Revize 2257
Přidáno uživatelem Ondřej Fibich před téměř 11 roky(ů)
freenetis/branches/1.1/application/vendors/redirection/freenetis-redirection.conf | ||
---|---|---|
# This is configuration file for freenetis-redirection
|
||
#
|
||
# freenetis-redirection is part of project FreenetIS (for more info see http://www.freenetis.org)
|
||
|
||
|
||
|
||
################################################################################
|
||
# G E N E R A L S E T T I N G S #
|
||
################################################################################
|
||
|
||
# Base PATH_FN to running FreenetIS instance
|
||
PATH_FN=http://localhost/freenetis
|
||
|
||
# Log file, change to /dev/null to disable logging
|
||
LOG_FILE=/var/log/freenetis-redirection.log
|
||
|
||
# Log file for redirector deamon, change to /dev/null to disable logging
|
||
LOG_FILE_REDIRECTOR=/var/log/freenetis-http-redirection.log
|
||
|
||
################################################################################
|
||
# R E D I R E C T I O N S E T T I N G S #
|
||
################################################################################
|
||
|
||
# Local variable contains port number to be redirect from - mandatory
|
||
PORT_WEB=80
|
||
|
||
# Local variable contains port number to be redirect to - mandatory
|
||
PORT_REDIRECT=36000
|
||
|
||
# Local variable contains port number for canceling of redirection by redirected user - mandatory
|
||
PORT_SELF_CANCEL=36001
|
||
|
||
# Delay in seconds between next update cycle
|
||
DELAY=60
|
||
|
||
# URL of pages which we need to download from FreenetIS. [DO NOT CHANGE THIS VARIABLES!!!]
|
||
# SET_URL_RANGES - contains list of CIDR networks (e.g. 192.160.0/23) which we can redirect
|
||
# SET_URL_ALLOWED - contains list of IP allowed addresses will not be redirect
|
||
# SET_URL_SELF_CANCEL - contains list of IP addresses which can disable redirection itself
|
||
SET_URL_RANGES=$PATH_FN/index.php/en/web_interface/redirected_ranges
|
||
SET_URL_ALLOWED=$PATH_FN/index.php/en/web_interface/allowed_ip_addresses
|
||
SET_URL_SELF_CANCEL=$PATH_FN/index.php/en/web_interface/self_cancelable_ip_addresses
|
freenetis/branches/1.1/application/vendors/redirection/freenetis-redirection.sh | ||
---|---|---|
#!/bin/bash
|
||
################################################################################
|
||
# #
|
||
# This script serves for redirection IP policy of IS FreenetIS #
|
||
# #
|
||
# author Kliment Michal, Sevcik Roman #
|
||
# email kliment@freenetis.org, sevcik.roman@slfree.net #
|
||
# #
|
||
# name freenetis-redirection.sh #
|
||
# version 2.2 #
|
||
# #
|
||
################################################################################
|
||
|
||
# Version
|
||
VERSION="2.2"
|
||
|
||
# Load variables from config file
|
||
CONFIG=/etc/freenetis/freenetis-redirection.conf
|
||
|
||
# Local variable contains path to iptables - mandatory
|
||
IPTABLES=/sbin/iptables
|
||
|
||
# Local variable contains path to ipset - mandatory
|
||
IPSET=/usr/sbin/ipset
|
||
|
||
# Local variable contains path to wget - mandatory
|
||
WGET=/usr/bin/wget
|
||
|
||
# Path to HTTP 302 redirector
|
||
REDIRECTION_HTTP_REDIRECTOR=/usr/sbin/freenetis-http-302-redirection
|
||
|
||
# Path to HTTP 302 redirector
|
||
REDIRECTION_HTTP_REDIRECTOR_PIDFILE=/var/run/freenetis-http-302-redirection.pid
|
||
|
||
#Paths where temporary data will be saved.
|
||
PATH_ERRORS=`mktemp`
|
||
|
||
#Load variables
|
||
if [ -f ${CONFIG} ]; then
|
||
. $CONFIG;
|
||
else
|
||
echo "Config file is missing at path $CONFIG."
|
||
echo "Terminating..."
|
||
exit 0
|
||
fi
|
||
|
||
# Runs command and print result (OK = success, FAILED = error)
|
||
run_and_print_result ()
|
||
{
|
||
$@ 2> "$PATH_ERRORS"
|
||
if [ $? -eq 0 ];
|
||
then
|
||
echo "OK"
|
||
else
|
||
echo "FAILED! Error: $? "`cat "$PATH_ERRORS" | awk '{$1 = ""; print}'`
|
||
fi
|
||
}
|
||
|
||
# Tests whether iptables rule already exists
|
||
rule_exists ()
|
||
{
|
||
iptables-save | grep -q "$@"
|
||
if [ $? -eq 0 ];
|
||
then
|
||
echo 1
|
||
else
|
||
echo 0
|
||
fi
|
||
}
|
||
|
||
# Tests whether program is running
|
||
is_running ()
|
||
{
|
||
ps aux | grep -v grep | grep "$@" | wc -l
|
||
}
|
||
|
||
# Adds iptables rules
|
||
add_rules()
|
||
{
|
||
echo -n "Adding iptables rule for self canceling..."
|
||
|
||
#Rule for allowing access. If come packet to $PORT_SELF_CANCEL then we add source address do set allowed and to set seen
|
||
#Set seen is used for ip synchronization with FreenetIS.
|
||
if [ `rule_exists "PREROUTING -p tcp -m set --match-set self_cancel src -m tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src"` -eq 0 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -t nat -A PREROUTING -m set --match-set self_cancel src -p tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
|
||
echo -n "Adding iptables rule for allowed..."
|
||
|
||
#If IP is allowed then it is not redirected
|
||
if [ `rule_exists "PREROUTING -m set --match-set allowed src -j ACCEPT"` -eq 0 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -t nat -A PREROUTING -m set --match-set allowed src -j ACCEPT"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
|
||
echo -n "Adding iptables rule for allowed..."
|
||
|
||
#If IP is allowed then it is not redirected
|
||
if [ `rule_exists "PREROUTING -m set --match-set allowed dst -j ACCEPT"` -eq 0 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -t nat -A PREROUTING -m set --match-set allowed dst -j ACCEPT"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
|
||
echo -n "Adding iptables rule for redirection..."
|
||
|
||
#Redirect everything trafic what has destination port $PORT_WEB to $PORT_REDIRECT
|
||
if [ `rule_exists "PREROUTING -p tcp -m set --match-set ranges src -m tcp --dport $PORT_WEB -j REDIRECT --to-ports $PORT_REDIRECT"` -eq 0 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -t nat -A PREROUTING -m set --match-set ranges src -p tcp --dport $PORT_WEB -j REDIRECT --to-port $PORT_REDIRECT"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
|
||
echo -n "Adding iptables rule for allowed..."
|
||
|
||
#If IP is allowed then it is not redirected
|
||
if [ `rule_exists "FORWARD -m set --match-set allowed src -j ACCEPT"` -eq 0 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -I FORWARD 1 -m set --match-set allowed src -j ACCEPT"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
|
||
echo -n "Adding iptables rule for allowed..."
|
||
|
||
#If IP is allowed then it is not redirected
|
||
if [ `rule_exists "FORWARD -m set --match-set allowed dst -j ACCEPT"` -eq 0 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -I FORWARD 2 -m set --match-set allowed dst -j ACCEPT"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
|
||
echo -n "Adding iptables rule for block others..."
|
||
|
||
#Else everything drop
|
||
if [ `rule_exists "FORWARD -m set --match-set ranges src -j DROP"` -eq 0 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -I FORWARD 3 -m set --match-set ranges src -j DROP"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
}
|
||
|
||
# Deletes iptables rules
|
||
delete_rules()
|
||
{
|
||
echo -n "Deleting iptables rule for self canceling..."
|
||
#Rule for allowing access. If come packet to $PORT_SELF_CANCEL then we add source address do set allowed and to set seen
|
||
#Set seen is used for ip synchronization with FreenetIS.
|
||
if [ `rule_exists "PREROUTING -p tcp -m set --match-set self_cancel src -m tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src"` -eq 1 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -t nat -D PREROUTING -m set --match-set self_cancel src -p tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
|
||
echo -n "Deleting iptables rule for allowed..."
|
||
#If IP is allowed then it is not redirected
|
||
if [ `rule_exists "PREROUTING -m set --match-set allowed src -j ACCEPT"` -eq 1 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -t nat -D PREROUTING -m set --match-set allowed src -j ACCEPT"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
|
||
echo -n "Deleting iptables rule for allowed..."
|
||
#If IP is allowed then it is not redirected
|
||
if [ `rule_exists "PREROUTING -m set --match-set allowed dst -j ACCEPT"` -eq 1 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -t nat -D PREROUTING -m set --match-set allowed dst -j ACCEPT"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
|
||
echo -n "Deleting iptables rule for redirection..."
|
||
#Redirect everything trafic what has destination port $PORT_WEB to $PORT_REDIRECT
|
||
if [ `rule_exists "PREROUTING -p tcp -m set --match-set ranges src -m tcp --dport $PORT_WEB -j REDIRECT --to-ports $PORT_REDIRECT"` -eq 1 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -t nat -D PREROUTING -m set --match-set ranges src -p tcp --dport $PORT_WEB -j REDIRECT --to-port $PORT_REDIRECT"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
|
||
echo -n "Deleting iptables rule for allowed..."
|
||
#If IP is allowed then it is not redirected
|
||
if [ `rule_exists "FORWARD -m set --match-set allowed src -j ACCEPT"` -eq 1 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -D FORWARD -m set --match-set allowed src -j ACCEPT"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
|
||
echo -n "Deleting iptables rule for allowed..."
|
||
#If IP is allowed then it is not redirected
|
||
if [ `rule_exists "FORWARD -m set --match-set allowed dst -j ACCEPT"` -eq 1 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -D FORWARD -m set --match-set allowed dst -j ACCEPT"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
|
||
echo -n "Deleting iptables rule for block others..."
|
||
#Else everything drop
|
||
if [ `rule_exists "FORWARD -m set --match-set ranges src -j DROP"` -eq 1 ];
|
||
then
|
||
run_and_print_result "$IPTABLES -D FORWARD -m set --match-set ranges src -j DROP"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
}
|
||
|
||
# Adds ipsets
|
||
add_ipsets()
|
||
{
|
||
echo -n "Adding ipset allowed... "
|
||
|
||
if [ -n "`$IPSET -L allowed 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -N allowed iphash --hashsize 10000 --probes 8 --resize 50"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
|
||
echo -n "Adding ipset self_cancel..."
|
||
|
||
if [ -n "`$IPSET -L self_cancel 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -N self_cancel iphash --hashsize 10000 --probes 8 --resize 50"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
|
||
echo -n "Adding ipset ranges..."
|
||
|
||
if [ -n "`$IPSET -L ranges 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -N ranges nethash --hashsize 1024 --probes 4 --resize 50"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
|
||
echo -n "Adding temporary ipset for ipset allowed..."
|
||
|
||
if [ -n "`$IPSET -L allowed_tmp 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -N allowed_tmp iphash --hashsize 10000 --probes 8 --resize 50"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
|
||
echo -n "Adding temporary ipset for ipset self_cancel..."
|
||
|
||
if [ -n "`$IPSET -L self_cancel_tmp 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -N self_cancel_tmp iphash --hashsize 10000 --probes 8 --resize 50"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
|
||
echo -n "Adding temporary ipset for ipset ranges..."
|
||
|
||
if [ -n "`$IPSET -L ranges_tmp 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -N ranges_tmp nethash --hashsize 1024 --probes 4 --resize 50"
|
||
else
|
||
echo "already added"
|
||
fi
|
||
}
|
||
|
||
# Deletes ipsets
|
||
delete_ipsets()
|
||
{
|
||
echo -n "Deleting ipset allowed... "
|
||
|
||
if [ -z "`$IPSET -L allowed 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -X allowed"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
|
||
echo -n "Deleting ipset self_cancel..."
|
||
|
||
if [ -z "`$IPSET -L self_cancel 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -X self_cancel"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
|
||
echo -n "Deleting ipset ranges..."
|
||
|
||
if [ -z "`$IPSET -L ranges 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -X ranges"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
|
||
echo -n "Deleting temporary ipset for ipset allowed..."
|
||
|
||
if [ -z "`$IPSET -L allowed_tmp 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -X allowed_tmp"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
|
||
echo -n "Deleting temporary ipset for ipset self_cancel..."
|
||
|
||
if [ -z "`$IPSET -L self_cancel_tmp 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -X self_cancel_tmp"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
|
||
echo -n "Deleting temporary ipset for ipset ranges..."
|
||
|
||
if [ -z "`$IPSET -L ranges_tmp 2>&1>/dev/null`" ];
|
||
then
|
||
run_and_print_result "$IPSET -X ranges_tmp"
|
||
else
|
||
echo "already deleted"
|
||
fi
|
||
}
|
||
|
||
# Starts HTTP 302 redirector
|
||
start_http_redirector ()
|
||
{
|
||
echo -n "Starting FreenetIS redirection HTTP deamon: "
|
||
|
||
if [ `is_running "$REDIRECTION_HTTP_REDIRECTOR"` -eq 0 ];
|
||
then
|
||
run_and_print_result "start-stop-daemon --start --quiet --make-pidfile --pidfile=$REDIRECTION_HTTP_REDIRECTOR_PIDFILE --background --exec $REDIRECTION_HTTP_REDIRECTOR -- $PORT_REDIRECT $PATH_FN $LOG_FILE_REDIRECTOR"
|
||
else
|
||
echo "already started"
|
||
fi
|
||
}
|
||
|
||
# Stops HTTP 302 redirector
|
||
stop_http_redirector ()
|
||
{
|
||
echo -n "Stopping FreenetIS redirection HTTP deamon: "
|
||
|
||
if [ `is_running "$REDIRECTION_HTTP_REDIRECTOR"` -eq 1 ];
|
||
then
|
||
run_and_print_result "start-stop-daemon --stop --quiet --pidfile=$REDIRECTION_HTTP_REDIRECTOR_PIDFILE"
|
||
else
|
||
echo "already stopped"
|
||
fi
|
||
|
||
rm -f "$REDIRECTION_HTTP_REDIRECTOR_PIDFILE"
|
||
}
|
||
|
||
# Starts redirection - only adds ipsets, rules and starts HTTP redirector
|
||
start_redirection ()
|
||
{
|
||
echo "[STARTING]"
|
||
|
||
add_ipsets
|
||
add_rules
|
||
start_http_redirector
|
||
}
|
||
|
||
# Stops redirection - only deletes ipset, rules and stops HTTP redirector
|
||
stop_redirection ()
|
||
{
|
||
echo "[STOPPING]"
|
||
|
||
delete_rules
|
||
delete_ipsets
|
||
stop_http_redirector
|
||
}
|
||
|
||
# Syncs ipsets with FreenetIS - only one time
|
||
sync_ipsets ()
|
||
{
|
||
echo "[SYNCING]"
|
||
|
||
PATH_ALLOWED=`mktemp`
|
||
PATH_SELF_CANCEL=`mktemp`
|
||
PATH_RANGES=`mktemp`
|
||
|
||
for URL in "$SET_URL_ALLOWED";
|
||
do
|
||
echo -n "Downloading list of allowed IP addresses from $URL: ";
|
||
$WGET -qO- $URL --no-check-certificate >> $PATH_ALLOWED 2>/dev/null
|
||
if [ $? -eq 0 ];
|
||
then
|
||
echo "OK"
|
||
else
|
||
echo "FAILED!"
|
||
fi
|
||
done
|
||
|
||
for URL in "$SET_URL_SELF_CANCEL";
|
||
do
|
||
echo -n "Downloading list of self-cancel IP addresses from $URL: ";
|
||
$WGET -qO- $URL --no-check-certificate >> $PATH_SELF_CANCEL 2>/dev/null
|
||
if [ $? -eq 0 ];
|
||
then
|
||
echo "OK"
|
||
else
|
||
echo "FAILED!"
|
||
fi
|
||
done
|
||
|
||
for URL in "$SET_URL_RANGES";
|
||
do
|
||
echo -n "Downloading list of ranges from $URL: ";
|
||
$WGET -qO- $URL --no-check-certificate >> $PATH_RANGES 2>/dev/null
|
||
if [ $? -eq 0 ];
|
||
then
|
||
echo "OK"
|
||
else
|
||
echo "FAILED!"
|
||
fi
|
||
done
|
||
|
||
$IPSET -F ranges_tmp 2>/dev/null
|
||
$IPSET -F allowed_tmp 2>/dev/null
|
||
$IPSET -F self_cancel_tmp 2>/dev/null
|
||
|
||
echo -n "Adding IP addresses to temporary ipset for ipset allowed..."
|
||
|
||
for i in $(cat $PATH_ALLOWED);
|
||
do
|
||
$IPSET -A allowed_tmp $i 2>/dev/null
|
||
done
|
||
|
||
echo `cat $PATH_ALLOWED | wc -l`" addresses added "
|
||
|
||
echo -n "Adding IP addresses to temporary ipset for ipset self_cancel..."
|
||
|
||
for i in $(cat $PATH_SELF_CANCEL);
|
||
do
|
||
$IPSET -A self_cancel_tmp $i 2>/dev/null
|
||
done
|
||
|
||
echo `cat $PATH_SELF_CANCEL | wc -l`" addresses added "
|
||
|
||
echo -n "Adding IP addresses to temporary ipset for ipset ranges..."
|
||
|
||
for i in $(cat $PATH_RANGES);
|
||
do
|
||
$IPSET -A ranges_tmp $i 2>/dev/null
|
||
done
|
||
|
||
echo `cat $PATH_RANGES | wc -l`" addresses added "
|
||
|
||
echo -n "Replacing content of ipset ranges with content of temporary ipset..."
|
||
|
||
run_and_print_result "$IPSET -W ranges_tmp ranges"
|
||
|
||
echo -n "Replacing content of ipset allowed with content of temporary ipset..."
|
||
|
||
run_and_print_result "$IPSET -W allowed_tmp allowed"
|
||
|
||
echo -n "Replacing content of ipset self_cancel with content of temporary ipset..."
|
||
|
||
run_and_print_result "$IPSET -W self_cancel_tmp self_cancel"
|
||
|
||
#Cleaning up...
|
||
rm -f $PATH_RANGES
|
||
rm -f $PATH_ALLOWED
|
||
rm -f $PATH_SELF_CANCEL
|
||
}
|
||
|
||
# Runs whole redirections (start, sync, stop) in endless loop
|
||
run ()
|
||
{
|
||
echo "[STARTING]"
|
||
|
||
trap 'stop_redirection' EXIT
|
||
|
||
while (true);
|
||
do
|
||
# makes sure ipsets exist
|
||
add_ipsets
|
||
|
||
# makes sure iptables rules exist
|
||
add_rules
|
||
|
||
# makes sure HTTP 302 redirector is running
|
||
start_http_redirector
|
||
|
||
# syncs ipsets with FreenetIS
|
||
sync_ipsets
|
||
|
||
echo "Sleeping now for $DELAY seconds..."
|
||
sleep $DELAY;
|
||
done
|
||
}
|
||
|
||
# Prints usage
|
||
usage ()
|
||
{
|
||
echo "Usage : `echo $0` ACTION [ LOG FILE ]"
|
||
echo "where ACTION := { start | stop | restart | sync | run | version | help }"
|
||
}
|
||
|
||
# Prints version
|
||
version ()
|
||
{
|
||
echo $VERSION
|
||
}
|
||
|
||
# Prints help
|
||
help ()
|
||
{
|
||
echo " start - creates firewall rules and ipsets for redirection"
|
||
echo " stop - deletes firewall rules and ipsets for redirection"
|
||
echo " restart - deletes and recreates firewall rules and ipsets for redirection"
|
||
echo " sync - sync content of ipsets with FreenetIS"
|
||
echo " run - run complete redirection in endless loop"
|
||
echo " version - print version"
|
||
echo " help - prints help for redirection"
|
||
}
|
||
|
||
# Second parameter is set => will used as log file
|
||
if [ -n "$2" ]; then
|
||
exec > "$2"
|
||
fi;
|
||
|
||
# Is parameter #1 zero length?
|
||
if [ -z "$1" ]; then
|
||
usage
|
||
exit 0
|
||
fi;
|
||
|
||
case "$1" in
|
||
|
||
start)
|
||
start_redirection
|
||
exit 0
|
||
;;
|
||
|
||
stop)
|
||
stop_redirection
|
||
exit 0
|
||
;;
|
||
|
||
restart)
|
||
stop_redirection
|
||
start_redirection
|
||
exit 0
|
||
;;
|
||
|
||
sync)
|
||
sync_ipsets
|
||
exit 0
|
||
;;
|
||
|
||
run)
|
||
run
|
||
exit 0
|
||
;;
|
||
|
||
version)
|
||
version
|
||
exit 0
|
||
;;
|
||
|
||
help)
|
||
usage
|
||
help
|
||
exit 0
|
||
;;
|
||
|
||
*)
|
||
usage
|
||
exit 0
|
||
;;
|
||
|
||
esac
|
||
|
||
exit 0
|
||
freenetis/branches/1.1/application/vendors/redirection/freenetis-redirection.init.sh | ||
---|---|---|
#! /bin/bash
|
||
|
||
### BEGIN INIT INFO
|
||
# Provides: freenetis-redirection
|
||
# Required-Start: $remote_fs
|
||
# Required-Stop: $remote_fs
|
||
# Should-Start: $network $syslog
|
||
# Should-Stop: $network $syslog
|
||
# Default-Start: 2 3 4 5
|
||
# Default-Stop: 0 1 6
|
||
# Short-Description: Start and stop freenetis synchronization daemon
|
||
# Description: FreenetIS redirection synchronization script.
|
||
### END INIT INFO
|
||
|
||
################################################################################
|
||
# #
|
||
# This script serves for redirection IP policy of IS FreenetIS #
|
||
# #
|
||
# author Kliment Michal, Sevcik Roman #
|
||
# email kliment@freenetis.org, sevcik.roman@slfree.net #
|
||
# #
|
||
# name freenetis-redirection.init.sh #
|
||
# version 2.2 #
|
||
# #
|
||
################################################################################
|
||
|
||
#Load variables from config file
|
||
CONFIG=/etc/freenetis/freenetis-redirection.conf
|
||
|
||
# Path to redirection synchronization file
|
||
REDIRECTION_FILE=/usr/sbin/freenetis-redirection
|
||
|
||
#Path to redirection pid file
|
||
REDIRECTION_PIDFILE=/var/run/freenetis-redirection.pid
|
||
|
||
# Path to HTTP 302 redirector
|
||
REDIRECTION_HTTP_REDIRECTOR=/usr/sbin/freenetis-http-302-redirection
|
||
|
||
# Path to HTTP 302 redirector
|
||
REDIRECTION_HTTP_REDIRECTOR_PIDFILE=/var/run/freenetis-http-302-redirection.pid
|
||
|
||
#Load variables
|
||
if [ -f ${CONFIG} ]; then
|
||
. $CONFIG;
|
||
else
|
||
echo "Config file is missing at path $CONFIG."
|
||
echo "Terminating..."
|
||
exit 0
|
||
fi
|
||
|
||
# Tests whether program is running
|
||
is_running ()
|
||
{
|
||
ps aux | grep -v grep | grep "$@" | wc -l
|
||
}
|
||
|
||
# Starts Freenetis redirection daemon
|
||
start_redirection ()
|
||
{
|
||
if [ `is_running "$REDIRECTION_FILE"` -eq 0 ];
|
||
then
|
||
echo -n "Starting FreenetIS redirection daemon: "
|
||
start-stop-daemon --start --quiet --make-pidfile --pidfile="$REDIRECTION_PIDFILE" --background --exec "$REDIRECTION_FILE" -- run "$LOG_FILE" 2>> "$LOG_FILE"
|
||
sleep 2
|
||
if [ $? -eq 0 ];
|
||
then
|
||
echo "OK"
|
||
else
|
||
echo "FAILED!"
|
||
fi
|
||
else
|
||
echo "Already started."
|
||
fi
|
||
}
|
||
|
||
# Stops Freenetis redirection daemon
|
||
stop_redirection ()
|
||
{
|
||
if [ `is_running "$REDIRECTION_FILE"` -eq 1 ];
|
||
then
|
||
echo -n "Stopping FreenetIS redirection daemon: "
|
||
start-stop-daemon --stop --quiet --pidfile="$REDIRECTION_PIDFILE" 2>> "$LOG_FILE"
|
||
sleep 2
|
||
if [ $? -eq 0 ];
|
||
then
|
||
echo "OK"
|
||
else
|
||
echo "FAILED!"
|
||
fi
|
||
else
|
||
echo "Already stopped."
|
||
fi
|
||
|
||
rm -f "$REDIRECTION_PIDFILE"
|
||
}
|
||
|
||
# Prints status of Freenetis redirection daemon
|
||
status_redirection ()
|
||
{
|
||
if [ `is_running "$REDIRECTION_FILE"` -eq 1 ];
|
||
then
|
||
echo "FreenetIS redirection daemon is running with PID "`cat "$REDIRECTION_PIDFILE"`
|
||
|
||
if [ `is_running "$REDIRECTION_HTTP_REDIRECTOR"` -eq 1 ];
|
||
then
|
||
echo "FreenetIS HTTP redirector is running with PID "`cat "$REDIRECTION_HTTP_REDIRECTOR_PIDFILE"`
|
||
fi
|
||
else
|
||
echo "FreenetIS redirection is not running."
|
||
echo "FreenetIS HTTP redirector is not running."
|
||
fi
|
||
}
|
||
|
||
# Prints version
|
||
version_redirection ()
|
||
{
|
||
VERSION=`"$REDIRECTION_FILE" version 2>/dev/null`
|
||
|
||
echo $VERSION
|
||
}
|
||
|
||
# Prints usage
|
||
usage_redirection ()
|
||
{
|
||
echo "usage : `echo $0` (start|stop|restart|status|version|help)"
|
||
}
|
||
|
||
# Prints help
|
||
help_redirection ()
|
||
{
|
||
echo " start - starts FreenetIS redirection daemon"
|
||
echo " stop - stops FreenetIS redirection daemon"
|
||
echo " restart - restarts FreenetIS redirection daemon"
|
||
echo " reload - reloads configuration and restarts FreenetIS redirection daemon"
|
||
echo " status - returns actual status of FreenetIS redirection daemon"
|
||
echo " version - prints version"
|
||
echo " help - prints help"
|
||
}
|
||
|
||
# Is parameter #1 zero length?
|
||
if [ -z "$1" ]; then
|
||
usage_redirection
|
||
exit 0
|
||
fi;
|
||
|
||
case "$1" in
|
||
|
||
start)
|
||
start_redirection
|
||
exit 0
|
||
;;
|
||
|
||
restart|reload|force-reload) # reload is same thing as reload
|
||
stop_redirection
|
||
start_redirection
|
||
exit 0
|
||
;;
|
||
|
||
stop)
|
||
stop_redirection
|
||
exit 0
|
||
;;
|
||
|
||
status)
|
||
status_redirection
|
||
exit 0
|
||
;;
|
||
|
||
version)
|
||
version_redirection
|
||
exit 0
|
||
;;
|
||
|
||
help)
|
||
usage_redirection
|
||
help_redirection
|
||
exit 0
|
||
;;
|
||
|
||
*)
|
||
usage_redirection
|
||
exit 0
|
||
;;
|
||
|
||
esac
|
||
|
||
exit 0
|
freenetis/branches/1.1/application/vendors/redirection/man/freenetis-redirection.8 | ||
---|---|---|
.\" Manpage for freenetis-redirection.
|
||
.\" Contact ondrej.fibich@gmail.com.in to correct errors or typos.
|
||
.TH man 8 "09 September 2013" "1.0" "freenetis-redirection man page"
|
||
.SH NAME
|
||
freenetis-redirection \- redirection IP policy demon for FreenetIS
|
||
.SH SYNOPSIS
|
||
freenetis-redirection action [log_file]
|
||
.SH DESCRIPTION
|
||
freenetis-redirection demon is a part of FreenetIS redirection and it serves for redirection IP policy of IS FreenetIS. This script should not be used directly.
|
||
.SH OPTIONS
|
||
The freenetis-redirection should not be run directly. It is commonly managed by an init.d script.
|
||
|
||
It takes at least one argument action which may contains following values:
|
||
|
||
start - creates firewall rules and ipsets for redirection
|
||
stop - deletes firewall rules and ipsets for redirection
|
||
restart - deletes and recreates firewall rules and ipsets for redirection
|
||
sync - sync content of ipsets with FreenetIS
|
||
run - complete redirection in endless loop
|
||
version - print version
|
||
help - prints help for redirection
|
||
|
||
It can also take a second parameter that is a file that is used for logging.
|
||
.SH AUTHOR
|
||
Michal Kliment <kliment@freenetis.org>,
|
||
Roman Sevcik <sevcik.roman@slfree.net>
|
freenetis/branches/1.1/application/vendors/redirection/man/freenetis-http-302-redirection.1 | ||
---|---|---|
.\" Manpage for freenetis-http-302-redirection.1.
|
||
.\" Contact ondrej.fibich@gmail.com.in to correct errors or typos.
|
||
.TH man 1 "09 September 2013" "1.0" "freenetis-http-302-redirection man page"
|
||
.SH NAME
|
||
freenetis-http-302-redirection \- HTTP redirector for FreenetIS redirection
|
||
.SH SYNOPSIS
|
||
freenetis-http-302-redirection port freenetis_path [log_file]
|
||
.SH DESCRIPTION
|
||
freenetis-http-302-redirection is a part of FreenetIS redirection it servers for listening on a port and redirect all its traffic to FreenetIS. This script should not be used directly.
|
||
.SH OPTIONS
|
||
The freenetis-http-302-redirection should not be run directly. It is commonly managed by an freenetis-redirection(8) demon.
|
||
|
||
It takes following arguments:
|
||
|
||
port Port number on which it listens for incoming HTTP connections
|
||
|
||
freenetis_path URL to base path of FreenetIS
|
||
|
||
log_file Optional file for logging
|
||
|
||
.SH AUTHOR
|
||
Ondrej Fibich <ondrej.fibich@gmail.com>
|
freenetis/branches/1.1/application/vendors/redirection/test/http-302-redirection-test.sh | ||
---|---|---|
#!/bin/bash
|
||
################################################################################
|
||
#
|
||
# Test script that access some web pages (should be run on a redirected device)
|
||
#
|
||
################################################################################
|
||
|
||
WWWs=('http://seznam.cz' 'http://google.com')
|
||
|
||
while true
|
||
do
|
||
for url in "${WWWs[@]}"
|
||
do
|
||
echo `date +"%Y-%m-%d %H:%M:%S"`" Connecting to: $url" 1>&2
|
||
out=`wget -q -O - "$url"`
|
||
echo `date +"%Y-%m-%d %H:%M:%S"`" Downloaded (\$? = $?)"
|
||
echo ""
|
||
done
|
||
done
|
||
freenetis/branches/1.1/application/vendors/redirection/freenetis-http-302-redirection.py | ||
---|---|---|
#!/usr/bin/env python
|
||
################################################################################
|
||
#
|
||
# Script for redirecting with HTTP 302 code for FreenetIS redirection
|
||
#
|
||
# version: 0.1.2
|
||
# author: Ondrej Fibich <ondrej.fibich@gmail.com>
|
||
#
|
||
################################################################################
|
||
|
||
import datetime
|
||
import re
|
||
import signal
|
||
import sys
|
||
import socket
|
||
import thread
|
||
import logging
|
||
import time
|
||
|
||
########## Classes of script ###################################################
|
||
|
||
##
|
||
# Handles connections
|
||
#
|
||
class ConnectionHandler:
|
||
|
||
##
|
||
# Initialize socket and other required variables
|
||
#
|
||
def __init__(self, port, target_url):
|
||
# patterns for retrieving of response
|
||
self.pattern_http_header = re.compile("GET (.*) HTTP/")
|
||
self.pattern_http_host = re.compile("Host: (.*)\r\n")
|
||
self.pattern_url = re.compile("^(https?)://([\w-]+\.)+[\w-]+(/[\w -./?\%&=]*)?$")
|
||
# variables
|
||
self.target_url = target_url
|
||
self.port = port
|
||
self.listener = None
|
||
self.on = False # inicator of running
|
||
|
||
##
|
||
# Is on?
|
||
#
|
||
def is_on(self):
|
||
return self.on
|
||
|
||
##
|
||
# Open socket
|
||
#
|
||
def open(self):
|
||
if not self.listener:
|
||
self.listener = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # server socket
|
||
self.listener.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # repeatly used
|
||
self.listener.bind(("", self.port)) # bind socket to port
|
||
self.listener.listen(25) # max connection in same time
|
||
self.on = True
|
||
# debug
|
||
logging.info("FreenetIS HTTP 302 Redirector is active (port: %d)\n" % (self.port))
|
||
|
||
##
|
||
# Close socket
|
||
#
|
||
def close(self):
|
||
if self.listener:
|
||
self.listener.close()
|
||
logging.info("Closing socket")
|
||
|
||
##
|
||
# Signal hadler
|
||
#
|
||
def signal_handler(self, signum, frame):
|
||
logging.info("Catch signal %d." % (signum))
|
||
self.on = False
|
||
|
||
##
|
||
# Thread for processing of request and for creating and sending of response.
|
||
# @param conn Client connection
|
||
#
|
||
def _client_thread(self, conn):
|
||
try:
|
||
# set timeout of blocking operations
|
||
conn.settimeout(5.0) # 5 secounds
|
||
|
||
# download header
|
||
start_time = time.time()
|
||
request_header = conn.recv(1024)
|
||
|
||
if not request_header:
|
||
request_header = "" # even if nothing received, redirect
|
||
|
||
# header content variables
|
||
origin_host = ""
|
||
origin_path = ""
|
||
|
||
# read header
|
||
m_http_header = self.pattern_http_header.search(request_header)
|
||
|
||
if m_http_header:
|
||
origin_path = m_http_header.group(1)
|
||
|
||
m_origin_path = self.pattern_http_host.search(request_header)
|
||
|
||
if m_origin_path:
|
||
origin_host = "http://" + m_origin_path.group(1).strip()
|
||
|
||
# make URL
|
||
origin = origin_host + origin_path
|
||
|
||
# debug
|
||
logging.info("Origin: %s" % (origin))
|
||
|
||
# check readed data if wring set some other common url
|
||
if not self.pattern_url.match(origin):
|
||
origin = "http://www.google.com"
|
||
|
||
# make redir URL
|
||
url = self.target_url + origin
|
||
|
||
# send our https redirect
|
||
conn.send("HTTP/1.1 302 Moved temporarily\r\n" +
|
||
"Location: " + url + "\r\n" +
|
||
"Connection: close\r\n" +
|
||
"Cache-control: private\r\n\r\n" +
|
||
"<html><body>Moved temporarily. Please go to <a href=\"" + url + "\">" + url + "</a> for this service.</body></html>\r\n\r\n")
|
||
|
||
# debug
|
||
logging.info("Redirecting to %s took: %lf" % (url, time.time() - start_time))
|
||
|
||
finally:
|
||
# close connecting
|
||
conn.close()
|
||
# debug
|
||
logging.info("Closing connection.\n")
|
||
|
||
##
|
||
# Listens for incoming connection (every 1ms).
|
||
# On new connection a 302 redirect is sended and then the connection is closed.
|
||
#
|
||
def run(self):
|
||
# new connection?
|
||
client_socket, client_addr = self.listener.accept()
|
||
|
||
# debug
|
||
logging.info("Accepting connection from: %s:%d." % (client_addr[0], client_addr[1]))
|
||
|
||
# invoke thread
|
||
thread.start_new_thread(self._client_thread, (client_socket,))
|
||
|
||
########## Working loop ########################################################
|
||
|
||
# load arguments
|
||
if len(sys.argv) == 4:
|
||
logging.basicConfig(level=logging.DEBUG, format='[%(levelname)s] %(asctime)s %(message)s', datefmt='%Y-%m-%d %H:%M:%S', filename=sys.argv[3].strip(), filemode="w")
|
||
elif len(sys.argv) == 3:
|
||
logging.basicConfig(level=logging.DEBUG, format='[%(levelname)s] %(asctime)s %(message)s', datefmt='%Y-%m-%d %H:%M:%S')
|
||
else:
|
||
logging.critical("Wrong args count.. Terminating")
|
||
sys.exit(1)
|
||
|
||
# port
|
||
try:
|
||
port = int(sys.argv[1].strip())
|
||
except ValueError:
|
||
logging.critical("First argument has to be a port number.. Terminating")
|
||
sys.exit(2)
|
||
|
||
# url for redirect
|
||
if not re.match("^(https?)://(([\w-]+\.)+[\w-]+|localhost)(/[\w -./?\%&=]*)?$", sys.argv[2].strip()):
|
||
logging.critical("Second argument has to be a URL.. Terminating")
|
||
sys.exit(3)
|
||
|
||
target = sys.argv[2].strip().rstrip("/") + "/redirection/?redirect_to="
|
||
|
||
# init
|
||
connections = ConnectionHandler(port, target)
|
||
|
||
# connect
|
||
try:
|
||
connections.open()
|
||
except socket.error, msg:
|
||
connections.close()
|
||
logging.critical("Cannot create/bind socket, error (" + str(msg[0]) + "): " + str(msg[1]))
|
||
sys.exit(4)
|
||
|
||
# set signal handlers
|
||
signal.signal(signal.SIGINT, connections.signal_handler)
|
||
signal.signal(signal.SIGABRT, connections.signal_handler)
|
||
|
||
# endless loop for receiving of connections (do not stop even on error)
|
||
try:
|
||
while connections.is_on():
|
||
try:
|
||
connections.run()
|
||
except Exception as e: # on any error
|
||
logging.critical("An error occured: %s" % (e))
|
||
finally:
|
||
# close connection
|
||
connections.close()
|
||
|
||
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/templates | ||
---|---|---|
Template: freenetis-redirection/path_freenetis
|
||
Type: string
|
||
Default: http://localhost/freenetis
|
||
Description: FreenetIS URL:
|
||
Base path to running FreenetIS instance (e.g. http://freenet.org/is)
|
||
Description-cs.UTF-8: FreenetIS URL:
|
||
Cesta ke kořenu běžící instalace FreenetISu (např. http://freenet.org/is)
|
||
|
||
Template: freenetis-redirection/hack_reload
|
||
Type: boolean
|
||
Default: true
|
||
Description: Hack for propper working of loading package?
|
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/debianization.sh | ||
---|---|---|
#!/bin/sh
|
||
################################################################################
|
||
# Script for debianization of FreenetIS redirection and QoS package
|
||
# (c) Ondrej Fibich, 2012
|
||
#
|
||
# Takes two arguments (version of package - FreenetIS and debian version).
|
||
#
|
||
################################################################################
|
||
|
||
if [ $# -ne 2 ]; then
|
||
echo "Wrong arg count.. Terminating"
|
||
exit 1
|
||
fi
|
||
|
||
NAME=freenetis-redirection
|
||
VERSION=$1
|
||
DEBIAN=$2
|
||
|
||
# create dirs ##################################################################
|
||
mkdir deb_packages/tmp
|
||
cd deb_packages/tmp
|
||
|
||
mkdir -m 755 DEBIAN
|
||
mkdir -m 755 etc
|
||
mkdir -m 755 etc/init.d
|
||
mkdir -m 755 etc/freenetis
|
||
mkdir -m 755 usr
|
||
mkdir -m 755 usr/sbin
|
||
mkdir -m 755 usr/share
|
||
mkdir -m 755 usr/share/doc
|
||
mkdir -m 755 usr/share/doc/${NAME}
|
||
mkdir -m 755 usr/share/man
|
||
mkdir -m 755 usr/share/man/man1
|
||
mkdir -m 755 usr/share/man/man8
|
||
|
||
# doc ##########################################################################
|
||
|
||
# change log
|
||
cat ../../${NAME}/changelog >> usr/share/doc/${NAME}/changelog
|
||
|
||
# debian change log is same
|
||
cp usr/share/doc/${NAME}/changelog usr/share/doc/${NAME}/changelog.Debian
|
||
|
||
# copyright
|
||
echo "This package was debianized by Ondrej Fibich <ondrej.fibich@gmail.com> on `date -R`" >> usr/share/doc/${NAME}/copyright
|
||
echo "It was downloaded from <http://freenetis.org/>\n" >> usr/share/doc/${NAME}/copyright
|
||
echo "Copyright:" >> usr/share/doc/${NAME}/copyright
|
||
cat ../../../../../AUTHORS >> usr/share/doc/${NAME}/copyright
|
||
echo "\nLicense:" >> usr/share/doc/${NAME}/copyright
|
||
cat ../../../../../COPYING >> usr/share/doc/${NAME}/copyright
|
||
echo "\nOn Debian systems, the complete text of the GNU General" >> usr/share/doc/${NAME}/copyright
|
||
echo "Public License can be found in \`/usr/share/common-licenses/GPL-3'.\n" >> usr/share/doc/${NAME}/copyright
|
||
echo -n "The Debian packaging is (C) `date +%Y`, Ondrej Fibich <ondrej.fibich@gmail.com> and" >> usr/share/doc/${NAME}/copyright
|
||
echo " it is licensed under the GPL, see above.\n" >> usr/share/doc/${NAME}/copyright
|
||
|
||
# man pages
|
||
cp ../../../redirection/man/freenetis-redirection.8 usr/share/man/man8/
|
||
cp ../../../redirection/man/freenetis-http-302-redirection.1 usr/share/man/man1/
|
||
|
||
# rights
|
||
chmod 644 usr/share/doc/${NAME}/changelog usr/share/doc/${NAME}/changelog.Debian \
|
||
usr/share/doc/${NAME}/copyright usr/share/man/man8/freenetis-redirection.8 \
|
||
usr/share/man/man1/freenetis-http-302-redirection.1
|
||
|
||
# compress doc
|
||
gzip --best usr/share/doc/${NAME}/changelog
|
||
gzip --best usr/share/doc/${NAME}/changelog.Debian
|
||
gzip --best usr/share/man/man8/freenetis-redirection.8
|
||
gzip --best usr/share/man/man1/freenetis-http-302-redirection.1
|
||
|
||
# copy content of package ######################################################
|
||
cp ../../../redirection/freenetis-redirection.init.sh etc/init.d/${NAME}
|
||
cp ../../../redirection/freenetis-redirection.sh usr/sbin/freenetis-redirection
|
||
cp ../../../redirection/freenetis-http-302-redirection.py usr/sbin/freenetis-http-302-redirection
|
||
cp ../../../redirection/freenetis-redirection.conf etc/freenetis/
|
||
|
||
# count size
|
||
SIZE=`du -s etc usr | cut -f1 | paste -sd+ | bc`
|
||
|
||
# calculate checksum ###########################################################
|
||
|
||
find * -type f ! -regex '^DEBIAN/.*' -exec md5sum {} \; >> DEBIAN/md5sums
|
||
|
||
# create info files ############################################################
|
||
|
||
# create package info
|
||
|
||
echo "Package: ${NAME}" >> DEBIAN/control
|
||
echo "Version: ${VERSION}-${DEBIAN}" >> DEBIAN/control
|
||
echo "Installed-Size: ${SIZE}" >> DEBIAN/control
|
||
|
||
if [ "$DEBIAN" = lenny ] || [ "$DEBIAN" = squeeze ]; then
|
||
echo "Depends: coreutils (>= 6.10-6), ipset, wget (>= 1.11-4.1), grep (>= 2.5.3), procps, python, ipset-source, module-assistant, lsb-release" >> DEBIAN/control
|
||
else
|
||
echo "Depends: coreutils (>= 6.10-6), ipset, wget (>= 1.11-4.1), grep (>= 2.5.3), procps, python, lsb-release" >> DEBIAN/control
|
||
fi
|
||
|
||
cat ../../${NAME}/control >> DEBIAN/control
|
||
|
||
# scripts ######################################################################
|
||
|
||
cat ../../${NAME}/postinst >> DEBIAN/postinst
|
||
cat ../../${NAME}/prerm >> DEBIAN/prerm
|
||
cat ../../${NAME}/postrm >> DEBIAN/postrm
|
||
cat ../../${NAME}/templates >> DEBIAN/templates
|
||
cat ../../${NAME}/config >> DEBIAN/config
|
||
cp -a -f ../../${NAME}/conffiles DEBIAN/conffiles
|
||
|
||
chmod 644 DEBIAN/control DEBIAN/md5sums DEBIAN/templates DEBIAN/conffiles \
|
||
etc/freenetis/freenetis-redirection.conf
|
||
|
||
chmod 755 DEBIAN/prerm DEBIAN/postinst DEBIAN/postrm DEBIAN/config etc/init.d/${NAME} \
|
||
usr/sbin/freenetis-redirection usr/sbin/freenetis-http-302-redirection
|
||
|
||
# create deb ###################################################################
|
||
|
||
# change owner of files to root (security)
|
||
cd ..
|
||
sudo chown -hR root:root *
|
||
|
||
# make package
|
||
sudo dpkg-deb -b tmp ${NAME}_${VERSION}+${DEBIAN}.deb
|
||
|
||
# clean-up mess ################################################################
|
||
|
||
# clean
|
||
sudo rm -rf tmp
|
||
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/changelog | ||
---|---|---|
freenetis-redirection (2.2.0) stable; urgency=high
|
||
* HTTP redirector supports localhost
|
||
* man pages for all scripts
|
||
* DEB package fixes (#768)
|
||
-- Ondrej Fibich <ondrej.fibich@gmail.com> Tue, 10 Sep 2013 10:57:19 +0200
|
||
|
||
freenetis-redirection (2.1.0) stable; urgency=high
|
||
* Printing of version (#642)
|
||
* Support for multiple input interfaces (#683)
|
||
-- Michal Kliment <kliment@freenetis.org> Tue, 9 July 2013 14:21:03 +0200
|
||
|
||
freenetis-redirection (2.0.0) stable; urgency=high
|
||
* Support for debian wheezy (#261)
|
||
* Checking of working modules during running and its repairment (#549)
|
||
* start-stop-deamon (#568)
|
||
-- Ondrej Fibich <ondrej.fibich@gmail.com> Wed, 29 May 2013 15:53:03 +0200
|
||
|
||
freenetis-redirection (1.9.3) stable; urgency=high
|
||
* Improved building of ipset on squeeze (#454)
|
||
-- Ondrej Fibich <ondrej.fibich@gmail.com> Wed, 23 Jan 2013 14:31:56 +0100
|
||
|
||
freenetis-redirection (1.9.2) stable; urgency=high
|
||
* Fixes wrong initialization ipset rules (#399)
|
||
* Fixes printing of error message if socket cannot be open in HTTP redirector (#399)
|
||
-- Ondrej Fibich <ondrej.fibich@gmail.com> Tue, 23 Oct 2012 10:32:03 +0200
|
||
|
||
freenetis-redirection (1.9.1) stable; urgency=high
|
||
* Fixes starting of HTTP redirector
|
||
-- Ondrej Fibich <ondrej.fibich@gmail.com> Mon, 13 Aug 2012 12:58:52 +0200
|
||
|
||
freenetis-redirection (1.9.0) stable; urgency=low
|
||
* First release
|
||
-- Ondrej Fibich <ondrej.fibich@gmail.com> Tue, 07 Aug 2012 15:05:33 +0200
|
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/control | ||
---|---|---|
Priority: optional
|
||
Section: web
|
||
Pre-Depends: debconf (>= 0.5) | debconf-2.0
|
||
Suggests: freenetis
|
||
Architecture: all
|
||
Maintainer: Ondrej Fibich <ondrej.fibich@gmail.com>
|
||
Homepage: http://www.freenetis.org
|
||
Description: FreenetIS redirection:
|
||
FreenetIS redirection is tool which depends on FreenetIS and it is used for
|
||
restriction of traffic. Restrictions are activated in the FreenetIS
|
||
and they may be applicated on clouds, subnets, members or a single IP address.
|
||
Devices that are not registered in the FreenetIS are automatically restricted.
|
||
System administrators may edit messages that are displayed to restricted
|
||
users instead of web pages that they have requested.
|
||
Description-cs.UTF-8: FreenetIS přesměrování:
|
||
FreenetIS přesměrování je nástroj, který je závyslí na FreenetISu, a je používán
|
||
pro omezení provozu. Omezení jsou aktivována ve FreenetISu a mohou být
|
||
aplikovány na oblasti, podsítě, členy nebo jednotlivé IP adresy.
|
||
zařízení, které nejsou zaregistrovány ve FreenetISu jsou automaticky omezeny.
|
||
Systémový administrátoři mohou editovat zprávy, které jsou zobrazeny omezeným
|
||
uživatelům namísto webových stránek, které požadovaly.
|
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/postrm | ||
---|---|---|
#!/bin/sh
|
||
# FreenetIS-redirection DEB: actions before uninstalling of package
|
||
|
||
set -e
|
||
. /usr/share/debconf/confmodule
|
||
|
||
NAME=freenetis-redirection
|
||
CONFIGFILE=/etc/freenetis/freenetis-redirection.conf
|
||
|
||
# disable startup from update-rc.d
|
||
update-rc.d -f freenetis-redirection remove
|
||
|
||
# remove all configuration if purge
|
||
if [ "$1" = purge ]; then
|
||
# remove defconf values
|
||
if [ -e /usr/share/debconf/confmodule ]; then
|
||
db_purge
|
||
fi
|
||
# remove config files
|
||
rm -f $CONFIGFILE
|
||
# remove dir if empty
|
||
[ "$(ls -A /etc/freenetis)" ] || rm -rf /etc/freenetis
|
||
fi
|
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/conffiles | ||
---|---|---|
/etc/freenetis/freenetis-redirection.conf
|
||
/etc/init.d/freenetis-redirection
|
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/config | ||
---|---|---|
#!/bin/sh
|
||
|
||
set -e
|
||
. /usr/share/debconf/confmodule
|
||
|
||
CONFIGFILE=/etc/freenetis/freenetis-redirection.conf
|
||
|
||
# Load config file, if it exists.
|
||
if [ -e $CONFIGFILE ]; then
|
||
. $CONFIGFILE || true
|
||
db_get freenetis-redirection/hack_reload
|
||
if [ "$RET" = true ]; then
|
||
db_set freenetis-redirection/path_freenetis "$PATH_FN"
|
||
fi
|
||
fi
|
||
|
||
# h@ck for not reloading variables from config file (enabled again by postinst)
|
||
db_set freenetis-redirection/hack_reload false
|
||
|
||
# Ask questions.
|
||
db_input critical freenetis-redirection/path_freenetis || true
|
||
db_go || true
|
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/postinst | ||
---|---|---|
#!/bin/bash
|
||
# FreenetIS-redirection DEB: actions after installing of package
|
||
|
||
set -e
|
||
. /usr/share/debconf/confmodule
|
||
|
||
NAME=freenetis-redirection
|
||
CONFIGFILE=/etc/freenetis/freenetis-redirection.conf
|
||
|
||
# Quit if config file is missing.
|
||
if [ ! -e $CONFIGFILE ]; then
|
||
echo "$CONFIGFILE not founded!"
|
||
exit 1
|
||
fi
|
||
|
||
. $CONFIGFILE
|
||
|
||
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
|
||
|
||
# Substitute in the values from the debconf db.
|
||
# There are obvious optimizations possible here.
|
||
# The cp before the sed ensures we do not mess up
|
||
# the config file’s ownership and permissions.
|
||
|
||
db_get freenetis-redirection/path_freenetis
|
||
PATH_FN="$RET"
|
||
|
||
# check path
|
||
if [ -z "$PATH_FN" ]; then
|
||
echo "Empty path to FreenetIS instance, configuration failed!"
|
||
exit 3
|
||
fi
|
||
|
||
# check path format
|
||
if [[ ! "$PATH_FN" =~ $url_regex ]]; then
|
||
echo "Wrong format of the path to FreenetIS instance, configuration failed!"
|
||
exit 3
|
||
fi
|
||
|
||
cp -a -f $CONFIGFILE $CONFIGFILE.tmp
|
||
|
||
# If the admin deleted or commented some variables but then set
|
||
# them via debconf, (re-)add them to the conffile.
|
||
|
||
test -z "$PATH_FN" || grep -Eq '^ *PATH_FN=' $CONFIGFILE || echo "PATH_FN=" >> $CONFIGFILE
|
||
|
||
PATH_FN_ESCAPED="${PATH_FN//\//\\/}"
|
||
|
||
sed -e "s/^ *PATH_FN=.*/PATH_FN=\"$PATH_FN_ESCAPED\"/" < $CONFIGFILE > $CONFIGFILE.tmp
|
||
|
||
mv -f $CONFIGFILE.tmp $CONFIGFILE
|
||
|
||
# Make post install things
|
||
|
||
# 1) Startup at boot
|
||
|
||
# set on fire after boot
|
||
update-rc.d freenetis-redirection defaults
|
||
|
||
exit 0
|
freenetis/branches/1.1/application/vendors/deb/freenetis-redirection/prerm | ||
---|---|---|
#!/bin/sh
|
||
# FreenetIS-redirection DEB: actions before uninstalling of package
|
||
|
||
set -e
|
||
. /usr/share/debconf/confmodule
|
||
|
||
NAME=freenetis-redirection
|
||
|
Také k dispozici: Unified diff
Upravy:
- uplne odstraneni freenetis-redirection z hlavniho repozitare, nahrazeno https://github.com/freenetis/freenetis-redirection. Dalsi vyvoj bude probihat pouze v novem repozitari.