RST-provoking packet can't get out).
  # For a smaller set of dynamic numbers:
  # PPP_NET=`echo $PPP_LOCAL | sed 's,\.[0-9]*$,.0/24,'`
  # in case your ISP has a large pool of dynamic numbers (should be OK):
  PPP_NET=`echo $PPP_LOCAL | sed 's,\.[0-9]*\.[0-9]*$,.0.0/16,'`
  
  case "$PPP_IFACE" in
      ippp0)  route del default
          route add default netmask 0 $PPP_IFACE  # usually necessary
  
          # max -- set up ipchains:
          /etc/ppp/inet_chains up $PPP_IFACE a-device_not-needed $PPP_SPEED $PPP_LOCAL $PPP_REMOTE
          # log it:
          /bin/echo "`date` -- UP -- $PPP_LOCAL" >> /ISDN-LOG.txt
  
          ###########################################################
          # debian-defaults:
          #
          # The next lines are for firewalling.
          # See comments in /etc/isdn/device.* about firewalling!
          #ipchains -D input -j DENY   -i $PPP_IFACE 2>/dev/null
          #ipchains -A input -j ACCEPT -i $PPP_IFACE -p TCP  -d $PPP_NET 1000:
          #ipchains -A input -j ACCEPT -i $PPP_IFACE -p TCP  -d $PPP_NET ssh
          #ipchains -A input -j ACCEPT -i $PPP_IFACE -p TCP  -d $PPP_NET smtp
          #ipchains -A input -j ACCEPT -i $PPP_IFACE -p TCP  -d $PPP_NET ident
          #ipchains -A input -j ACCEPT -i $PPP_IFACE -p UDP  -d $PPP_NET 1024:
          #ipchains -A input -j ACCEPT -i $PPP_IFACE -p ICMP -d $PPP_NET
          #ipchains -A input -j DENY   -i $PPP_IFACE
          ###########################################################
          ;;
      # add more ipppX cases if you need them...
  esac

in order delete the chains after isdn has hang up, the script /etc/ppp/ip-down.d/99-ipppd looks like the following:

  #!/bin/sh
  #/etc/ppp/ip-down.d/99-ipppd

  ####################################################################
  # max -- 02-01-27
  # call linux-user's inet_chains from this file to DELETE ipchains
  #
  # the script /etc/ppp/ip-up was called with the following arguments:
  #    Arg  Name                          Example
  #    $1   Interface name                ppp0
  #    $2   The tty                       ttyS1
  #    $3   The link speed                38400
  #    $4   Local IP number               12.34.56.78
  #    $5   Peer  IP number               12.34.56.99
  #    $6   Optional ``ipparam'' value    foo
  #
  #
  # and made them accessible through an export of the following varialbes:
  # (these variables are for the use of the scripts run by run-parts,
  # such as this one)
  #
  # PPP_IFACE="$1"
  # PPP_TTY="$2"
  # PPP_SPEED="$3"
  # PPP_LOCAL="$4"
  # PPP_REMOTE="$5"
  # PPP_IPPARAM="$6"
  #
  # call linux-user's inet_chains below with the following command:
  # /etc/ppp/inet_chains down $PPP_IFACE a-device_not-needed $PPP_SPEED $PPP_LOCAL $PPP_REMOTE
  #
  ####################################################################

  # example /etc/ppp/ip-down.d script for use with ipppd and dynamic IP numbers.
  # Edit / add to the entries to suit the requirements of the interface.

  # Use the network to enable the IP dynamic hack to reset old connections.
  # For a smaller set of dynamic numbers:
  # PPP_NET=`echo $PPP_LOCAL | sed 's,\.[0-9]*$,.0/24,'`
  # in case your ISP has a large pool of dynamic numbers (should be OK):
  PPP_NET=`echo $PPP_LOCAL | sed 's,\.[0-9]*\.[0-9]*$,.0.0/16,'`
  
  case "$PPP_IFACE" in
        ippp0)  route del default
                route add default netmask 0 $PPP_IFACE  # usually necessary
                
                # max -- set up ipchains:
                /etc/ppp/inet_chains down $PPP_IFACE a-device_not-needed $PPP_SPEED $PPP_LOCAL $PPP_REMOTE
                # log it:
                /bin/echo "`date` -- DOWN -- $PPP_LOCAL" >> /ISDN-LOG.txt

                ###########################################################
                # debian-defaults:
                #
                # The next lines are for firewalling.
                # See comments in /etc/isdn/device.* about firewalling!
                #ipchains -D input -j ACCEPT -i $PPP_IFACE -p TCP  -d $PPP_NET 1000:
                #ipchains -D input -j ACCEPT -i $PPP_IFACE -p TCP  -d $PPP_NET ssh
                #ipchains -D input -j ACCEPT -i $PPP_IFACE -p TCP  -d $PPP_NET smtp
                #ipchains -D input -j ACCEPT -i $PPP_IFACE -p TCP  -d $PPP_NET ident
                #ipchains -D input -j ACCEPT -i $PPP_IFACE -p UDP  -d $PPP_NET 1024:
                #ipchains -D input -j ACCEPT -i $PPP_IFACE -p ICMP -d $PPP_NET
                #ipchains -D input -j DENY   -i $PPP_IFACE
                ;;
      # add more ipppX cases if you need them...
  esac

Valid HTML 4.01! Valid CSS! Created with Vim [Blue Ribbon Campaign icon]
© Markus Amersdorfer
last modified: Tuesday, 23-Feb-2010 15:42:09 UTC