sipwise
/
rtpengine
mirror of https://github.com/sipwise/rtpengine.git
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '79807a9c2e'
${ noResults }
rtpengine/debian/ngcp-rtpengine-iptables-setup

101 lines
2.2 KiB
Raw Blame History

#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
TABLE=0
MODNAME=xt_RTPENGINE
MANAGE_IPTABLES=yes
DEFAULTS=/etc/default/ngcp-rtpengine-daemon
# Load startup options if available
if [ -f "$DEFAULTS" ]; then
. "$DEFAULTS" || true
fi
MODPROBE_OPTIONS=""
# Handle requested setuid/setgid.
if ! test -z "$SET_USER"; then
PUID=$(id -u "$SET_USER" 2> /dev/null)
test -z "$PUID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_uid=$PUID"
if test -z "$SET_GROUP"; then
PGID=$(id -g "$SET_USER" 2> /dev/null)
test -z "$PGID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$PGID"
fi
fi
if ! test -z "$SET_GROUP"; then
PGID=$(grep "^$SET_GROUP:" /etc/group | cut -d: -f3 2> /dev/null)
test -z "$PGID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$PGID"
fi
###
if [ -x /usr/sbin/ngcp-virt-identify ]; then
if /usr/sbin/ngcp-virt-identify --type container; then
VIRT="yes"
fi
fi
firewall_setup()
{
if [ "$TABLE" -lt 0 ] || [ "$VIRT" = "yes" ]; then
return
fi
if [ "$MANAGE_IPTABLES" != "yes" ]; then
return
fi
# shellcheck disable=SC2086
modprobe $MODNAME $MODPROBE_OPTIONS
iptables -N rtpengine 2>/dev/null
iptables -D INPUT -j rtpengine 2>/dev/null
iptables -I INPUT -j rtpengine
iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
ip6tables -N rtpengine 2>/dev/null
ip6tables -D INPUT -j rtpengine 2>/dev/null
ip6tables -I INPUT -j rtpengine
ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
}
firewall_teardown()
{
if [ "$TABLE" -lt 0 ] || [ "$VIRT" = "yes" ]; then
return
fi
# XXX: Wait a bit to make sure the daemon has been stopped.
sleep 1
if [ -e /proc/rtpengine/control ]; then
echo "del $TABLE" >/proc/rtpengine/control 2>/dev/null
fi
if [ "$MANAGE_IPTABLES" != "yes" ]; then
return
fi
iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
rmmod $MODNAME 2>/dev/null
}
case "$1" in
start)
firewall_setup
;;
stop)
firewall_teardown
;;
*)
echo "Usage: $0 {start|stop}" >&2
exit 1
;;
esac
exit 0
Reference in new issue View Git Blame Copy Permalink