Home Explore Help
Sign In
Qubes
/
core-admin
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a17989470a
Branches Tags
core-admin
/
dom0
/
init.d
/
qubes_netvm

qubes_netvm 2.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. #!/bin/sh
    2. 

  2. #
    3. 

  3. # chkconfig: 2345 99 00
    4. 

  4. # description: Starts/stops Qubes default netvm
    5. 

  5. #
    6. 

  6. ### BEGIN INIT INFO
    7. 

  7. # Provides:          qubes-networking
    8. 

  8. # Required-Start:    qubes-core
    9. 

  9. # Default-Start:     3 4 5
    10. 

  10. # Default-Stop:      0 1 2 6
    11. 

  11. # Default-Enabled:   yes
    12. 

  12. # Short-Description: Start/stop qubes networking
    13. 

  13. # Description:       Starts and stops the qubes networking
    14. 

  14. ### END INIT INFO
    15. 

  15. 

  16. 

  17. #
    18. 

  18. # Source function library.
    19. 

  19. . /etc/rc.d/init.d/functions
    20. 

  20. 

  21. NETVM=$(qvm-get-default-netvm)
    22. 

  22. 

  23. start()
    24. 

  24. {
    25. 

  25.     if [ x$NETVM = x ] ; then
    26. 

  26. 

  27.         echo WARNING: Qubes NetVM not configured!
    28. 

  28.         echo -n $"Doing nothing:"
    29. 

  29. 

  30.     elif [ $NETVM = "dom0" ] ; then 
    31. 

  31. 

  32.         echo -n $"Setting up net backend in Dom0:"
    33. 

  33.         /etc/init.d/NetworkManager start
    34. 

  34.         brctl addbr br0 || exit 1
    35. 

  35.         ifconfig br0 10.0.0.1 netmask 255.255.0.0 up || exit 1
    36. 

  36.         echo "1" > /proc/sys/net/ipv4/ip_forward || exit 1
    37. 

  37.         /usr/sbin/dnsmasq  --listen-address 10.0.0.1 --bind-interfaces || exit 1
    38. 

  38.         iptables -t nat -A POSTROUTING -s 10.0.0.0/16 '!' -d 10.0.0.0/16 -j MASQUERADE || exit 1
    39. 

  39.         iptables -I INPUT 1 -i br0 -s 10.0.0.0/16 -j ACCEPT || exit 1
    40. 

  40.         iptables -I FORWARD 1 -i br0 -s 10.0.0.0/16 -j ACCEPT || exit 1
    41. 

  41.         iptables -I FORWARD 1 -o br0 -d 10.0.0.0/16 -m state --state ESTABLISHED,RELATED -j  ACCEPT || exit 1
    42. 

  42. 

  43.     else
    44. 

  44. 

  45.         echo -n $"Starting default NetVM:"
    46. 

  46.         /usr/lib/qubes/unbind_all_network_devices || exit 1
    47. 

  47.         qvm-start -q --no-guid $NETVM || exit 1
    48. 

  48. 

  49.     fi
    50. 

  50.     touch /var/lock/subsys/qubes_netvm
    51. 

  51.     success
    52. 

  52.     echo
    53. 

  53. 	return 0
    54. 

  54. }
    55. 

  55. 

  56. stop()
    57. 

  57. {
    58. 

  58.     if [ x$NETVM = x ] ; then
    59. 

  59. 

  60.         echo WARNING: Qubes NetVM not configured!
    61. 

  61.         echo -n $"Doing nothing:"
    62. 

  62. 

  63.     elif [ $NETVM = "dom0" ] ; then 
    64. 

  64. 

  65.         echo -n $"Stopping Qubes networking in Dom0:"
    66. 

  66.         iptables -t nat -D POSTROUTING -s 10.0.0.0/16 '!' -d 10.0.0.0/16 -j MASQUERADE 
    67. 

  67.         iptables -D INPUT -i br0 -s 10.0.0.0/16 -j ACCEPT || exit 1
    68. 

  68.         iptables -D FORWARD -i br0 -s 10.0.0.0/16 -j ACCEPT || exit 1
    69. 

  69.         iptables -D FORWARD -o br0 -d 10.0.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT || exit 1
    70. 

  70. 

  71. 

  72.         killall dnsmasq
    73. 

  73.         ifconfig br0 down
    74. 

  74.         brctl delbr br0
    75. 

  75. 

  76. 	else
    77. 

  77. 

  78.         echo -n $"Stopping default NetVM:"
    79. 

  79.         qvm-run -q --shutdown --wait $NETVM
    80. 

  80. 

  81.     fi
    82. 

  82.     rm -f /var/lock/subsys/qubes_netvm
    83. 

  83.     success
    84. 

  84.     echo
    85. 

  85. 

  86. 	return 0
    87. 

  87. }
    88. 

  88. 

  89. case "$1" in
    90. 

  90.   start)
    91. 

  91. 	start
    92. 

  92. 	;;
    93. 

  93.   stop)
    94. 

  94. 	stop
    95. 

  95. 	;;
    96. 

  96.   *)
    97. 

  97. 	echo $"Usage: $0 {start|stop}"
    98. 

  98. 	exit 3
    99. 

  99. 	;;
    100. 

  100. esac
    101. 

  101. 

  102. exit $RETVAL
    103.