diff --git a/root/etc/firewall.sh b/root/etc/firewall.sh deleted file mode 100755 index 805aa3f040..0000000000 --- a/root/etc/firewall.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -IPT=/usr/sbin/iptables - -for T in filter nat mangle ; do - $IPT -t $T -F - $IPT -t $T -X -done - -$IPT -t filter -A INPUT -m state --state INVALID -j DROP -$IPT -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -$IPT -t filter -A INPUT -p icmp -j ACCEPT -$IPT -t filter -A INPUT -i vlan1 -p tcp -j REJECT --reject-with tcp-reset -$IPT -t filter -A INPUT -i vlan1 -j REJECT --reject-with icmp-port-unreachable -$IPT -t filter -A FORWARD -m state --state INVALID -j DROP -$IPT -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -$IPT -t filter -A FORWARD -i vlan1 -m state --state NEW,INVALID -j DROP - -$IPT -t nat -A POSTROUTING -o vlan1 -j MASQUERADE - -echo "1" >/proc/sys/net/ipv4/ip_forward -echo "1" >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -echo "1" >/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -echo "30" >/proc/sys/net/ipv4/tcp_fin_timeout -echo "120" >/proc/sys/net/ipv4/tcp_keepalive_time -echo "0" >/proc/sys/net/ipv4/tcp_timestamps diff --git a/root/etc/init.d/S10boot b/root/etc/init.d/S10boot new file mode 100755 index 0000000000..6a8cc6c56d --- /dev/null +++ b/root/etc/init.d/S10boot @@ -0,0 +1,21 @@ +#!/bin/sh +sysctl -p + +insmod diag +echo "0x01" > /proc/sys/diag + +# networking stub +insmod et +insmod wl + +ifconfig lo 127.0.0.1 up +ifconfig eth0 promisc + +HOSTNAME=$(nvram get wan_hostname) +DOMAINNAME=${HOSTNAME##*.} +HOSTNAME=${HOSTNAME%%.*} + +echo ${HOSTNAME:=OpenWrt} > /proc/sys/kernel/hostname +echo ${DOMAINNAME:=lan} > /proc/sys/kernel/domainname + +vconfig set_name_type VLAN_PLUS_VID_NO_PAD diff --git a/root/etc/init.d/S40network b/root/etc/init.d/S40network new file mode 100755 index 0000000000..4264705dc9 --- /dev/null +++ b/root/etc/init.d/S40network @@ -0,0 +1,10 @@ +#!/bin/sh +. /etc/functions.sh +case "$1" in + start|restart) + ifup lan + ifup wan + ifup wifi + wifi up + ;; +esac diff --git a/root/etc/init.d/S45firewall b/root/etc/init.d/S45firewall new file mode 100755 index 0000000000..40ac81a49f --- /dev/null +++ b/root/etc/init.d/S45firewall @@ -0,0 +1,22 @@ +#!/bin/sh +. /etc/functions.sh + +WAN=$(nvram_get wan_ifname) + +IPT=/usr/sbin/iptables + +for T in filter nat mangle ; do + $IPT -t $T -F + $IPT -t $T -X +done + +$IPT -t filter -A INPUT -m state --state INVALID -j DROP +$IPT -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +$IPT -t filter -A INPUT -p icmp -j ACCEPT +$IPT -t filter -A INPUT -i $WAN -p tcp -j REJECT --reject-with tcp-reset +$IPT -t filter -A INPUT -i $WAN -j REJECT --reject-with icmp-port-unreachable +$IPT -t filter -A FORWARD -m state --state INVALID -j DROP +$IPT -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT +$IPT -t filter -A FORWARD -i $WAN -m state --state NEW,INVALID -j DROP + +$IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE diff --git a/root/etc/init.d/S50services b/root/etc/init.d/S50services new file mode 100755 index 0000000000..949bee635f --- /dev/null +++ b/root/etc/init.d/S50services @@ -0,0 +1,5 @@ +#!/bin/sh +/usr/sbin/telnetd -l /bin/login +/usr/sbin/httpd -p 80 -h /www -r WRT54G Router +/usr/sbin/udhcpd /etc/udhcpd.conf +#udhcpd started from /etc/inittab diff --git a/root/etc/init.d/S99done b/root/etc/init.d/S99done new file mode 100755 index 0000000000..c5211813fb --- /dev/null +++ b/root/etc/init.d/S99done @@ -0,0 +1,3 @@ +#!/bin/sh +# turn off DMZ led +echo "0x00" > /proc/sys/diag diff --git a/root/etc/init.d/rcS b/root/etc/init.d/rcS new file mode 100755 index 0000000000..9510e941a5 --- /dev/null +++ b/root/etc/init.d/rcS @@ -0,0 +1,25 @@ +#!/bin/sh + +# Start all init scripts in /etc/init.d +# executing them in numerical order. +# +for i in /etc/init.d/S??* ;do + + # Ignore dangling symlinks (if any). + [ ! -f "$i" ] && continue + + case "$i" in + *.sh) + # Source shell script for speed. + ( + trap - INT QUIT TSTP + set start + . $i + ) + ;; + *) + # No sh extension, so fork subprocess. + $i start + ;; + esac +done diff --git a/root/etc/inittab b/root/etc/inittab index 73618d3461..6d8c87efcb 100644 --- a/root/etc/inittab +++ b/root/etc/inittab @@ -1,7 +1,3 @@ -::sysinit:/etc/rcS -::restart:/sbin/init -::ctrlaltdel:/sbin/reboot +::sysinit:/etc/init.d/rcS ::shutdown:/bin/alldone ::respawn:/usr/sbin/dnsmasq -d -l /tmp/udhcpd.leases -s lan - - diff --git a/root/etc/networking.sh b/root/etc/networking.sh deleted file mode 100755 index e59ec606eb..0000000000 --- a/root/etc/networking.sh +++ /dev/null @@ -1,172 +0,0 @@ -#!/bin/sh -# OpenWrt Networking script -# $Id$ -# Copyright (c) 2004 Mike Baker - -# to debug: -# export DEBUG=echo - -export PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# lookup an interface by mac address -mac2if () { - if=$(ifconfig -a | awk '{IGNORECASE=1} /^eth.*'$1'/ {print $1; exit}') - echo $if -} - -# allow env to override nvram -nvram_get () { - eval "echo \${$1:-\$(nvram get $1)}" -} - -# valid interface? -if_valid () { - [ "${1%%[0-9]}" = "vlan" ] && { - i=${1#vlan} - hwname=$(nvram_get vlan${i}hwname) - hwaddr=$(nvram_get ${hwname}macaddr) - [ -z "$hwaddr" ] && return 1 - - vif=$(mac2if $hwaddr) - echo "# vlan$i: $hwname $hwaddr => $vif" - - $DEBUG ifconfig $vif up - $DEBUG vconfig add $vif $i 2>/dev/null - } - ifconfig "$1" >/dev/null 2>&1 || [ "${1%%[0-9]}" = "br" ] - return $? -} - -wifi_init () { - echo "# --- wifi init ---" - if=$(awk 'gsub(":","") {print $1}' /proc/net/wireless) - $DEBUG wlconf $if up -} - -configure () { - type=$1 - echo "# --- $type ---" - - if=$(nvram_get ${type}_ifname) - if [ "${if%%[0-9]}" = "ppp" ]; then - if=$(nvram_get pppoe_ifname) - fi - if_valid $if || return - - $DEBUG ifconfig $if down - if [ "${if%%[0-9]}" = "br" ]; then - stp=$(nvram_get ${type}_stp) - $DEBUG brctl delbr $if - $DEBUG brctl addbr $if - $DEBUG brctl setfd $if 0 - $DEBUG brctl stp $if $stp - if_list=$(nvram_get ${type}_ifnames) - for sif in $if_list; do { - if_valid $sif || continue - $DEBUG ifconfig $sif 0.0.0.0 up - $DEBUG brctl addif $if $sif - } done - fi - - if_mac=$(nvram_get ${type}_hwaddr) - [ -z "$if_mac" ] || $DEBUG ifconfig $if hw ether $if_mac - - if_proto=$(nvram_get ${type}_proto) - case "$if_proto" in - static) - if_ip=$(nvram_get ${type}_ipaddr) - if_netmask=$(nvram_get ${type}_netmask) - if_gateway=$(nvram_get ${type}_gateway) - - ipcalc -s "$if_ip" || return - ipcalc -s "$if_netmask" || return - $DEBUG ifconfig $if $if_ip netmask $if_netmask up - - ipcalc -s "$if_gateway" || return - $DEBUG route add default gw $if_gateway - - [ -f /etc/resolv.conf ] && return - - echo "# --- creating /etc/resolv.conf ---" - for dns in $(nvram_get ${type}_dns); do { - echo "nameserver $dns" >> /etc/resolv.conf - } done - ;; - dhcp) - pidfile=/tmp/dhcp-${type}.pid - if [ -f $pidfile ]; then - $DEBUG kill $(cat $pidfile) - fi - $DEBUG udhcpc -i $if -b -p /tmp/dhcp-${type}.pid - ;; - pppoe) - if_username=$(nvram_get ppp_username) - if_password=$(nvram_get ppp_passwd) - if_redial=$(nvram_get ppp_redialperiod) - if_idletime=$(nvram_get ppp_idletime) - - $DEBUG ifconfig $if 0.0.0.0 up - - $DEBUG /sbin/pppoecd $if -u $if_username -p $if_password -i 0 -I $if_redial -T $if_idletime -k - ;; - *) - echo "$if: $if_proto is not supported" - ;; - esac -} - -### START NETWORKING ### -$DEBUG vconfig set_name_type VLAN_PLUS_VID_NO_PAD - -# hacks for 1.x hardware -[ "$(nvram get boardnum)" = "42" ] && \ -[ "$(nvram get boardtype)" = "bcm94710dev" ] && { - echo "# 1.x HACK" - vlan1hwname="et0" - vlan2hwname="et0" - - # we remap old device names to new - # it's recommended that you continue to - # use the old names to preserve backwards - # compatibility - remap () { - eval $1=\"$(nvram_get $1 | awk 'gsub("eth0","vlan2") gsub("eth1","vlan1")')\" - } - - remap lan_ifname - remap lan_ifnames - remap wifi_ifname - remap wifi_ifnames - remap wan_ifname - remap wan_ifnames - remap pppoe_ifname -} - -# failsafe if reset is held -[ "$FAILSAFE" = "true" ] && { - lan_ifname="br0" - lan_ifnames="vlan0 vlan2 eth1 eth2 eth3" - lan_ipaddr="192.168.1.1" - lan_netmask="255.255.255.0" - lan_hwaddr="00:0B:AD:0A:DD:00" - wan_ifname="none" - wifi_ifname="none" -} - -# linksys bug has lan doing dhcp; force static -lan_proto="static" - -configure lan -configure wifi -configure wan - -wifi_init - -for route in $(nvram_get static_route); do { - ip=${route%%:*} route=${route#*:} - netmask=${route%%:*} route=${route#*:} - gateway=${route%%:*} route=${route#*:} - metric=${route%%:*} route=${route#*:} - if=${route%%:*} - $DEBUG route add -net $ip netmask $netmask gw $gateway metric $metric dev $if -} done diff --git a/root/etc/preinit b/root/etc/preinit index 26025f454e..ccd3ab5bee 100755 --- a/root/etc/preinit +++ b/root/etc/preinit @@ -1,7 +1,7 @@ #!/bin/sh mount none /proc -t proc +mtd unlock mtd4 if /sbin/resetmon ; then - mtd unlock mtd4 mount -t jffs2 /dev/mtdblock/4 /jffs pivot_root /jffs /jffs/rom mount none /dev -t devfs diff --git a/root/etc/rcS b/root/etc/rcS deleted file mode 100755 index e2ab185bbf..0000000000 --- a/root/etc/rcS +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -export TZ=$(nvram get tz) - -insmod diag -echo "0x01" > /proc/sys/diag -echo "3" >/proc/sys/kernel/panic - -# networking -insmod et -insmod wl - -ifconfig lo 127.0.0.1 up - -# eth0 and eth1 are shared, must set eth0 as promisc -ifconfig eth0 promisc -ifconfig eth1 promisc -/etc/networking.sh - -# now lets set up a basic set of rules to do ip masquerade -/etc/firewall.sh - -# now lets start some basic services -/usr/sbin/telnetd -/usr/sbin/httpd -p 80 -h /www -r WRT54G Router -/usr/sbin/udhcpd /etc/udhcpd.conf -