0
0
Fork 0
easterhegg-2005-website/noc/scripts/network-foo

420 lines
17 KiB
Bash
Executable file

#!/bin/bash
IN_RATE="4900"
OUT_RATE="460"
wlan="vlan24"
kabel="bond0"
manage="vlan42"
pppoe="vlan22"
outside="ppp0"
freifunk="vlan23"
imq_in="imq0"
#imq_out="imq1"
imq_out="ppp0"
#IPTABLES="/usr/sbin/iptables"
#IP6TABLES="/usr/sbin/ip6tables"
IPTABLES="my_iptables"
IP6TABLES="my_ip6tables"
IP="/sbin/ip"
#TC="/sbin/tc"
TC="my_tc"
modules="ip_conntrack ip6_conntrack ip_nat_ftp ip_nat_irc ip_nat_tftp"
# helper functions
my_iptables() {
#echo "iptables $@"
/usr/sbin/iptables "$@" || echo "failed: iptables $@"
}
my_ip6tables() {
#echo "ip6tables $@"
/usr/sbin/ip6tables "$@" || echo "failed: ip6tables $@"
}
my_tc() {
/sbin/tc "$@" || echo "failed: tc $@"
}
DROP() {
local chain="$1"
shift
$IPTABLES -A "$chain" $@ -m limit --limit 3/s -j LOG --log-prefix "$chain "
$IPTABLES -A "$chain" $@ -j DROP
}
ACCEPT() {
local chain="$1"
shift
$IPTABLES -A "$chain" $@ -j ACCEPT
}
RETURN() {
local chain="$1"
shift
$IPTABLES -A "$chain" $@ -j RETURN
}
DROP6() {
local chain="$1"
shift
$IP6TABLES -A "$chain" $@ -j LOG --log-prefix "$chain "
$IP6TABLES -A "$chain" $@ -j DROP
}
ACCEPT6() {
local chain="$1"
shift
$IP6TABLES -A "$chain" $@ -j ACCEPT
}
RETURN6() {
local chain="$1"
shift
$IP6TABLES -A "$chain" $@ -j RETURN
}
# chaos-vpn restart first
echo "reload chaosvpn"
/usr/local/bin/chaosvpn-client.pl
# flush it
echo "play with iptables"
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -t filter -F
$IP6TABLES -t mangle -F
$IP6TABLES -t filter -F
$IPTABLES -t nat -X
$IPTABLES -t mangle -X
$IPTABLES -t filter -X
$IP6TABLES -t mangle -X
$IP6TABLES -t filter -X
# load modules
for m in $modules ; do
modprobe "$m"
done
# sysctls
echo 65535 >/proc/sys/net/ipv4/ip_conntrack_max
echo 1 >/proc/sys/net/ipv4/ip_forward
# generic imq init
/sbin/modprobe imq
$IP link set $imq_in up
$IP link set $imq_out up
# anti spoof ipv4
$IPTABLES -N antispoof
RETURN antispoof -i $freifunk -s 172.16.1.100/32 # do not look ,)
RETURN antispoof -i lo
RETURN antispoof -i ppp0
RETURN antispoof -i chaos_vpn
RETURN antispoof -i tap0
RETURN antispoof -s 0.0.0.0/32
RETURN antispoof -i bond0 -s 172.16.0.0/22
RETURN antispoof -i vlan22 -s 192.168.178.0/24
RETURN antispoof -i vlan23 -s 10.0.0.0/8
RETURN antispoof -i vlan24 -s 172.16.4.0/22
RETURN antispoof -i vlan25 -s 172.16.25.0/24
RETURN antispoof -i vlan42 -s 172.16.42.0/24
DROP antispoof
# anti spoof ipv6
$IP6TABLES -N antispoof6
RETURN6 antispoof6 -s ::/128
RETURN6 antispoof6 -i lo
RETURN6 antispoof6 -i ppp0
RETURN6 antispoof6 -i chaos_vpn
RETURN6 antispoof6 -i tap0
RETURN6 antispoof6 -i bond0 -s 2001:748:306::/64
RETURN6 antispoof6 -i vlan22 -s 2001:748:306:22::/64
RETURN6 antispoof6 -i vlan23 -s 2001:748:306:23::/64
RETURN6 antispoof6 -i vlan24 -s 2001:748:306:24::/64
RETURN6 antispoof6 -i vlan25 -s 2001:748:306:25::/64
RETURN6 antispoof6 -i vlan42 -s 2001:748:306:42::/64
RETURN6 antispoof6 -s fe80::/16
DROP6 antispoof6
# router direct filtering ipv4
$IPTABLES -A INPUT -j antispoof
ACCEPT INPUT -i lo
$IPTABLES -A INPUT -i $outside -m state --state NEW -j DROP
$IPTABLES -A INPUT -p tcp --dport 135:139 -j DROP
$IPTABLES -A INPUT -p udp --dport 135:139 -j DROP
ACCEPT INPUT -m state --state ESTABLISHED,RELATED
ACCEPT INPUT -p udp --dport 53
ACCEPT INPUT -p tcp --dport 53
ACCEPT INPUT -p udp --dport 67:68
ACCEPT INPUT -p tcp --dport 80
ACCEPT INPUT -p tcp --dport 2121
#ACCEPT INPUT -p tcp --dport 40000:40999
#ACCEPT INPUT -p tcp --dport 41000:41999
ACCEPT INPUT -p tcp --dport 3128
ACCEPT INPUT -p udp --dport 123
ACCEPT INPUT -p tcp --dport 22 -i $manage
ACCEPT INPUT -p udp --dport 161 -i $manage
ACCEPT INPUT -p icmp --icmp-type echo-request
ACCEPT INPUT -p udp -i $freifunk --dport 698 # olsr
ACCEPT INPUT -p udp -i $wlan --dport 698 # olsr
ACCEPT INPUT -p udp -i $kabel --dport 698 # olsr
ACCEPT INPUT -p udp --dport 5198:5199
$IPTABLES -A INPUT -p udp --dport 192 -j DROP # we don't want to see this junk
$IPTABLES -A INPUT -p udp --dport 1900 -j DROP # we don't want to see this junk
$IPTABLES -A INPUT -i $outside -j DROP
DROP INPUT
# router direct filtering ipv6
$IP6TABLES -A INPUT -j antispoof6
ACCEPT6 INPUT -i lo
$IP6TABLES -A INPUT -i $outside -m state --state NEW -j DROP
$IP6TABLES -A INPUT -p tcp --dport 135:139 -j DROP
$IP6TABLES -A INPUT -p udp --dport 135:139 -j DROP
ACCEPT6 INPUT -m state --state ESTABLISHED,RELATED
ACCEPT6 INPUT -s 0/0 -d ff02::/16
ACCEPT6 INPUT -p udp --dport 53
ACCEPT6 INPUT -p tcp --dport 53
ACCEPT6 INPUT -p udp --dport 67:68
ACCEPT6 INPUT -p tcp --dport 80
ACCEPT6 INPUT -p tcp --dport 2121
ACCEPT6 INPUT -p tcp --dport 3128
ACCEPT6 INPUT -p udp --dport 123
ACCEPT6 INPUT -p tcp --dport 22 -i $manage
ACCEPT6 INPUT -p tcp --dport 22 -s 2001:6F8:975::/48
ACCEPT6 INPUT -p tcp --dport 22 -s 2001:6F8:94B::/48
ACCEPT6 INPUT -p tcp --dport 22 -s 2001:6f8:900:0049::2/128
ACCEPT6 INPUT -p udp --dport 161 -i $manage
ACCEPT6 INPUT -p icmpv6
ACCEPT6 INPUT -p udp -i $freifunk --dport 698 # olsr
ACCEPT6 INPUT -p udp -i $wlan --dport 698 # olsr
ACCEPT6 INPUT -p udp -i $kabel --dport 698 # olsr
$IP6TABLES -A INPUT -p udp --dport 192 -j DROP
$IP6TABLES -A INPUT -p udp --dport 1900 -j DROP
$IP6TABLES -A INPUT -i $outside -j DROP
DROP6 INPUT
# router output ipv4
ACCEPT OUTPUT -o lo
ACCEPT OUTPUT -p udp --dport 67:68
ACCEPT OUTPUT -p udp --sport 53
ACCEPT OUTPUT -p tcp --sport 53
ACCEPT OUTPUT -m state --state NEW,ESTABLISHED,RELATED
DROP OUTPUT
# router output ipv6
ACCEPT6 OUTPUT -o lo
ACCEPT6 OUTPUT -s fe80::/16
ACCEPT6 OUTPUT -d ff02::/16
ACCEPT6 OUTPUT -p udp --dport 67:68
ACCEPT6 OUTPUT -p udp --sport 53
ACCEPT6 OUTPUT -p tcp --sport 53
ACCEPT6 OUTPUT -p icmpv6
ACCEPT6 OUTPUT -m state --state NEW,ESTABLISHED,RELATED
DROP6 OUTPUT
# p2pblock
$IPTABLES -N p2pblock
DROP p2pblock -m mark --mark 2342
# - no drop, we use shaping now
#DROP p2pblock -p tcp --dport 5025
#DROP p2pblock -p tcp --dport 6346
#DROP p2pblock -p tcp --dport 6347
#DROP p2pblock -p udp --dport 6346
#DROP p2pblock -p udp --dport 6347
#DROP p2pblock -p tcp --dport 4660:4669
#DROP p2pblock -p udp --dport 4660:4669
#DROP p2pblock -p tcp --sport 4660:4669
#DROP p2pblock -p udp --sport 4660:4669
#DROP p2pblock -p tcp --dport 1214
#DROP p2pblock -p udp --dport 1214
#DROP p2pblock -p tcp --sport 1214
#DROP p2pblock -p udp --sport 1214
#DROP p2pblock -p tcp --dport 1234
#DROP p2pblock -p tcp --dport 5498
#DROP p2pblock -p tcp --dport 5499
#DROP p2pblock -p tcp --dport 5500
#DROP p2pblock -p tcp --dport 5501
#DROP p2pblock -p tcp --dport 6699
DROP p2pblock -d 64.245.58.0/24
DROP p2pblock -d 64.245.59.0/24
DROP p2pblock -d 216.35.208.0/24
DROP p2pblock -d 209.25.178.0/24
DROP p2pblock -d 209.61.186.0/24
DROP p2pblock -d 64.49.201.0/24
RETURN p2pblock
# forwarding ipv4
$IPTABLES -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
$IPTABLES -A FORWARD -j antispoof
$IPTABLES -A FORWARD -i $outside -j p2pblock
$IPTABLES -A FORWARD -o $outside -j p2pblock
ACCEPT FORWARD -o $manage -d 172.16.42.3/32 -p tcp --dport 80 -m state --state NEW
DROP FORWARD -o $manage -m state --state NEW
ACCEPT FORWARD -i $manage -o $pppoe -m state --state NEW
DROP FORWARD -o $pppoe -m state --state NEW
ACCEPT FORWARD
# forwarding ipv6
$IP6TABLES -A FORWARD -j antispoof6
ACCEPT6 FORWARD -o $manage -d 2001:748:306:42::2/128 -p tcp --dport 80 -m state --state NEW
DROP6 FORWARD -o $manage -m state --state NEW
ACCEPT6 FORWARD -i $manage -o $pppoe -m state --state NEW
DROP6 FORWARD -o $pppoe -m state --state NEW
ACCEPT6 FORWARD
# enable nat
$IPTABLES -t nat -A PREROUTING -p tcp --dport 80 -d 172.16.0.0/12 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp --dport 80 -d 10.0.0.0/8 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp --dport 80 -d 192.168.0.0/8 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $wlan -p tcp --dport 80 -j REDIRECT --to-port 80
$IPTABLES -t nat -A PREROUTING -i $kabel -p tcp --dport 80 -j REDIRECT --to-port 80
$IPTABLES -t nat -A PREROUTING -i $freifunk -p tcp --dport 80 -j REDIRECT --to-port 80
$IPTABLES -t nat -A PREROUTING -i $wlan -p tcp --dport 80 -j REDIRECT --to-port 80
$IPTABLES -t nat -A PREROUTING -i $manage -p tcp --dport 80 -j REDIRECT --to-port 80
$IPTABLES -t nat -A PREROUTING -i $outside -p udp --dport 5198:5199 -j DNAT --to-destination 172.16.25.99
#$IPTABLES -t nat -A PREROUTING -p tcp --dport 21 -d 172.16.0.0/12 -j ACCEPT
#$IPTABLES -t nat -A PREROUTING -p tcp --dport 21 -d 10.0.0.0/8 -j ACCEPT
#$IPTABLES -t nat -A PREROUTING -p tcp --dport 21 -d 192.168.0.0/8 -j ACCEPT
#$IPTABLES -t nat -A PREROUTING -p tcp --dport 21 -d 127.0.0.0/8 -j ACCEPT
#$IPTABLES -t nat -A PREROUTING -i $wlan -p tcp --dport 21 -j REDIRECT --to-port 2121
#$IPTABLES -t nat -A PREROUTING -i $kabel -p tcp --dport 21 -j REDIRECT --to-port 2121
#$IPTABLES -t nat -A PREROUTING -i $freifunk -p tcp --dport 21 -j REDIRECT --to-port 2121
#$IPTABLES -t nat -A PREROUTING -i $wlan -p tcp --dport 21 -j REDIRECT --to-port 2121
#$IPTABLES -t nat -A PREROUTING -i $manage -p tcp --dport 21 -j REDIRECT --to-port 2121
$IPTABLES -t nat -A POSTROUTING -o $outside -j MASQUERADE
# marks for p2p
$IPTABLES -t mangle -N p2pblock
$IPTABLES -t mangle -A p2pblock -m mark --mark 2342 -j RETURN # already classified as p2p
$IPTABLES -t mangle -A p2pblock -m ipp2p --ipp2p -j MARK --set-mark 2342
$IPTABLES -t mangle -A p2pblock -o $outside -p tcp --dport 6881 -j MARK --set-mark 2342
$IPTABLES -t mangle -A p2pblock -i $outside -p tcp --sport 6881 -j MARK --set-mark 2342
$IPTABLES -t mangle -A p2pblock -j RETURN
# set marks for shaping
# generic rules first, specific later
$IPTABLES -t mangle -N shaping
#$IPTABLES -t mangle -A shaping -m mark \! --mark 0 -j RETURN # already classified
$IPTABLES -t mangle -A shaping -m mark --mark 2342 -j RETURN # already classified
$IPTABLES -t mangle -A shaping -s 194.97.108.53/32 -j MARK --set-mark 15
$IPTABLES -t mangle -A shaping -s 194.97.108.53/32 -j RETURN
$IPTABLES -t mangle -A shaping -d 194.97.108.53/32 -j MARK --set-mark 15
$IPTABLES -t mangle -A shaping -d 194.97.108.53/32 -j RETURN
#icmp
$IPTABLES -t mangle -A shaping -p icmp -j MARK --set-mark 12
$IPTABLES -t mangle -A shaping -p icmp --icmp-type echo-request -j MARK --set-mark 13
$IPTABLES -t mangle -A shaping -p icmp --icmp-type echo-reply -j MARK --set-mark 13
$IPTABLES -t mangle -A shaping -p icmp -j RETURN # icmp done
# tcp
$IPTABLES -t mangle -A shaping -p tcp -j MARK --set-mark 10
$IPTABLES -t mangle -A shaping -p tcp --dport 6667:6669 -j MARK --set-mark 14 # normal 14
$IPTABLES -t mangle -A shaping -p tcp --sport 6667:6669 -j MARK --set-mark 14 # normal 14
for m in 21 22 53 80 119 443 ; do
$IPTABLES -t mangle -A shaping -p tcp --dport $m -j MARK --set-mark $m
$IPTABLES -t mangle -A shaping -p tcp --sport $m -j MARK --set-mark $m
done
$IPTABLES -t mangle -A shaping -p tcp -m helper --helper ftp -j MARK --set-mark 21
$IPTABLES -t mangle -A shaping -p tcp -m length --length 1:150 -j MARK --set-mark 16
$IPTABLES -t mangle -A shaping -p tcp --dport 22 -m tos --tos Minimize-Delay -m length --length 0:256 -j MARK --set-mark 14
$IPTABLES -t mangle -A shaping -p tcp --sport 22 -m tos --tos Minimize-Delay -m length --length 0:256 -j MARK --set-mark 14
$IPTABLES -t mangle -A shaping -p tcp -j RETURN
# misc protocols
$IPTABLES -t mangle -A shaping -p 47 -j MARK --set-mark 11 # gre / pptp
$IPTABLES -t mangle -A shaping -p 50 -j MARK --set-mark 11 # ipsec esp
$IPTABLES -t mangle -A shaping -p 51 -j MARK --set-mark 11 # ipsec ah
# udp
$IPTABLES -t mangle -A shaping -p udp -j MARK --set-mark 11
for m in 53 ; do
$IPTABLES -t mangle -A shaping -p udp --dport $m -j MARK --set-mark $m
$IPTABLES -t mangle -A shaping -p udp --sport $m -j MARK --set-mark $m
done
$IPTABLES -t mangle -A shaping -p udp -j RETURN
# leftovers
$IPTABLES -t mangle -A shaping -j MARK --set-mark 42
$IPTABLES -t mangle -A shaping -j RETURN
# generic mangle
$IPTABLES -t mangle -A PREROUTING -j CONNMARK --restore-mark
$IPTABLES -t mangle -A PREROUTING -j p2pblock
$IPTABLES -t mangle -A PREROUTING -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -i $outside -j IMQ --todev 0
$IPTABLES -t mangle -A FORWARD -j CONNMARK --restore-mark
$IPTABLES -t mangle -A FORWARD -i $outside -j shaping
$IPTABLES -t mangle -A FORWARD -o $outside -j shaping
$IPTABLES -t mangle -A FORWARD -j CONNMARK --save-mark
$IPTABLES -t mangle -A INPUT -j CONNMARK --restore-mark
$IPTABLES -t mangle -A INPUT -i $outside -j shaping
$IPTABLES -t mangle -A INPUT -j CONNMARK --save-mark
$IPTABLES -t mangle -A OUTPUT -j CONNMARK --restore-mark
$IPTABLES -t mangle -A OUTPUT -o $outside -j shaping
$IPTABLES -t mangle -A OUTPUT -j CONNMARK --save-mark
$IPTABLES -t mangle -A POSTROUTING -j CONNMARK --restore-mark
#$IPTABLES -t mangle -A POSTROUTING -o $outside -j IMQ --todev 1
# INPUT SHAPING QUEUES
$TC qdisc del dev $imq_in root
$TC qdisc add dev $imq_in root handle 1: htb default 42
$TC class add dev $imq_in parent 1: classid 1:1 htb rate "${IN_RATE}Kbit" quantum 1500
$TC class add dev $imq_in parent 1:1 classid 1:42 htb rate 64kbit ceil 256kbit quantum 1500 prio 6
$TC class add dev $imq_in parent 1:1 classid 1:2342 htb rate 8kbit ceil 8kbit quantum 1500 prio 20
$TC class add dev $imq_in parent 1:1 classid 1:10 htb rate 500kbit ceil 2000kbit quantum 1500 prio 6
$TC class add dev $imq_in parent 1:1 classid 1:11 htb rate 500kbit ceil 2000kbit quantum 1500 prio 6
$TC class add dev $imq_in parent 1:1 classid 1:12 htb rate 32kbit ceil 128kbit quantum 1500 prio 5
$TC class add dev $imq_in parent 1:1 classid 1:13 htb rate 32kbit ceil 128kbit quantum 1500 prio 4
$TC class add dev $imq_in parent 1:1 classid 1:14 htb rate 512kbit ceil 4000kbit quantum 1500 prio 3
$TC class add dev $imq_in parent 1:1 classid 1:15 htb rate 1024kbit ceil 4000kbit quantum 1500 prio 3
$TC class add dev $imq_in parent 1:1 classid 1:16 htb rate 512kbit ceil 4000kbit quantum 1500 prio 4
$TC class add dev $imq_in parent 1:1 classid 1:21 htb rate 512kbit ceil 4000kbit quantum 1500 prio 7
$TC class add dev $imq_in parent 1:1 classid 1:22 htb rate 512kbit ceil 4000kbit quantum 1500 prio 5
$TC class add dev $imq_in parent 1:1 classid 1:53 htb rate 64kbit ceil 512kbit quantum 1500 prio 0
$TC class add dev $imq_in parent 1:1 classid 1:80 htb rate 1000kbit ceil 4000kbit quantum 1500 prio 6
$TC class add dev $imq_in parent 1:1 classid 1:119 htb rate 32kbit ceil 64kbit quantum 1500 prio 20
$TC class add dev $imq_in parent 1:1 classid 1:443 htb rate 1000kbit ceil 4000kbit quantum 1500 prio 5
for c in 42 2342 10 11 12 13 14 15 16 21 22 53 80 119 443 ; do
# sfq fuer alle
$TC qdisc add dev $imq_in parent 1:$c handle $c: sfq perturb 10
# filter by fwmark
$TC filter add dev $imq_in parent 1:0 prio 0 protocol ip handle $c fw flowid 1:$c
done
# OUTPUT SHAPING QUEUES
$TC qdisc del dev $imq_out root
$TC qdisc add dev $imq_out root handle 1: htb default 42
$TC class add dev $imq_out parent 1: classid 1:1 htb rate "${OUT_RATE}Kbit" #quantum 1500
$TC class add dev $imq_out parent 1:1 classid 1:42 htb rate 6kbit ceil 64kbit #quantum 1500 prio 6
$TC class add dev $imq_out parent 1:1 classid 1:2342 htb rate 1kbit ceil 1kbit #quantum 1500 prio 20
$TC class add dev $imq_out parent 1:1 classid 1:10 htb rate 50kbit ceil 200kbit #quantum 1500 prio 6
$TC class add dev $imq_out parent 1:1 classid 1:11 htb rate 50kbit ceil 200kbit #quantum 1500 prio 6
$TC class add dev $imq_out parent 1:1 classid 1:12 htb rate 32kbit ceil 128kbit #quantum 1500 prio 5
$TC class add dev $imq_out parent 1:1 classid 1:13 htb rate 32kbit ceil 128kbit #quantum 1500 prio 3
$TC class add dev $imq_out parent 1:1 classid 1:14 htb rate 76kbit ceil 300kbit #quantum 1500 prio 4
$TC class add dev $imq_out parent 1:1 classid 1:15 htb rate 76kbit ceil 300kbit #quantum 1500 prio 4
$TC class add dev $imq_out parent 1:1 classid 1:16 htb rate 76kbit ceil 300kbit #quantum 1500 prio 4
$TC class add dev $imq_out parent 1:1 classid 1:21 htb rate 76kbit ceil 300kbit #quantum 1500 prio 7
$TC class add dev $imq_out parent 1:1 classid 1:22 htb rate 32kbit ceil 300kbit #quantum 1500 prio 5
$TC class add dev $imq_out parent 1:1 classid 1:53 htb rate 64kbit ceil 52kbit #quantum 1500 prio 0
$TC class add dev $imq_out parent 1:1 classid 1:80 htb rate 64kbit ceil 300kbit #quantum 1500 prio 6
$TC class add dev $imq_out parent 1:1 classid 1:119 htb rate 32kbit ceil 64kbit #quantum 1500 prio 20
$TC class add dev $imq_out parent 1:1 classid 1:443 htb rate 10kbit ceil 300kbit #quantum 1500 prio 5
for c in 42 2342 10 11 12 13 14 15 16 21 22 53 80 119 443 ; do
# sfq fuer alle
$TC qdisc add dev $imq_out parent 1:$c handle $c: sfq perturb 10
# filter by fwmark
$TC filter add dev $imq_out parent 1:0 prio 0 protocol ip handle $c fw flowid 1:$c
done
echo "switching pppd to realtime..."
/usr/bin/chrt --rr -p 99 `cat /var/run/ppp0.pid`
echo "done."
echo "switching pppoe to realtime..."
/usr/bin/chrt --rr -p 99 `ps auxw| grep pppoe | awk '{print $2}'|head -n 1`
echo "done."
#echo "starting Wondershaper..."
#/etc/init.d/wshaper
#echo "done starting Wondershaper..:"
# KILL WONDERSHAPER LEFTOVERS
#$TC qdisc del dev $outside root >/dev/null 2>&1
$TC qdisc del dev imq1 root >/dev/null 2>&1
exit 0