forked from vedetta-com/vedetta
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathifstated.conf
112 lines (99 loc) · 3.44 KB
/
ifstated.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# $OpenBSD: ifstated.conf,v 1.2 2018/01/20 23:07:58 mpf Exp $
# configured to:
# - reconnect egress if disconnected
# - update IP for dynamic DNS (ie. freedns.afraid.org)
# - update IP for encapsulated IPv6 (ie. tunnelbroker.net)
# - syslog and email notifications
# Global Configuration
init-state auto
# Macros
egress_up = "em0.link.up"
inet = '( "ping -q -c 1 -w 4 216.66.38.58 > /dev/null" every 60 || \
"ping -q -c 1 -w 4 172.217.8.174 > /dev/null" every 63 )'
inet6 = '( "ping6 -q -c 1 -w 4 2001:470:1c:7b8::1 > /dev/null" every 60 || \
"ping6 -q -c 1 -w 4 2a00:1450:4014:800::200e > /dev/null" every 63 )'
newip = '( "[[ $(dig +short @8.8.8.8 freedns.afraid.org) != \
$(ifconfig egress | awk \'$1 ~ /^inet$/{print $2;exit;}\') ]]" every 126)'
# Append advertised recursive DNS server to resolv.conf (slaacd)
# (!) caveats: server, not servers
# Enable by adding the same nameserver in:
# `echo "nameserver 2001:4860:4860::8888" >> /etc/resolv.conf.tail`
# `echo "nameserver 2001:4860:4860::8888" > /etc/resolv.conf.slaac`
rdns = '( "grep -w \
$(slaacctl show interface em0 | awk \'{if ($1 == \"rdns:\") print $2;}\' |\
sed \'s/,//\') /etc/resolv.conf.slaac > /dev/null" every 3600 )' # ifup
# State Definitions
state auto {
if (! $egress_up) {
run "logger -t ifstated '(auto) egress down'"
set-state ifdown
}
if ($egress_up) {
run "logger -t ifstated '(auto) egress up'"
set-state ifup
}
}
state ifdown {
init {
run "sh /etc/netstart em0 && \
logger -t ifstated '(ifdown) egress reset'"
}
if ($egress_up) {
run "logger -t ifstated '(ifdown) egress up'"
set-state ifup
}
}
state ifup {
if (! $rdns) {
# Update rdns
run "sed -i \"s/$(grep -w $(grep 'nameserver' /etc/resolv.conf.slaac | awk '{print $2}') /etc/resolv.conf.tail | awk '{print $2}')/$(slaacctl show interface em0 | awk '{if ($1 == \"rdns:\") print $2;}' | sed 's|,||')/\" /etc/resolv.conf.tail /etc/resolv.conf.slaac /etc/resolv.conf"
run "logger -t ifstated '(ifup) IPv6 rdns'"
}
if ($inet) {
run "ifconfig egress | \
mail -s '(ifup) IPv4 up' root@localhost"
run "logger -t ifstated '(ifup) IPv4 up'"
set-state internet
}
if (! $inet && "sleep 10" every 10) {
run "logger -t ifstated '(ifup) IPv4 down'"
set-state ifdown
}
}
state internet {
if ($inet && $newip) {
run "printf '%b\n' \"\r\" | \
mail -s '(internet) updating IP' root@localhost"
run "logger -t ifstated '(internet) updating IP'"
run "ftp -o - \
'https://freedns.afraid.org/dynamic/update.php?KEY='"
run "printf '%b\n' \"
GET /nic/update?hostname=000000 HTTP/1.1\n
Host: ipv4.tunnelbroker.net\n
Authorization: Basic base64\n
User-Agent: OpenBSD nc\n
Accept: */*\n
\r\" | nc -vc ipv4.tunnelbroker.net 443"
run "sh /etc/netstart gif0 && \
logger -t ifstated '(internet) reset egress6'"
}
if (! $inet && ! $inet6) {
run "logger -t ifstated '(internet) IPv4 and IPv6 down'"
set-state ifdown
}
if ($inet && ! $inet6) {
run "printf '%b\n' \"\r\" | \
mail -s '(internet) IPv6 down' root@localhost"
run "logger -t ifstated '(internet) IPv6 down'"
run "cat /var/log/messages | \
grep \"$(date +DATE: '%b %d')\" | \
grep 'No buffer space available' && \
printf '%b\n' \"\r\" | \
mail -s '(internet) No buffer space available' root@localhost || \
sh /etc/netstart gif0; \
logger -t ifstated '(internet) reset egress6'"
}
if ($inet && $inet6) {
run "logger -t ifstated '(internet) IPv4 and IPv6 up'"
}
}