"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/share/arno-iptables-firewall/plugins/50sip-voip.plugin" (16 Sep 2020, 4459 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "50sip-voip.plugin": 2.1.0_vs_2.1.1.

    1 # ------------------------------------------------------------------------------
    2 #              -= Arno's Iptables Firewall(AIF) - SIP-VOIP plugin =-
    3 #
    4 PLUGIN_NAME="SIP-VOIP plugin"
    5 PLUGIN_VERSION="0.32BETA"
    6 PLUGIN_CONF_FILE="sip-voip.conf"
    7 #
    8 # Last changed          : June 13, 2017
    9 # Requirements          : AIF 2.0.0+ and ip_conntrack_sip
   10 # Comments              : This plugin will allow/enable SIP (VOIP) support
   11 #
   12 # Author                : (C) Copyright 2010-2017 by Arno van Amersfoort
   13 # Credits               : Philip Prindeville for his initial idea
   14 # Homepage              : https://rocky.eld.leidenuniv.nl/
   15 # Email                 : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
   16 #                         (note: you must remove all spaces and substitute the @ and the .
   17 #                         at the proper locations!)
   18 # ------------------------------------------------------------------------------
   19 # This program is free software; you can redistribute it and/or
   20 # modify it under the terms of the GNU General Public License
   21 # version 2 as published by the Free Software Foundation.
   22 #
   23 # This program is distributed in the hope that it will be useful,
   24 # but WITHOUT ANY WARRANTY; without even the implied warranty of
   25 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   26 # GNU General Public License for more details.
   27 #
   28 # You should have received a copy of the GNU General Public License
   29 # along with this program; if not, write to the Free Software
   30 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
   31 # ------------------------------------------------------------------------------
   32 
   33 # Plugin start function
   34 plugin_start()
   35 {
   36   local port ports="" host IFS
   37 
   38   if [ -z "$SIP_VOIP_PORTS" ]; then
   39     SIP_VOIP_PORTS="5060"
   40   fi
   41 
   42   if [ -z "$SIP_VOIP_REMOTE_HOSTS" ]; then
   43     SIP_VOIP_REMOTE_HOSTS="0/0"
   44   fi
   45 
   46   # Some required modules are already loaded by the main script:
   47   modprobe_multi nf_nat ip_nat
   48 
   49   echo "${INDENT}Using SIP UDP for $SIP_VOIP_REMOTE_HOSTS (INET) to port(s): $SIP_VOIP_PORTS"
   50 
   51   # We need the SIP module loaded of course
   52   IFS=' ,'
   53   for port in $SIP_VOIP_PORTS; do
   54     # Check for kernel 2.6.25 or newer
   55     if kernel_ver_chk 2 6 25; then
   56       ports="${ports:-ports=}${ports:+,}$port"
   57     else
   58       ports="$ports${ports:+ }ports=$port"
   59     fi
   60   done
   61 
   62   IFS=' '
   63   if ! modprobe nf_conntrack_sip $ports >/dev/null 2>&1; then
   64     modprobe ip_conntrack_sip $ports
   65   fi
   66 
   67   # Load the SIP NAT module only when required
   68   if [ "$NAT" = "1" ]; then
   69     modprobe_multi nf_nat_sip ip_nat_sip
   70   fi
   71 
   72   if ip4tables -nL CONNTRACK_HELPER >/dev/null 2>&1; then
   73     iptables -A CONNTRACK_HELPER -m conntrack --ctstate RELATED -m helper --helper sip -j ACCEPT
   74 
   75     IFS=' ,'
   76     for port in $SIP_VOIP_PORTS; do
   77       iptables -t raw -A PREROUTING -p udp --dport $port -j CT --helper sip
   78     done
   79   fi
   80 
   81   IFS=' ,'
   82   for host in $SIP_VOIP_REMOTE_HOSTS; do
   83     for port in $SIP_VOIP_PORTS; do
   84       iptables -A EXT_INPUT_CHAIN -s $host -p udp --dport $port -j ACCEPT
   85     done
   86   done
   87 
   88   return 0
   89 }
   90 
   91 
   92 # Plugin stop function
   93 plugin_stop()
   94 {
   95   return 0
   96 }
   97 
   98 
   99 # Plugin status function
  100 plugin_status()
  101 {
  102   return 0
  103 }
  104 
  105 # Sanity check environment before actual start
  106 plugin_sanity_check()
  107 {
  108   return 0
  109 }
  110 
  111 
  112 ############
  113 # Mainline #
  114 ############
  115 
  116 # Check where to find the config file
  117 CONF_FILE=""
  118 if [ -n "$PLUGIN_CONF_PATH" ]; then
  119   CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE"
  120 fi
  121 
  122 # Preinit to success:
  123 PLUGIN_RET_VAL=0
  124 
  125 # Check if the config file exists
  126 if [ ! -f "$CONF_FILE" ]; then
  127   printf "NOTE: Config file \"$CONF_FILE\" not found!\n        Plugin \"$PLUGIN_NAME v$PLUGIN_VERSION\" ignored!\n" >&2
  128 else
  129   # Source the plugin config file
  130   . "$CONF_FILE"
  131 
  132   if [ "$ENABLED" = "1" ] ||
  133      [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "stop" ] ||
  134      [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "status" ]; then
  135     # Show who we are:
  136     echo "${INDENT}$PLUGIN_NAME v$PLUGIN_VERSION"
  137 
  138     # Increment indention
  139     INDENT="$INDENT "
  140 
  141     # Only proceed if environment ok
  142     if ! plugin_sanity_check; then
  143       PLUGIN_RET_VAL=1
  144     else
  145       case $PLUGIN_CMD in
  146         start|'') plugin_start; PLUGIN_RET_VAL=$? ;;
  147         stop    ) plugin_stop; PLUGIN_RET_VAL=$? ;;
  148         status  ) plugin_status; PLUGIN_RET_VAL=$? ;;
  149         *       ) PLUGIN_RET_VAL=1; printf "\033[40m\033[1;31m${INDENT}ERROR: Invalid plugin option \"$PLUGIN_CMD\"!\033[0m\n" >&2 ;;
  150       esac
  151     fi
  152   fi
  153 fi