linux-floppy-router/initramfs-source/init

#!/bin/busybox sh
## Init script for floppylinux ##

export PATH="/bin:/sbin/:/usr/bin:/usr/sbin"
WAN_IF=eth0
LAN_IF=eth1
LAN_IP=192.168.100.1
LAN_SUBNET=24
WG_IF=wg0
WG_IP=172.16.0.1/24
WG_ROUTED_SUBNET=


## Functions ##

# Log text to console
log () {
	echo "[BOOT] $1"
}

# Show boot banner
show_banner () {
	echo ""
	echo "###################################"
	echo "### Itty-Bitty Floppy Router OS ###"
	echo "###################################"
	echo ""
}

# Show errors
err () {
	echo "[WARN] Something went wrong. Dropping you to shell"
	$CMD_SHELL
	exit 1
}


## Begin booting userspace ##

show_banner

if [ ! -e /bin/sh ]; then
	log "Installing BusyBox applets"
	/bin/busybox --install -s /bin || err
fi

log "Ensuring necessary directories exist"
for DIR in /proc /sys /dev /run /var/lib/misc; do
	[ -e "${DIR}" ] || mkdir -p "${DIR}" || err
done

log "Mounting /proc"
mount -t proc proc /proc || err

log "Mounting /sys"
mount -t sysfs sysfs /sys || err

log "Mounting /dev"
mount -t devtmpfs devtmpfs /dev || err

log "Mounting /dev/pts"
mkdir -p /dev/pts || err
mount -t devpts devpts /dev/pts >/dev/null || err

log "Configuring WAN interface"
ip link set dev "${WAN_IF}" up
udhcpc "${WAN_IF}" >/dev/null

log "Configuring LAN interface"
ip link set dev "${LAN_IF}" up
ip addr add "${LAN_IP}/${LAN_SUBNET}" dev "${LAN_IF}"

if [ -e "/usr/sbin/iptables" ]; then
	log "Configuring IPtables"
	
	# Set default policies
	iptables -P INPUT DROP
	iptables -P FORWARD DROP
	iptables -P OUTPUT ACCEPT
	
	# Allow all related and established connections
	iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
	iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

	# Drop invalid packets
	iptables -A INPUT -m conntrack --ctstate INVALID -j DROP

	# Allow communication on loopback interface
	iptables -A INPUT -i lo -j ACCEPT
	iptables -A OUTPUT -o lo -j ACCEPT

	# Allow input from LAN
	iptables -A INPUT -i "${LAN_IF}" -j ACCEPT

	# Allow forwarding from LAN to WAN
	iptables -A FORWARD -i "${LAN_IF}" -o "${WAN_IF}" -j ACCEPT

	# Masquerade outgoing packets on WAN and Wireguard
	iptables -A POSTROUTING -t nat -o "${WAN_IF}" -j MASQUERADE
	iptables -A POSTROUTING -t nat -o "${WG_IF}" -j MASQUERADE
fi

read -r $IP_FORWARD < /proc/sys/net/ipv4/ip_forward
if [ "${IP_FORWARD}" != "1" ]; then
	log "Enabling IP forwarding"
	echo 1 > /proc/sys/net/ipv4/ip_forward
fi

if [ -f "/etc/wireguard/${WG_IF}.conf" ]; then
	log "Configuring Wireguard interface"
	ip link add ${WG_IF} type wireguard
	wg setconf ${WG_IF} /etc/wireguard/${WG_IF}.conf
	ip link set dev "${WG_IF}" up
	ip addr add "${WG_IP}" dev ${WG_IF}
	
	if [ -n "${WG_ROUTED_SUBNET}" ]; then
		ip route add "${WG_ROUTED_SUBNET}" dev ${WG_IF}
	fi
fi

if [ -f "/etc/udhcpd.$LAN_IF.conf" ]; then
	log "Starting DHCP server"
	udhcpd "/etc/udhcpd.$LAN_IF.conf"
fi

log "Starting telnetd"
echo "Floppy Router OS" > /etc/issue
telnetd -l /bin/sh

log "Bootup complete"
log "Starting shell"

while echo -n; do
	/bin/sh
done