#!/bin/sh # chkconfig: 35 98 10 # description: blackhole general TCP proxy central authority # processname: blackhole # pidfile: /var/run/blackhole.pid cd / PIDFILE=/var/run/blackhole.pid SUBSYS=/var/lock/subsys/blackhole NAME=blackhole CONTROL=/usr/sbin/blackhole-control RULES=/etc/blackhole-rules.sh SECRETS=/etc/blackhole.secrets STATFILE=/var/log/blackhole-connect.log if [ -f /etc/blackhole-options.conf ] ; then # This file must define BLACKHOLEOPTIONS and DEBUGOPT as needed . /etc/blackhole-options.conf fi save_rulestat(){ $CONTROL status | grep "^a*rule " |sed 's/nbcon=//' | sed 's/last=//' | sed 's/->//' >/var/run/blackhole.rules $CONTROL status | grep "^a*protocheck" |sed 's/nbcon=//' | sed 's/last=//' >/var/run/blackhole.checks } reload_rulestat(){ cat /var/run/blackhole.rules | while read rules a b c d e f g nbcon date source target rest do source=`echo $source | sed 's/last_source=//'` target=`echo $target | sed 's/last_target=//'` if [ "$source" = "" ] ; then source=_ fi if [ "$target" = "" ] ; then target=_ fi $CONTROL rulestat $a $b $c $d $e $f $g $nbcon $date $source $target done cat /var/run/blackhole.checks | while read checks name e f g nbcon date source target rest do source=`echo $source | sed 's/last_source=//'` target=`echo $target | sed 's/last_target=//'` if [ "$source" = "" ] ; then source=_ fi if [ "$target" = "" ] ; then target=_ fi $CONTROL checkstat $name $e $f $g $nbcon $date $source $target done } case "$1" in start) mkdir -p /var/run/blackhole echo -n "Starting $NAME: " SECRETOPT= if [ -f $SECRETS ] ; then SECRETOPT="--secretfile $SECRETS" fi /usr/sbin/$NAME $BLACKHOLEOPTIONS $DEBUGOPT $SECRETOPT --daemon echo $NAME touch $SUBSYS if [ -s $STATFILE ] ; then # Reload the logid LOGID=`tail -1 $STATFILE | sed 's/"/ /g' | (read a b; echo $a)` LOGID=`expr $LOGID + 1` $CONTROL setlogid $LOGID fi if [ ! -f $RULES ] ; then echo "No $RULES, $NAME won't do anything" else $RULES $CONTROL resume fi ;; stop) echo -n "Stopping $NAME: " if [ -f $PIDFILE ] ; then $CONTROL quit kill `cat $PIDFILE` 2>/dev/null rm -f $SUBSYS rm -f $PIDFILE echo "$NAME" else echo fi ;; restart) save_rulestat $CONTROL rejects | sed 's/nbtry=//' | sed 's/last=//' | sed 's/last_ip=//' | sed 's/://' >/var/run/blackhole.rejects $0 stop sleep 5 $0 start cat /var/run/blackhole.rejects | while read a b c d nbtry date ip rest do $CONTROL rejectstat $a $b $c $d $nbtry $date $ip done reload_rulestat ;; reload) if [ ! -f /etc/blackhole-rules.sh ] ; then echo "No /etc/blackhole-rules.sh, can't reload" else $CONTROL pause save_rulestat $CONTROL reset-rules $CONTROL reset-horizons $CONTROL reset-wormholes $RULES reload_rulestat $CONTROL resume fi ;; status) if [ ! -f $PIDFILE ] ; then echo Service $NAME is not running elif ! kill -0 `cat $PIDFILE` 2>/dev/null ; then echo Service $NAME is not running echo Unclean shutdown else echo Service $NAME is running echo Status $CONTROL status echo Statuserr $CONTROL statuserr fi ;; *) echo "Usage: $NAME {start|stop|restart|reload|status}" exit 1 esac exit 0