A follow-up on the idea but still unsure if it’s exactly what you want to achieve…
Script is untested (don’t have multi-wan setup to try it on and I’m not used to make bash scripts). To try on a test environment (not on a production server).
Server Setup: one green (LAN) network, multi-wan in active-backup mode with 2 wan interfaces (named red1 and red2), web content filter.
Objective: when red1 connection goes down, red2 goes up and web content filter profiles are “disabled”, leaving the web content filter active with default profile and the global blacklist/whitelist active as well.
(Pseudo)Solution: create an action to “disable” web content filter profiles and link it to the wan-uplink-update
event.
Web content filter profiles don’t have a prop to enable/disable them, so a workaround could be to create a short-lived time condition and link it to the profiles we want to disable. In fact the profiles won’t be disabled, but they will only take effect within the short time span specified in the time condition.
For this use case a time condition named inactivity (for instance: Sunday from 23:00 to 23:01) is created from the server-manger UI. Profiles are configured from the server-manager without specifying any time condition. If you already make use of profiles linked to time conditions the following approach won’t suit you, as the script disassociates profiles from time conditions (although you can customize it).
Here we use nethserver-shorewall-wan-update
action script as basis for our own script (lsm-wan-update script can complement the example). The copied file will retain permissions (read-only, execution bit…):
cp /etc/e-smith/events/actions/{nethserver-shorewall-wan-update,nethserver-ufdbguard-wan-update}
vi /etc/e-smith/events/actions/nethserver-ufdbguard-wan-update
Content of nethserver-ufdbguard-wan-update:
#!/bin/bash
#
# Copyright (C) 2014 Nethesis S.r.l.
# http://www.nethesis.it - support@nethesis.it
#
# This script is part of NethServer.
#
# NethServer is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License,
# or any later version.
#
# NethServer is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with NethServer. If not, see <http://www.gnu.org/licenses/>.
#
#
# Original work
# (C) 2009,2013 Mika Ilmaranta <ilmis@nullnet.fi>
# Copyright © 2009-2010 Tuomo Soini <tis@foobar.fi>
#
#
# event handling script for use with shorewall multi-isp setup
# To be able to utilize this script you must have shorewall >= 4.4.23.3
#
# Skip event name
shift;
STATE=${1}
NAME=${2}
CHECKIP=${3}
DEVICE=${4}
WARN_EMAIL=${5}
REPLIED=${6}
WAITING=${7}
TIMEOUT=${8}
REPLY_LATE=${9}
CONS_RCVD=${10}
CONS_WAIT=${11}
CONS_MISS=${12}
AVG_RTT=${13}
SRCIP=${14}
PREVSTATE=${15}
TIMESTAMP=${16}
DEVICE=`/sbin/e-smith/db networks getprop ${NAME} interface`
KEYS=(`/sbin/e-smith/db contentfilter keys`)
if [[ ${STATE} = ${PREVSTATE} ]]; then
exit 0
fi
if [[ ${STATE} = "up" ]] && [[ ${NAME} = "red2" ]]; then
# "disable" web content filter profiles
for KEY in ${KEYS[@]}; do
KEYTYPE=`/sbin/e-smith/db contentfilter gettype ${KEY}`
if [[ ${KEYTYPE} = "profile" ]] && [[ ${KEY} != "default_profile" ]]; then
/sbin/e-smith/db contentfilter setprop ${KEY} Time 'time;inactivity'
fi
done
else
# "enable" web content filter profiles
for KEY in ${KEYS[@]}; do
KEYTYPE=`/sbin/e-smith/db contentfilter gettype ${KEY}`
if [[ ${KEYTYPE} = "profile" ]] && [[ ${KEY} != "default_profile" ]]; then
/sbin/e-smith/db contentfilter delprop ${KEY} Time
fi
done
fi
/sbin/e-smith/signal-event nethserver-squidguard-save
exit 0;
Save the read-only file and exit vi with :wq!
Link the action to the event:
cd /etc/e-smith/events/wan-uplink-update/
ln -s ../actions/nethserver-ufdbguard-wan-update S50nethserver-ufdbguard-wan-update
Test it, fix it, adapt it.
Sure there are better solutions but this is the first one that came to mind.