source: genesis/tools/proxy-8.0/wleiden.pl@ 8397

Last change on this file since 8397 was 8397, checked in by richardvm, 14 years ago

Firewall update

  • Property svn:executable set to *
File size: 10.5 KB
Line 
1#!/usr/bin/perl -w
2#
3# Copyright 2005 Stichting Wireless Leiden
4# maart 2004 rick@wirelessleiden.nl
5#
6
7# Config located at other file
8my $conf_file="./genesis.conf";
9do($conf_file) || die("Cann't open $conf_file");
10################ END OF CONFIG ##########################
11
12#variablen
13my $time=gmtime();
14my $source=`/bin/hostname`;
15chomp($source);
16
17
18#slurp IP berekeningen info
19do ("$IP_pmPath") || die ("Cann't open $IP_pmPath");
20#slurp dns info
21do ("$dnsheader_confPath") || die ("Cann't open $dnsheader_confPath");
22
23
24#zoek uit of het master_ip addr voorkomt in de configs
25#belangrijk van aliassen
26sub master_ipNotUsed {
27 if( $debug ) {
28 print "running master_ipNotUsed...\n";
29 }
30 foreach my $if (keys %config) {
31 if( $IP{$if} =~ /([0-9\.]+).*/ ) {
32 if( $1 eq $master_ip ) {
33 return(0);
34 };
35 };
36 };
37 return(1);
38};
39
40
41
42sub genHeader {
43 my $comment = $_[0];
44 my $output =
45 "$comment This file specific to wireless\n" .
46 "$comment leiden. Please make all changes in Genesis.\n" .
47 "$comment\n" .
48 "$comment Generated by $source\n" .
49 "$comment on $time\n" .
50 "$comment\n" .
51 "$comment $author\n" .
52 "$comment\n\n\n";
53 return ($output);
54};
55
56
57sub txtconfig {
58 my $output = "";
59 foreach $interface (keys %config) {
60 $output .= $config{$interface};
61 };
62 return($output);
63};
64
65
66sub dnsmasq_conf {
67 my $output = genHeader("#");
68 $output .=
69 "# Query all upstream dns servers by default\n" .
70 "all-servers \n" .
71 "# DHCP server options \n" .
72 "dhcp-authoritative \n" .
73 "dhcp-fqdn \n" .
74 "domain=dhcp.$nodename.$domain. \n" .
75 "bogus-priv \n" .
76 "domain-needed \n" .
77 "expand-hosts \n" .
78 "\n" .
79 "# Low memory footprint \n" .
80 "cache-size=10000 \n" .
81 "\n";
82
83 foreach my $interface (sort keys %config) {
84 if( $interface =~ /^[a-z]+[0-9]+$/i ) {
85 (my $ip, my $netmask) = split('/', $IP{$interface});
86 my $subnet = IP::toSubnet($netmask);
87
88 $output .=
89 "## $interface $DESC{$interface}\n";
90
91 if ( $DHCP{$interface} =~ /[0-9]+\-[0-9]+/i ) {
92 my $dhcp_part = $ip;
93 $dhcp_part =~ s/[0-9]+$//;
94 (my $dhcp_start, my $dhcp_stop) = $DHCP{$interface} =~ /([0-9]+)\-([0-9]+)/i;
95 $dhcp_start = $dhcp_part . $dhcp_start;
96 $dhcp_stop = $dhcp_part . $dhcp_stop;
97 $output .= "dhcp-range=$interface,$dhcp_start,$dhcp_stop,$subnet,24h\n\n";
98 }
99 else {
100 $output .= "# not autoritive \n\n";
101 };
102 };
103 };
104
105 return($output);
106};
107
108
109sub dhcpd_conf {
110 my $output = genHeader("#");
111 $output .=
112 "option domain-name \"$domain\";\n" .
113 " \n" .
114 "default-lease-time 7200;\n" .
115 "max-lease-time 2592000;\n" .
116 "\n" .
117 "ddns-update-style none;\n" .
118 "\n" .
119 "# Hack for the WET11\n" .
120 "#\n" .
121 "always-broadcast on;\n" .
122 "\n" .
123 "option domain-name-servers ${master_ip};\n" .
124 "\n";
125
126 foreach my $interface (sort keys %config) {
127 if( $interface =~ /^[a-z]+[0-9]+$/i ) {
128 (my $ip, my $netmask) = split('/', $IP{$interface});
129 my $subnet = IP::toSubnet($netmask);
130 my $broadcast = IP::getBroadcastAddr($ip, $subnet);
131 my $network = IP::getNetworkAddr($ip, $subnet);
132
133 $output .=
134 "# $interface $DESC{$interface}\n";
135
136 if ( $DHCP{$interface} =~ /[0-9]+\-[0-9]+/i ) {
137 my $dhcp_part = $ip;
138 $dhcp_part =~ s/[0-9]+$//;
139 (my $dhcp_start, my $dhcp_stop) = $DHCP{$interface} =~ /([0-9]+)\-([0-9]+)/i;
140 $dhcp_start = $dhcp_part . $dhcp_start;
141 $dhcp_stop = $dhcp_part . $dhcp_stop;
142 $output .=
143 "subnet $network netmask $subnet {\n" .
144 " range $dhcp_start $dhcp_stop;\n" .
145 " option broadcast-address $broadcast;\n" .
146 " option subnet-mask $subnet;\n" .
147 " option routers $ip;\n" .
148 $DHCP_STATIC{$if} .
149 "}\n" .
150 "\n";
151 }
152 else {
153 $output .=
154 "subnet $network netmask $subnet {not authoritative; }\n" .
155 "\n";
156 };
157 };
158 };
159
160 return($output);
161};
162
163sub named_conf {
164 my $output = genHeader("#");
165 $output .=
166 "options {\n" .
167 " directory \"/etc/namedb\"\;\n" .
168 " pid-file \"/var/run/named/pid\"\;\n" .
169 " forwarders {\n";
170 foreach my $forward (@forwarder) {
171 $output .= "$forward;\n";
172 };
173 $output .=
174 " };\n" .
175 "};\n" .
176 "\n" .
177 "\n" .
178 "zone \"\.\" {\n" .
179 " type hint;\n" .
180 " file \"/etc/namedb/named.root\"\;\n" .
181 "}\;\n" .
182 "\n" .
183 "zone \"0\.0\.127\.IN-ADDR.ARPA\" {\n" .
184 " type master\;\n" .
185 " file \"/etc/namedb/master/localhost.rev\"\;\n" .
186 "}\;\n" .
187 "\n" .
188 "zone \"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT\" {\n" .
189 " type master\;\n" .
190 " file \"/etc/namedb/master/localhost-v6.rev\"\;\n" .
191 "};\n" .
192 "\n";
193
194
195 foreach my $tmpZone (sort keys %zone) {
196 my $dnsZone = $zone{$tmpZone};
197 $output .=
198 "zone \"$tmpZone\" {\n" .
199 " type slave\;\n" .
200 " file \"slave/slave-$tmpZone\"\;\n" .
201 " masters {\n";
202 foreach my $tmpIP (sort @$dnsZone) {
203 $output .= " $tmpIP\;\n";
204 };
205 $output .=
206 " };\n" .
207 "};\n" .
208 "\n";
209 };
210
211 return($output);
212};
213
214
215
216sub rc_conf_local {
217 my $output = genHeader("#");
218 my $masterNotUsed = master_ipNotUsed();
219 $output.=
220 "hostname=\"$nodename.$domain\"\n" .
221 "location=\"$location\"\n" .
222 "\n";
223 if( $gateway ) {
224 $output .=
225 "defaultrouter='$gateway'\n"
226 }
227 if( $tproxy ) {
228 if( $tproxy =~ m/\d+\.\d+\.\d+\.\d+\/\d+/ ) {
229 $output .=
230 "# Tproxy is ran on this system\n".
231 "tproxy_enable='YES'\n".
232 "tproxy_range='$tproxy'\n".
233 "\n";
234 }
235 elsif( $tproxy !~ m/no/i ) {
236 $output .= "# WARNING - specification propably wrong - check " .
237 "genesis. It should be a pure CIDR\n";
238 };
239 };
240
241 $output .= "ifconfig_lo0_alias0=\"inet 172.31.255.1/32\"\n";
242 if( $masterNotUsed ) {
243 $output .= "ifconfig_lo0_alias1=\"inet $master_ip/32\"\n\n";
244 }
245 else {
246 $output .= "#ifconfig_lo0_alias1=\"inet $master_ip/32\"\n\n";
247 };
248
249 foreach my $interface (sort keys %config) {
250 (my $if, my $number) = split(/:/, $interface);
251 if( defined $number ) {
252 $output .= "ifconfig_$if\_alias$number=\"inet $IP{$interface}\"\n";
253 }
254 else {
255 if ( $DHCPCLIENT{$if} =~ /yes/i ) {
256 $output .= "ifconfig_$if=\"DHCP";
257 } else {
258 $output .= "ifconfig_$if=\"inet $IP{$interface}";
259 };
260 $output .= " $CARD_OPTION{$interface}";
261 if( $TYPE{$if} =~ /wireless/i ) {
262 $output .= " ssid $ESSID{$interface}";
263 if ( $SUBTYPE{$if} =~ /802.11a/i ) {
264 $output .= " mode 11a";
265 } elsif ( $SUBTYPE{$if} =~ /802.11g/i ) {
266 $output .= " mode 11g";
267 } else {
268 # Default output
269 $output .= " mode 11b";
270 }
271
272 if( $MODE{$if}=~/master/i ) {
273 $output .= " channel $CHANNEL{$interface}";
274 $output .= " mediaopt hostap";
275 }
276 else {
277 $output .= "";
278 };
279 };
280 $output .= "\"\n";
281 };
282 };
283 $output .= "\n";
284 $output .= "# XXX: Automagic by finding out which IP is in 172.16.0.0/12, perhaps?\n";
285 $output .= "internalif=\"" . $internalif . "\"\n";
286
287 $output .= "\n";
288 $output .= "static_routes=\"wleiden\"\n";
289
290 $output .= "route_wleiden=\"-net 172.16.0.0/12 $internalroute\"\n";
291
292
293 if( $proxyid ) {
294 # ssh-tun requires a four digit port number, so 22 + "??"
295 $proxyid = sprintf("%02i", $proxyid);
296
297 $output .= "\n";
298 $output .= "sshtun_enable=\"YES\"\n";
299 $output .= "sshtun_flags=\"-R 22$proxyid:localhost:22 \"\n";
300 }
301
302 if ( $inboundnat =~ /yes/i ) {
303 $output .= "\n";
304 $output .= "# Firewall inbound NAT option\n";
305 $output .= "firewall_enable=\"YES\"\n";
306 $output .= "firewall_script=\"/etc/ipfw.sh\"\n";
307 $output .= "firewall_nat_enable=\"YES\"\n";
308 $output .= "gateway_enable=\"YES\"\n";
309
310 }
311
312 if ( $nat =~ /yes/i ) {
313 $output .= "\n";
314 $output .= "# Enable nat and stateful firewalling\n";
315 $output .= "pf_enable=\"YES\"\n";
316 $output .= "pf_rules=\"/etc/pf.conf\"\n";
317 $output .= "\n";
318 $output .= "# Enable routing\n";
319 $output .= "gateway_enable=\"yes\"\n";
320 } else {
321 $output .= "\n";
322 $output .= "# Disable routing\n";
323 $output .= "gateway_enable=\"no\"\n";
324 }
325
326 # Block these ip's
327 if ( $firewall_block ) {
328 $firewall_block=~s/\n/\ /g;
329 $output .= "\n";
330 $output .= "firewall_block=\"$firewall_block\"";
331 }
332
333 return($output);
334};
335
336
337sub resolv_conf {
338 my $output = genHeader"#";
339
340# $output .=
341# "search wleiden.net.\n" .
342# "# Try local (cache) first \n" .
343# "nameserver 127.0.0.1\n" .
344# "# Direct neighboors\n" .
345# "\n";
346#
347# foreach my $if (sort keys %config) {
348# if( exists $POINT_TO_POINT{$if} ) {
349# foreach my $ip ($POINT_TO_POINT{$if}) {
350# $output .= "nameserver $ip # $DESC{$if}\n";
351# };
352# };
353# };
354#
355# $output .=
356# "\n" .
357# "# Last resort/backup remote nameservers \n" .
358# "nameserver 172.17.8.68 # proxy1\n" .
359# "nameserver 172.17.143.4 # proxy2\n" .
360# "nameserver 172.20.128.98 # proxy3\n" .
361# "nameserver 172.16.2.254 # proxy4\n" .
362# "nameserver 172.19.168.66 # proxy5\n";
363
364 $output .=
365 "nameserver 8.8.8.8 # Google\n" .
366 "nameserver 8.8.4.4 # Google\n" .
367 "search wleiden.net";
368
369 return($output);
370};
371
372
373sub parse_config {
374 my $workingfile = $_[0];
375 do($workingfile) || die("Cann't open/parse $workingfile");
376 foreach my $if (keys %config) {
377 my $cfg=$config{$if};
378 while ($cfg) {
379 $cfg=~s/^([^\n\r]+)[\r\n]*//m;
380 my $line=$1;
381 $line=~s/\s*#.*//;
382 if (((my $name, my $value)=split(/=/,$line)) eq 2) {
383 my $doit="if (exists(\$$name\{\"$if\"\})) {\$$name\{\"$if\"\}.=\";$value\";} else {\$$name\{\"$if\"\}.=\"$value\";}";
384 eval($doit);
385 };
386 $cfg=~s/[\r\n]*$//m;
387 };
388 };
389};
390
391sub authorized_keys {
392 my $output = genHeader("#");
393 if( -e "$global_keyPath" ) {
394 open( GLOBAL, "$global_keyPath" ) || die ("Cann't open $global_keyPath");
395 $output .= join("", <GLOBAL>);
396 close( GLOBAL );
397 }
398 else {
399 $output .= "# No $global_keyPath\n";
400 };
401
402 if( -e "$ndir/$nodetype$nodename/$ssh_file" ) {
403 open( NODE, "$ndir/$nodetype$nodename/$ssh_file" ) || die ("Cann't open $home/$nodename/$ssh_file");
404 $output .= join("", <NODE>);
405 close( NODE );
406 }
407 else {
408 $output .= "# No $ndir/$nodetype$nodename/$ssh_file\n";
409 };
410
411 return($output);
412};
413
414sub do_it {
415 my $file = $_[0];
416 my $body = "";
417
418 $file =~ s/\./_/g;
419 $body=&$file;
420 return($body);
421};
422
423if( exists $ARGV[0] ) {
424 if( exists $ARGV[1] ) {
425 parse_config($ARGV[0]);
426 print do_it($ARGV[1]);
427 }
428 else {
429 print "Usage `perl wleiden.pl 'inputfile' 'outputfile'`\n";
430 };
431};
432
4331;
Note: See TracBrowser for help on using the repository browser.