Bridge Firewall 筆記 – br.sh

Posted on 2011 年 06 月 01 日 by cowman.chiang

br.sh (網路異常恢復後重新建立bridge firewall,與前者差異於最後一行呼叫detect.sh)

#!/bin/bash

IPTABLES="/sbin/iptables"
BRCTL="/usr/sbin/brctl"
IFCONFIG="/sbin/ifconfig"
ROUTE="/sbin/route"

BRIP="163.28.192.135"
FW_IP="163.28.192.135"
BRMASK="255.255.255.0"
GATEWAY="163.28.192.254"
BRBROADCAST="163.28.192.255"

FW_IFACE="br0"

$BRCTL addbr br0
$BRCTL addif br0 eth0
$BRCTL addif br0 eth1
$BRCTL addif br0 eth3

# 先關閉這三組網路介面
$IFCONFIG br0 down
$IFCONFIG eth0 down
$IFCONFIG eth1 down
$IFCONFIG eth3 down

$IFCONFIG eth0 0.0.0.0
$IFCONFIG eth1 192.168.1.11
$IFCONFIG eth2 192.168.163.1
$IFCONFIG eth3 0.0.0.0

$IFCONFIG br0 $BRIP netmask $BRMASK broadcast $BRBROADCAST
# 設定 gateway 值,使 fw 本身可以上網 
$ROUTE add default gw $GATEWAY

# 啟動封包轉送
echo "1" > /proc/sys/net/ipv4/ip_forward

sleep 10s
# 此處不能enable,會造成無限detect.sh迴圈
#/bin/sh /br-fw/detect.sh &bg
This entry was posted in Linux, Network. Bookmark the permalink.