====== LAN-Party Schakelaar ====== {{:lanparty:pfwitch.jpg|}} ===== Nederlands ===== ==== Introductie ==== De LAN-Party schakelaar is geïnspireerd door de [[https://hack42.nl/wiki/index.php/Gebruiker:RickDeckardt/SpaceStateSwitch|Hack42 StateSwitch]] en te vinden in de windows hoek (zie foto). Met behulp va de sleutel kunnen de netwerk poorten voor diverse games op de firewall open gezet worden. ==== Hoe het werkt ==== De sleutel-schakelaar is via een UTP kabel aangesloten op een Managed Switch. In het kastje van de schakelaar is zijn de draden van TX- en RX- met elkaar kort gesloten en zijn TX+ en RX+ aangesloten op de schakelaar. Door met de schakelaar TX+ en RX+ met elkaar te verbinden ziet de switch een link. Op op de firewall wordt met ''snmpget'' in een script gekeken wat of de link van de poort waar de schakelaar op aangesloten "UP" of "DOWN" is, wordt daarmee de juiste firewall regels geladen. Zoals je ziet loopt er momenteel een script die de stand van de schakelaar controleert in een oneindige loop. Een mogelijke versie 2 zal werken via SNMP traps. ===== Waarvoor kan je het gebruiken ===== Games spelen en datsoort stuff dus geef je ideen maar. ===== English ===== ==== Introduction ==== The LAN-Party switch is inspired by the [[https://hack42.nl/wiki/index.php/Gebruiker:RickDeckardt/SpaceStateSwitch|Hack42 StateSwitch]] and is located in the Windows computer corner (see photo). By using this switch the network ports for various games can be opened on the firewall. ==== How it works ==== The key-switch is connected to a Managed Network switch. In the box in which the key-switch are the TX- and RX- conductors shortcut. The TX+ and RX+ are routed via the key-switch. By turning the switch, the RX+ and TX+ conductors are shortcut and the network switch sees a link. On the firewall, a script checks the link state of the network port to which the key-switch is connected to see wether the link is "UP" or "DOWN". If the link state is "UP", the LAN-Party ruleset is loaded. When the state is "DOWN", the normal ruleset is loaded. The script also checks the last state (to prevent continuously reloading the rules) and for a lock file. If the lock file exists, the script ignores the state of the key-switch. Currently the key-switch state is checked in a continuos loop. In a next version, this might change to the use of SNMP traps. ===== Script ===== #!/bin/sh # ## Script: pfswitch ## Purpose: physical switch for loading lanparty ruleset # # User Settings SWITCH="switch.example.com" SWITCHPORT="42" INTERVAL="5" MAILRCPT="bofh@example.com" # Variables MYNAME="$(basename "$0")" PIDFILE="/var/run/${MYNAME}.pid" LOCKFILE="/var/run/${MYNAME}.lock" STATEFILE="/var/run/${MYNAME}.state" LOGFILE="/var/log/pfswitch.log" # Check wether we are already running if [ -f "${PIDFILE}" ] then ps -p "$(cat "${PIDFILE}")" > /dev/null 2>&1 if [ $? -ne 0 ] # Process not found, stale pid file then rm "${PIDFILE}" # Remove stale pid file else exit 0 # Exit, we are already running fi fi echo $$ > "${PIDFILE}" # Get port state while true do STATE="$(/usr/local/bin/snmpget -v 2c -c FWSWITCH "${SWITCH}" "IF-MIB::ifOperStatus.${SWITCHPORT}" | sed -e 's/.*(//' -e 's/)//')" if [ "${STATE}" != "${PREVSTATE}" -a ! -f "${LOCKFILE}" ] then if [ "${STATE}" -eq 2 ] then /sbin/pfctl -k LANPART_LOW -k LANPARTY -k LANPARTY_INTERACTIVE -k LANPARTY_INTERACTIVE -k LANPARTY_HIGH /sbin/pfctl -f /etc/pf.conf MESSAGE="$(date): Normal firewall ruleset loaded." echo "${MESSAGE}" >> "${LOGFILE}" logger -t "${MYNAME}" "${MESSAGE}" echo "${MESSAGE}" | mailx -s "${MESSAGE}" "${MAILRCPT}" > /dev/null echo "Normal" > "${STATEFILE}" else /sbin/pfctl -f /etc/pf.conf.lanparty MESSAGE="$(date): LAN-Party firewall ruleset loaded." echo "${MESSAGE}" >> "${LOGFILE}" logger -t "${MYNAME}" "${MESSAGE}" echo "${MESSAGE}" | mailx -s "${MESSAGE}" "${MAILRCPT}" > /dev/null echo "Lanparty" > "${STATEFILE}" fi fi PREVSTATE="${STATE}" sleep "${INTERVAL}" done