#! /bin/env bash # safe shutdow of IPFire as a Xen DOMU # this also works for opnSense/PFSense; just change 'halt' to # 'poweroff' # Author: R. W. Rodolico # Copyright: 20151021 Daily Data, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # script will call an IPFire installation and request it shut # itself down. It will then wait until the router is shut down # then terminate the DOM0 itself # assumes root on DOM0 has ssh access to IPFire via public key # and assumes private key has no password. To do this: # ssh-keygen -t rsa -b 4096 # then, when it asks for a passphrase, just hit enter. # copy /root/.ssh/id_rsa.pub to the IPFire installation as /root/.ssh/authorized_keys # as root from DOM0, then ssh to IPFire IP address and you should get in with no passphrase. # IPFire must be configured to allow ssh access via public key # WARNING: this decreases security on your IPFire install. Anyone who gains root access to your DOM0 # has root access to your firewall. Protect your scripts and at the first sign of a problem # kill your passphrase-less ssh access # WARNING: I did not write a timeout for this script. It just checks every 5 seconds to see if the # virtual shut down, from now until eternity. # modify the following three variables for your installation # must be the IP of your IPFire firewall IPFIRE_IP=ip.of.router.here # this must be the name as seen by your DOM0 of the IPFire firewall as seen from xl list command DOMU_NAME=ipfire # the port your IPFire virtual listens on for ssh. 222 is the default IPFIRE_PORT=222 # checks to see if IPFire still running using xl list and parsing it for $DOMU_NAME check_shutdown () { xl list | grep $DOMU_NAME > /dev/null || return 1 return 0 } echo "Shutting Down $DOMU_NAME" # if the domain not running, simply exit if check_shutdown then # send halt command to virtual ssh -p $IPFIRE_PORT $IPFIRE_IP 'halt' # Check every 5 seconds to see if it has gone away while check_shutdown do echo -n '. ' sleep 5 done fi echo echo "$DOMU_NAME Shut down"