br.sh (網路異常恢復後重新建立bridge firewall,與前者差異於最後一行呼叫detect.sh)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
#!/bin/bash IPTABLES="/sbin/iptables" BRCTL="/usr/sbin/brctl" IFCONFIG="/sbin/ifconfig" ROUTE="/sbin/route" <!--more--> BRIP="163.28.192.135" FW_IP="163.28.192.135" BRMASK="255.255.255.0" GATEWAY="163.28.192.254" BRBROADCAST="163.28.192.255" FW_IFACE="br0" $BRCTL addbr br0 $BRCTL addif br0 eth0 $BRCTL addif br0 eth1 $BRCTL addif br0 eth3 # 先關閉這三組網路介面 $IFCONFIG br0 down $IFCONFIG eth0 down $IFCONFIG eth1 down $IFCONFIG eth3 down $IFCONFIG eth0 0.0.0.0 $IFCONFIG eth1 192.168.1.11 $IFCONFIG eth2 192.168.163.1 $IFCONFIG eth3 0.0.0.0 $IFCONFIG br0 $BRIP netmask $BRMASK broadcast $BRBROADCAST # 設定 gateway 值,使 fw 本身可以上網 $ROUTE add default gw $GATEWAY # 啟動封包轉送 echo "1" > /proc/sys/net/ipv4/ip_forward sleep 10s # 此處不能enable,會造成無限detect.sh迴圈 #/bin/sh /br-fw/detect.sh &bg |