1 | 2 | simandl | #! /bin/bash |
2 | | | # Firewall novĂŠ generace pro Czela Debian 3.1 |
3 | | | # Autor: Mirek SlugeĹ |
4 | | | # SpoluautoĹi: Michal PerlĂk, Michal VondrĂĄÄek, Jan ChmelenskĂ˝, Adam Pribyl |
5 | | | # VytvoĹeno: 06.11.2006 |
6 | | | # Naposledy zmÄnÄno: 08.2014 |
7 | | | # Tento skript mĹŻĹžete volnÄ ĹĄĂĹit a upravovat. |
8 | | | |
9 | | | # definujeme cesty v systemu |
10 | | | PATH="/usr/sbin:/usr/bin:/sbin:/bin" |
11 | | | |
12 | | | # zadame cesty k potrebnym binarnim souborum (programum) |
13 | | | IPTABLES=$(which iptables) # iptables umoznuji kontrolovat a ovladat sitove pakety, neumi omezovat rychlost |
14 | | | TC=$(which tc) # soubor z baliku iproute 2, slouzi pro kontrolovani provozu na danem zarizeni |
15 | | | IP=$(which ip) # soubor z baliku iproute 2, slouzi pro zjisteni smerovacich tabulek a ip adres |
16 | | | SYSCTL="$(which sysctl)" # nastaveni zakladnich vlastnosti site v jadru |
17 | | | # zadame cestu k dulezitym konfiguracnim souborum |
18 | | | QOS_CONFIG="/etc/firewall/qos.conf" # zde jsou ulozeni clenove ktere chceme navic vyrazne omezit pomoci qosu |
19 | | | NAT_CONFIG="/etc/firewall/nat.conf" # soubor pro nastaveni natu 1:1 |
20 | | | MACGUARD_DIR="/home/safe/macguard" # adresar kde jsou ulozeny soubory pro macguarda |
21 | | | SSHD_CONFIG="/etc/ssh/sshd_config" # nastaveni sshd serveru, potrebne jen pro zjisteni portu kde bezi ssh |
22 | | | TMP="/tmp/firewall" # odkladaci adresar, kam hodime docasne soubory, zatim pouze pro nat |
23 | | | |
24 | | | # zakladni nastaveni (globalni) |
25 | | | FIREWALL="yes" # vypnuti/zapnuti firewallu |
26 | | | QOS="yes" # vypnuti/zapnuti QoSu |
27 | | | QOS_TYPE="none" # layer7_esfq - nejkomplexnejsi a take nejlepsi volba, vyzaduje nastaveni spravne QOS_DIRECTION na vsech rozhranich s qosem |
28 | | | # layer7 - rozdeluje pasmo podle typu protokolu |
29 | | | # esfq - spravedlive rozdeluje pasmo na ip adresy |
30 | | | # none - pouzije se obycejne sfq |
31 | | | QOS_LIMIT_TYPE="hfsc" # hfsc | htb - oboje je pro omezovani rychlosti, hfsc se zda byt spolehlivejsi |
32 | | | QOS_DEVICE="ifb" # imq - nejlepsi volba | ifb - neumi HD (polovicni duplex) a layer7, zaroven muze zpusobit kernel panic na atherosech | none - omezuje se jen jednim smerem |
33 | | | NAT="no" # prekladani adres, pouziva se jen u hranicnich routeru (internetovych bran) |
34 | | | NO_P2P="no" # zakazani P2P paketu, pouzivejte jen na velmi pomale lince! |
35 | | | MACGUARD="yes" # system kontroly pripojenych clenu na router, neni vhodne pouzivat rezim HD u QoSu, nemusi to potom fungovat spravne |
36 | | | MACGUARD_SERVER="10.101.0.1" # kde bezi macguard-server |
37 | | | ACCOUNT="yes" # velmi rychle a presne pociani prenesenych dat |
38 | | | ACCOUNT_GRAPHS="yes" # pravidelne vytvareni grafu pomoci rrdtool pro webove rozhrani |
39 | | | ACCOUNT_GRAPHS_SYSTEM="yes" # vytvareni grafu systemovych parametru, jako zatech cpu, obsazeni disku atd... |
40 | | | ACCOUNT_GRAPHS_IFACE="yes" # vytvareni grafu zatizeni jednotlivych rozhrani |
41 | | | ACCOUNT_GRAPHS_DRIVES="yes" # grafy vyuziti pevnych disku |
42 | | | ACCOUNT_GRAPHS_PING="yes" # vytvareni grafu pingu na ruzne uzivatelem definovane servery |
43 | | | ACCOUNT_GRAPHS_IP="yes" # vytvareni grafu prutoku dat vsech ip adres z vnitrniho rozsahu |
44 | | | ACCOUNT_GRAPHS_IP_EX="yes" # ukladani nulovych hodnot do grafu ip, vypnuti snizi presnost grafu, ale podstatne snizi zatez PC |
45 | | | ACCOUNT_GRAPHS_SIGNAL="yes" # vytvareni grafu signalu pro wifi klient |
46 | | | ACCOUNT_GRAPHS_MK_SIGNAL="yes" # ziskavani signalu wifi klientu pripojenych primo na Mikrotik |
47 | | | DNS_PRIMARY="10.101.253.14" # primarni dns pro tvorbu dhcp serveru pomoci macguarda |
48 | | | DNS_SECONDARY="10.101.254.193" # sekundarni dns pro tvorbu dhcp serveru pomoci macguarda |
49 | | | NETBIOS="10.101.253.14" # netbios pro tvorbu dhcp serveru pomoci macguarda |
50 | | | DOMAIN="lbcfree.net" # nazev domeny pro tvorbu dhcp serveru pomoci macguarda |
51 | | | |
52 | | | # lokalni loopback rozhrani (rozhrani ktere ma kazde pc, nejedna se o fyzicke rozhrani) |
53 | | | LO_IFACE="lo" |
54 | | | |
55 | | | # rozsah czela.netu, nebo vnitrni site (nastaveni pro nat) |
56 | | | NAT_DEV="eth0" # rozhrani pres ktere pristupujeme do venkovni site |
57 | | | NAT_TYPE="normal" # tree | normal, tree je vhodnejsi pro vice jak 50 adres |
58 | | | INTERNAL_IP="10.101.0.0/16" # rozsah vnitrnich adres |
59 | | | EXTERNAL_IP="78.108.105.0/24" # rozsah venkovnich adres |
60 | | | |
61 | | | # dummy rozhrani (rozhrani pro identifikaci pc s vice kartami, nejedna se o fyzicke rozhrani) |
62 | | | DUMMY_IFACE="dummy0" |
63 | | | |
64 | | | DEV0_IFACE="eth0" |
65 | | | DEV0_QOS="no" |
66 | | | DEV0_QOS_RATE="2000" |
67 | | | DEV0_QOS_DUPLEX="FD" |
68 | | | DEV0_QOS_DIRECTION="LAN" |
69 | | | DEV0_MACGUARD="no" |
70 | | | DEV0_MACGUARD_DHCP="no" |
71 | | | DEV0_NO_P2P="no" |
72 | | | DEV0_DESCRIPTION="" |
73 | | | |
74 | | | DEV1_IFACE="eth0.3300" |
75 | | | DEV1_QOS="no" |
76 | | | DEV1_QOS_RATE="2000" |
77 | | | DEV1_QOS_DUPLEX="FD" |
78 | | | DEV1_QOS_DIRECTION="LAN" |
79 | | | DEV1_MACGUARD="no" |
80 | | | DEV1_MACGUARD_DHCP="no" |
81 | | | DEV1_NO_P2P="no" |
82 | | | DEV1_DESCRIPTION="Paterni VLANa" |
83 | | | |
84 | | | DEV2_IFACE="eth1" |
85 | | | DEV2_QOS="yes" |
86 | | | DEV2_QOS_RATE="2000" |
87 | | | DEV2_QOS_DUPLEX="FD" |
88 | | | DEV2_QOS_DIRECTION="LAN" |
89 | | | DEV2_MACGUARD="yes" |
90 | | | DEV2_MACGUARD_DHCP="yes" |
91 | | | DEV2_NO_P2P="no" |
92 | | | DEV2_DESCRIPTION="" |
93 | | | |
94 | | | DEV3_IFACE="eth2" |
95 | | | DEV3_QOS="yes" |
96 | | | DEV3_QOS_RATE="2000" |
97 | | | DEV3_QOS_DUPLEX="FD" |
98 | | | DEV3_QOS_DIRECTION="LAN" |
99 | | | DEV3_MACGUARD="yes" |
100 | | | DEV3_MACGUARD_DHCP="yes" |
101 | | | DEV3_NO_P2P="no" |
102 | | | DEV3_DESCRIPTION="" |
103 | | | |
104 | | | # nacteme dulezite casti firewallu |
105 | | | . /etc/firewall/qos |
106 | | | . /etc/firewall/qos.conf |
107 | | | . /etc/firewall/macguard |
108 | | | . /etc/firewall/nat |
109 | | | . /etc/firewall/p2p |
110 | | | . /etc/firewall/account |
111 | | | |
112 | | | # Hlavni cast celeho skriptu |
113 | | | case "$1" in |
114 | | | |
115 | | | start) |
116 | | | # Zacatek firewallu, v teto casti pridavejte vlastni pravidla |
117 | | | echo -n "Starting firewall..." |
118 | | | |
119 | | | if [ $FIREWALL != "yes" ]; then |
120 | | | echo "firewall is disabled." |
121 | | | exit 0 |
122 | | | fi |
123 | | | |
124 | | | # Pokud pouzivame stromovou sktrukturu tak jeste pred spustenim firewallu vygenerujeme pravidla |
125 | | | [ "$NAT" == "yes" ] && [ "$NAT_TYPE" == "tree" ] && nat |
126 | | | |
127 | | | # Vsechna puvodni pravidla smazat |
128 | | | $IPTABLES -F |
129 | | | $IPTABLES -t nat -F |
130 | | | $IPTABLES -t mangle -F |
131 | | | $IPTABLES -X |
132 | | | $IPTABLES -t nat -X |
133 | | | $IPTABLES -t mangle -X |
134 | | | |
135 | | | # spustime vygenerovana pravidla |
136 | | | [ "$NAT" == "yes" ] && [ "$NAT_TYPE" == "tree" ] && iptables-restore $TMP/table |
137 | | | |
138 | | | # Standartne vse povolit, jen pakety mirici primo na router zahodime |
139 | | | $IPTABLES -P INPUT DROP |
140 | | | $IPTABLES -P OUTPUT ACCEPT |
141 | | | $IPTABLES -P FORWARD ACCEPT |
142 | | | |
143 | | | # Loopback |
144 | | | $IPTABLES -A INPUT -i $LO_IFACE -j ACCEPT |
145 | | | |
146 | | | # Jiz navazana spojeni povolime |
147 | | | $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
148 | | | |
149 | | | # --------------------------------------------------------------------------- |
150 | | | |
151 | | | # Spyware na TCP portech |
152 | | | $IPTABLES -I FORWARD -p TCP --dport 135 -j DROP |
153 | | | $IPTABLES -I FORWARD -p TCP --dport 139 -j DROP |
154 | | | $IPTABLES -I FORWARD -p TCP --dport 445 -j DROP |
155 | | | $IPTABLES -I FORWARD -p TCP --sport 135 -j DROP |
156 | | | $IPTABLES -I FORWARD -p TCP --sport 139 -j DROP |
157 | | | $IPTABLES -I FORWARD -p TCP --sport 445 -j DROP |
158 | | | |
159 | | | # Spyware na UDP portech |
160 | | | $IPTABLES -I FORWARD -p UDP --dport 135 -j DROP |
161 | | | $IPTABLES -I FORWARD -p UDP --dport 137 -j DROP |
162 | | | $IPTABLES -I FORWARD -p UDP --dport 139 -j DROP |
163 | | | $IPTABLES -I FORWARD -p UDP --dport 445 -j DROP |
164 | | | $IPTABLES -I FORWARD -p UDP --sport 135 -j DROP |
165 | | | $IPTABLES -I FORWARD -p UDP --sport 137 -j DROP |
166 | | | $IPTABLES -I FORWARD -p UDP --sport 139 -j DROP |
167 | | | $IPTABLES -I FORWARD -p UDP --sport 445 -j DROP |
168 | | | |
169 | | | # Limit 300 aktivnich spojeni na 1 IP adresu, velmi narocne na vykon |
170 | | | #$IPTABLES -I FORWARD -p TCP -m connlimit --connlimit-above 300 -j REJECT --reject-with tcp-reset |
171 | | | |
172 | | | # Dropovane IP adresy |
173 | | | #$IPTABLES -I FORWARD -s 10.93.44.2 -j DROP |
174 | | | #$IPTABLES -I FORWARD -d 10.93.44.2 -j DROP |
175 | | | |
176 | | | # --------------------------------------------------------------------------- |
177 | | | |
178 | | | # FTP, vcetne ochrany pred utoky z internetu |
179 | | | $IPTABLES -A INPUT -p TCP --dport 21 -j ACCEPT |
180 | | | $IPTABLES -A INPUT -p TCP --dport 21 -m state --state NEW -m recent --set |
181 | | | $IPTABLES -A INPUT -p TCP --dport 21 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl -j DROP |
182 | | | |
183 | | | # SSH, vcetne ochrany pred utoky z internetu |
184 | | | $IPTABLES -A INPUT -p TCP --dport 22 -j ACCEPT |
185 | | | $IPTABLES -A INPUT -p TCP --dport 22 -m state --state NEW -m recent --set |
186 | | | $IPTABLES -A INPUT -p TCP --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl -j DROP |
187 | | | # tvrdsi blokovani utoku na ssh |
188 | | | #$IPTABLES -A INPUT -p TCP --syn --dport 22 -m recent --set |
189 | | | #$IPTABLES -A INPUT -p TCP --syn --dport 22 -m recent --seconds 300 --hitcount 3 -rcheck -j REJECT --reject-with tcp-reset |
190 | | | |
191 | | | # HTTP |
192 | | | $IPTABLES -A INPUT -s $INTERNAL_IP -p TCP --dport 80 -j ACCEPT |
193 | | | $IPTABLES -A INPUT -s 192.168.0.0/16 -p TCP --dport 80 -j ACCEPT |
194 | | | |
195 | | | # HTTPS |
196 | | | $IPTABLES -A INPUT -s $INTERNAL_IP -p TCP --dport 443 -j ACCEPT |
197 | | | $IPTABLES -A INPUT -s 192.168.0.0/16 -p TCP --dport 443 -j ACCEPT |
198 | | | |
199 | | | # SNMP |
200 | | | $IPTABLES -A INPUT -s $INTERNAL_IP -p UDP --dport 161:162 -j ACCEPT |
201 | | | |
202 | | | # net-test |
203 | | | $IPTABLES -A INPUT -s $INTERNAL_IP -p TCP --dport 5001 -j ACCEPT |
204 | | | |
205 | | | # QUAGGA |
206 | | | $IPTABLES -A INPUT -p TCP --dport 2601 -j ACCEPT |
207 | | | $IPTABLES -A INPUT -p TCP --dport 2604 -j ACCEPT |
208 | | | $IPTABLES -A INPUT -d 224.0.0.5/32 -j ACCEPT |
209 | | | $IPTABLES -A INPUT -d 224.0.0.6/32 -j ACCEPT |
210 | | | $IPTABLES -A INPUT -d 224.0.0.9/32 -j ACCEPT |
211 | | | $IPTABLES -A INPUT -p ospf -j ACCEPT |
212 | | | |
213 | | | # BGP |
214 | | | #$IPTABLES -A INPUT -p TCP --dport 2605 -j ACCEPT |
215 | | | #$IPTABLES -A INPUT -p TCP --dport 179 -j ACCEPT |
216 | | | |
217 | | | # multicast - TV, Radio czela.net |
218 | | | #$IPTABLES -A INPUT -d 224.0.0.0/24 -j ACCEPT |
219 | | | |
220 | | | # ICMP - ping |
221 | | | $IPTABLES -A INPUT -p ICMP -j ACCEPT |
222 | | | |
223 | | | # AUTH neni dobre filtrovat pomoci DROP |
224 | | | $IPTABLES -A INPUT -p TCP --dport 113 -j REJECT --reject-with tcp-reset |
225 | | | |
226 | | | # --------------------------------------------------------------------------- |
227 | | | |
228 | | | # Pokusime se zjistit jestli ssh nebezi na jinem portu, pokud ano pak z cele |
229 | | | # site czela.net presmerujeme spojeni na portu 22 na aktualni port a samozrejme |
230 | | | # dany port povolime, aby bylo mozno se na pc pres ssh prihlasit. |
231 | | | |
232 | | | if [ -e "$SSHD_CONFIG" ]; then |
233 | | | while read A B; do |
234 | | | if [ "`echo $A | grep -v \# | grep -i port`" != "" ] && [ "$B" != "22" ]; then |
235 | | | echo -n "ssh port $B detected..." |
236 | | | # Z vnitrni site povolime pristup na port 22 |
237 | | | $IPTABLES -A INPUT -s $INTERNAL_IP -p TCP --dport 22 -j ACCEPT |
238 | | | # Z vnejsi site povolime pristup na port na kterem bezi opravdu ssh |
239 | | | $IPTABLES -A INPUT -p TCP --dport $B -j ACCEPT |
240 | | | # Prichozi spojeni na ssh 22 presmerujeme ze vnitrni site na dany port na kterem ssh opravdu bezi |
241 | | | I="1" |
242 | | | while true; do |
243 | | | LOCAL_IP="`$IP addr show | grep inet | grep -v inet6 | grep -v : | awk '{print\$2}' | cut -d/ -f1 | sed -n ${I}p`" |
244 | | | if [ "$LOCAL_IP" != "" ]; then |
245 | | | $IPTABLES -t nat -I PREROUTING -s $INTERNAL_IP -p TCP -d $LOCAL_IP --dport 22 -j REDIRECT --to-ports $B |
246 | | | else |
247 | | | break |
248 | | | fi |
249 | | | ((I++)) |
250 | | | done |
251 | | | fi |
252 | | | done < $SSHD_CONFIG |
253 | | | fi |
254 | | | |
255 | | | # NAT - vystupni rozhrani je eth0, natovane adresy jsou z rozsahu 192.168.100.0/24 a budou |
256 | | | # vystupovat na vystupnim rozhrani jako jedina adresa 10.93.251.251 |
257 | | | #$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.100.0/24 -j SNAT --to 10.93.251.251 |
258 | | | |
259 | | | [ "$NAT" == "yes" ] && [ "$NAT_TYPE" != "tree" ] && nat |
260 | | | [ "$NO_P2P" == "yes" ] && p2p_start |
261 | | | [ "$QOS" == "yes" ] && qos_start |
262 | | | [ "$MACGUARD" == "yes" ] && macguard_start |
263 | | | [ "$ACCOUNT" == "yes" ] && account_start |
264 | | | |
265 | | | # Limit poctu celkovych spojeni navazanych skrze router byl presunut do /etc/sysctl.conf |
266 | | | # Spustime sysctl, ktery nastavi jednotlive parametry v souboru /etc/sysctl.conf |
267 | | | $SYSCTL -q -p |
268 | | | |
269 | | | echo "done." |
270 | | | ;; |
271 | | | |
272 | | | stop) |
273 | | | echo -n "Stopping firewall..." |
274 | | | # Vsechna puvodni pravidla smazat |
275 | | | $IPTABLES -F |
276 | | | $IPTABLES -t nat -F |
277 | | | $IPTABLES -t mangle -F |
278 | | | $IPTABLES -X |
279 | | | $IPTABLES -t nat -X |
280 | | | $IPTABLES -t mangle -X |
281 | | | |
282 | | | # Vse povolit |
283 | | | $IPTABLES -P INPUT ACCEPT |
284 | | | $IPTABLES -P OUTPUT ACCEPT |
285 | | | $IPTABLES -P FORWARD ACCEPT |
286 | | | |
287 | | | echo "done." |
288 | | | # Vypneme QoS v tc |
289 | | | qos_stop |
290 | | | ;; |
291 | | | |
292 | | | restart) |
293 | | | "$0" start |
294 | | | ;; |
295 | | | |
296 | | | qos_start) |
297 | | | [ "$QOS" == "yes" ] && qos_start |
298 | | | ;; |
299 | | | |
300 | | | qos_stop) |
301 | | | qos_stop |
302 | | | ;; |
303 | | | |
304 | | | qos_restart) |
305 | | | [ "$QOS" == "yes" ] && qos_start |
306 | | | [ "$QOS" != "yes" ] && qos_stop |
307 | | | ;; |
308 | | | |
309 | | | qos_guaranted_classes) |
310 | | | [ "$QOS" == "yes" ] && qos_guaranted_classes |
311 | | | ;; |
312 | | | |
313 | | | qos_guaranted_class_add_user) |
314 | | | [ "$QOS" == "yes" ] && qos_guaranted_class_add_user "$2" "$3" "$4" |
315 | | | ;; |
316 | | | |
317 | | | qos_guaranted_class_del_user) |
318 | | | [ "$QOS" == "yes" ] && qos_guaranted_class_del_user "$2" |
319 | | | ;; |
320 | | | |
321 | | | macguard_update) |
322 | | | [ "$MACGUARD" == "yes" ] && macguard_start "update" "$2" |
323 | | | ;; |
324 | | | |
325 | | | macguard_stop) |
326 | | | macguard_stop |
327 | | | ;; |
328 | | | |
329 | | | macguard_start) |
330 | | | [ "$MACGUARD" == "yes" ] && macguard_start |
331 | | | ;; |
332 | | | |
333 | | | macguard_allow_user) |
334 | | | [ "$MACGUARD" == "yes" ] && macguard_allow_user "$2" "$3" |
335 | | | ;; |
336 | | | |
337 | | | macguard_deny_user) |
338 | | | [ "$MACGUARD" == "yes" ] && macguard_deny_user "$2" "$3" |
339 | | | ;; |
340 | | | |
341 | | | p2p_start) |
342 | | | p2p_start |
343 | | | ;; |
344 | | | |
345 | | | p2p_stop) |
346 | | | p2p_stop |
347 | | | ;; |
348 | | | |
349 | | | p2p_allow) |
350 | | | p2p_allow_all |
351 | | | ;; |
352 | | | |
353 | | | p2p_deny) |
354 | | | p2p_deny_all |
355 | | | ;; |
356 | | | |
357 | | | p2p_allow_ip) |
358 | | | p2p_allow_ip "$2" |
359 | | | ;; |
360 | | | |
361 | | | p2p_deny_ip) |
362 | | | p2p_deny_ip "$2" |
363 | | | ;; |
364 | | | |
365 | | | account_start) |
366 | | | account_start |
367 | | | ;; |
368 | | | |
369 | | | account_stop) |
370 | | | account_stop |
371 | | | ;; |
372 | | | |
373 | | | account_restart) |
374 | | | account_restart |
375 | | | ;; |
376 | | | |
377 | | | account_reset) |
378 | | | account_reset |
379 | | | ;; |
380 | | | |
381 | | | account_graphs_generate) |
382 | | | [ "$ACCOUNT_GRAPHS_SYSTEM" == "yes" ] && account_graphs_generate_system |
383 | | | [ "$ACCOUNT_GRAPHS_IFACE" == "yes" ] && account_graphs_generate_interfaces |
384 | | | [ "$ACCOUNT_GRAPHS_SIGNAL" == "yes" ] && account_graphs_generate_signal |
385 | | | [ "$ACCOUNT_GRAPHS_DRIVES" == "yes" ] && account_graphs_generate_drives |
386 | | | # GenerovĂĄnĂ ip mĹŻĹže trvat velmi dlouho, hlavnÄ pokud je adres opravdu moc |
387 | | | [ "$ACCOUNT_GRAPHS_IP" == "yes" ] && account_graphs_generate_ip |
388 | | | # GenerovĂĄnĂ mikrotikĹŻ a pingĹŻ mĹŻĹže trvat velmi dlouho, je lepĹĄĂ je dĂĄ aĹž nakonec |
389 | | | [ "$ACCOUNT_GRAPHS_PING" == "yes" ] && account_graphs_generate_pings |
390 | | | [ "$ACCOUNT_GRAPHS_MK_SIGNAL" == "yes" ] && account_graphs_get_mikrotik_wifi_clients |
391 | | | ;; |
392 | | | |
393 | | | account_graphs_generate_ip) |
394 | | | account_graphs_generate_ip |
395 | | | ;; |
396 | | | |
397 | | | account_graphs_generate_system) |
398 | | | account_graphs_generate_system |
399 | | | ;; |
400 | | | |
401 | | | account_graphs_generate_interfaces) |
402 | | | account_graphs_generate_interfaces |
403 | | | ;; |
404 | | | |
405 | | | account_graphs_generate_pings) |
406 | | | account_graphs_generate_pings |
407 | | | ;; |
408 | | | |
409 | | | account_graphs_generate_signal) |
410 | | | account_graphs_generate_signal |
411 | | | ;; |
412 | | | |
413 | | | account_graphs_generate_drives) |
414 | | | account_graphs_generate_drives |
415 | | | ;; |
416 | | | |
417 | | | account_graphs_reset) |
418 | | | account_graphs_reset |
419 | | | ;; |
420 | | | |
421 | | | *) |
422 | | | echo "Usage: $0 {start|stop|restart|macguard_update {force}|qos_start|qos_stop}" |
423 | | | exit 1 |
424 | | | ;; |
425 | | | |
426 | | | esac |
427 | | | |
428 | | | exit 0 |