-
Notifications
You must be signed in to change notification settings - Fork 43
/
Copy pathbrend.sh
executable file
·116 lines (92 loc) · 3.13 KB
/
brend.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/bin/bash
# Copyright (C) 2010 ORSoC AB
# Copyright (C) 2010 Embecosm Limited
# Contributor Julius Baxter <[email protected]>
# Contributor Jeremy Bennett <[email protected]>
# This file is a superuser script to close down an Ethernet bridge and restore
# the simple Ethernet interface.
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the Free
# Software Foundation; either version 3 of the License, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# ------------------------------------------------------------------------------
# Pre-requisites: bridge-utils must be installed.
# Usage: ./brend.sh <bridge> <eth> <tap>
# - <bridge> is the bridge interface to use, e.g. br0
# - <eth> is the hardware ethernet interface to use, e.g. eth0
# - <tap> is the tap interface to use, e.g. tap0
# Check we have the right number of arguments
if [ "x$#" != "x3" ]
then
echo "Usage: ./brend.sh <bridge> <eth> <tap>"
exit 1
fi
# Check we are root
euid=`id -un`
if [ "x${euid}" != "xroot" ]
then
echo "Must run as root"
exit 1
fi
# Break out the arguments
br=$1
eth=$2
tap=$3
# Determine the IP address, netmask and broadcast of the bridge.
eth_ip=`ifconfig $br | \
grep "inet addr" | \
head -1 | \
sed -e 's/^.*inet addr:\([^ \t]*\).*$/\1/'`
eth_netmask=`ifconfig $br | \
grep "Mask" | \
head -1 | \
sed -e 's/^.*Mask:\([^ \t]*\).*$/\1/'`
eth_broadcast=`ifconfig $br | \
grep "Bcast" | \
head -1 | \
sed -e 's/^.*Bcast:\([^ \t]*\).*$/\1/'`
# Close the firewall to the tap and bridge
iptables -D INPUT -i ${tap} -j ACCEPT
iptables -D INPUT -i ${br} -j ACCEPT
iptables -D FORWARD -i ${br} -j ACCEPT
# Take down the bridge and delete it
ifconfig ${br} down
if [ $? != 0 ]
then
echo "Failed to take down ${br}"
exit 1
fi
brctl delbr ${br}
if [ $? != 0 ]
then
echo "Failed to take delete ${br}"
exit 1
fi
# Delete the TAP interface. Note we mustn't have anything using it. It's
# rather harsh, but we use fuser to ensure this (it will take out all users of
# any TAP/TUN interface).
fuser -k /dev/net/tun
openvpn --rmtun --dev ${tap}
if [ $? != 0 ]
then
echo "Failed to remove ${tap}"
exit 1
fi
# Restore the Ethernet interface. We could use ifconfig with the IP address,
# netmask and broadcast mask from earlier, but this does not work in a DHCP
# world (the MAC has changed). Instead we use a single shot dhcp
# configuration. In future the extant eth0 dhclient will refresh the lease.
dhclient -1 -d ${eth0}
if [ $? != 0 ]
then
echo "Failed to get lease for ${eth}"
exit 1
fi
# Kill the outstanding br0 DHCL client
kill `ps ax | grep "dhclient.*${br}" | grep -v "grep" | cut -c 1-5`