Inhoud

LAN-Party Schakelaar

Nederlands

Introductie

De LAN-Party schakelaar is geïnspireerd door de Hack42 StateSwitch en te vinden in de windows hoek (zie foto). Met behulp va de sleutel kunnen de netwerk poorten voor diverse games op de firewall open gezet worden.

Hoe het werkt

De sleutel-schakelaar is via een UTP kabel aangesloten op een Managed Switch. In het kastje van de schakelaar is zijn de draden van TX- en RX- met elkaar kort gesloten en zijn TX+ en RX+ aangesloten op de schakelaar. Door met de schakelaar TX+ en RX+ met elkaar te verbinden ziet de switch een link. Op op de firewall wordt met snmpget in een script gekeken wat of de link van de poort waar de schakelaar op aangesloten “UP” of “DOWN” is, wordt daarmee de juiste firewall regels geladen.

Zoals je ziet loopt er momenteel een script die de stand van de schakelaar controleert in een oneindige loop. Een mogelijke versie 2 zal werken via SNMP traps.

Waarvoor kan je het gebruiken

Games spelen en datsoort stuff dus geef je ideen maar.

English

Introduction

The LAN-Party switch is inspired by the Hack42 StateSwitch and is located in the Windows computer corner (see photo). By using this switch the network ports for various games can be opened on the firewall.

How it works

The key-switch is connected to a Managed Network switch. In the box in which the key-switch are the TX- and RX- conductors shortcut. The TX+ and RX+ are routed via the key-switch. By turning the switch, the RX+ and TX+ conductors are shortcut and the network switch sees a link. On the firewall, a script checks the link state of the network port to which the key-switch is connected to see wether the link is “UP” or “DOWN”. If the link state is “UP”, the LAN-Party ruleset is loaded. When the state is “DOWN”, the normal ruleset is loaded. The script also checks the last state (to prevent continuously reloading the rules) and for a lock file. If the lock file exists, the script ignores the state of the key-switch.

Currently the key-switch state is checked in a continuos loop. In a next version, this might change to the use of SNMP traps.

Script

#!/bin/sh
#
## Script: pfswitch
## Purpose: physical switch for loading lanparty ruleset
#

# User Settings
SWITCH="switch.example.com"
SWITCHPORT="42"
INTERVAL="5"
MAILRCPT="bofh@example.com"

# Variables
MYNAME="$(basename "$0")"
PIDFILE="/var/run/${MYNAME}.pid"
LOCKFILE="/var/run/${MYNAME}.lock"
STATEFILE="/var/run/${MYNAME}.state"
LOGFILE="/var/log/pfswitch.log"

# Check wether we are already running
if [ -f "${PIDFILE}" ]
then
       ps -p "$(cat "${PIDFILE}")" > /dev/null 2>&1
       if [ $? -ne 0 ]         # Process not found, stale pid file
       then
               rm "${PIDFILE}" # Remove stale pid file
       else
               exit 0          # Exit, we are already running
       fi
fi
echo $$ > "${PIDFILE}"

# Get port state
while true
do
       STATE="$(/usr/local/bin/snmpget -v 2c -c FWSWITCH "${SWITCH}" "IF-MIB::ifOperStatus.${SWITCHPORT}" | sed -e 's/.*(//' -e 's/)//')"
       if [ "${STATE}" != "${PREVSTATE}" -a ! -f "${LOCKFILE}" ]
       then
               if [ "${STATE}" -eq 2 ]
               then
                       /sbin/pfctl -k LANPART_LOW -k LANPARTY -k LANPARTY_INTERACTIVE -k LANPARTY_INTERACTIVE -k LANPARTY_HIGH
                       /sbin/pfctl -f /etc/pf.conf
                       MESSAGE="$(date): Normal firewall ruleset loaded."
                       echo "${MESSAGE}" >> "${LOGFILE}"
                       logger -t "${MYNAME}" "${MESSAGE}"
                       echo "${MESSAGE}" | mailx -s "${MESSAGE}" "${MAILRCPT}" > /dev/null
                       echo "Normal" > "${STATEFILE}"
               else
                       /sbin/pfctl -f /etc/pf.conf.lanparty
                       MESSAGE="$(date): LAN-Party firewall ruleset loaded."
                       echo "${MESSAGE}" >> "${LOGFILE}"
                       logger -t "${MYNAME}" "${MESSAGE}"
                       echo "${MESSAGE}" | mailx -s "${MESSAGE}" "${MAILRCPT}" > /dev/null
                       echo "Lanparty" > "${STATEFILE}"
               fi
       fi
       PREVSTATE="${STATE}"
       sleep "${INTERVAL}"
done