drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-04-19 21:42:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

init.d openwrt functions : deduplicate code

Browse Source
This commit is contained in:
bolvan 2019-05-14 08:52:48 +03:00
parent df14a0e9b8
commit 01d39b34be
1 changed files with 21 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
init.d/openwrt/functions
View File

@ -102,56 +102,51 @@ fw_nfqws6()
done done
} }
fw_tpws() IPT_OWNER="-m owner ! --uid-owner $TPWS_USER"
__fw_tpws()
{ {
# $1 - use https
local DEVICE wan_iface local DEVICE wan_iface
network_find_wan_all wan_iface network_find_wan_all wan_iface
for ext_iface in $wan_iface; do for ext_iface in $wan_iface; do
network_get_device DEVICE $ext_iface network_get_device DEVICE $ext_iface
ipt OUTPUT -t nat -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP ipt OUTPUT -t nat -o $DEVICE $IPT_OWNER $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP
[ "$1" != "1" ] || ipt OUTPUT -t nat -o $DEVICE $IPT_OWNER $IPT_FILTER_HTTPS -j DNAT --to 127.0.0.1:$TPPORT_HTTPS
done done
network_get_device DEVICE lan network_get_device DEVICE lan
sysctl -w net.ipv4.conf.$DEVICE.route_localnet=1 sysctl -w net.ipv4.conf.$DEVICE.route_localnet=1
ipt prerouting_lan_rule -t nat $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP ipt prerouting_lan_rule -t nat $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP
[ "$1" != "1" ] || ipt prerouting_lan_rule -t nat $IPT_FILTER_HTTPS -j DNAT --to 127.0.0.1:$TPPORT_HTTPS
}
fw_tpws()
{
__fw_tpws 0
} }
fw_tpws_https() fw_tpws_https()
{ {
local DEVICE wan_iface __fw_tpws 1
network_find_wan_all wan_iface
for ext_iface in $wan_iface; do
network_get_device DEVICE $ext_iface
ipt OUTPUT -t nat -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP
ipt OUTPUT -t nat -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTPS -j DNAT --to 127.0.0.1:$TPPORT_HTTPS
done
network_get_device DEVICE lan
sysctl -w net.ipv4.conf.$DEVICE.route_localnet=1
ipt prerouting_lan_rule -t nat $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP
ipt prerouting_lan_rule -t nat $IPT_FILTER_HTTPS -j DNAT --to 127.0.0.1:$TPPORT_HTTPS
} }
fw_tpws6() __fw_tpws6()
{ {
# $1 - use https
local DEVICE wan_iface ip6 local DEVICE wan_iface ip6
network_find_wan6_all wan_iface network_find_wan6_all wan_iface
for ext_iface in $wan_iface; do for ext_iface in $wan_iface; do
network_get_device DEVICE $ext_iface network_get_device DEVICE $ext_iface
ipt6 OUTPUT -t nat -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTP -j DNAT --to [::1]:$TPPORT_HTTP ipt6 OUTPUT -t nat -o $DEVICE $IPT_OWNER $IPT_FILTER_HTTP -j DNAT --to [::1]:$TPPORT_HTTP
[ "$1" != "1" ] || ipt6 OUTPUT -t nat -o $DEVICE $IPT_OWNER $IPT_FILTER_HTTPS -j DNAT --to [::1]:$TPPORT_HTTPS
done done
network_get_device DEVICE lan network_get_device DEVICE lan
dnat6_target dnat6_target
ipt6 PREROUTING -t nat -i $DEVICE $IPT_FILTER_HTTP -j DNAT --to [$DNAT6_TARGET]:$TPPORT_HTTP ipt6 PREROUTING -t nat -i $DEVICE $IPT_FILTER_HTTP -j DNAT --to [$DNAT6_TARGET]:$TPPORT_HTTP
[ "$1" != "1" ] || ipt6 PREROUTING -t nat -i $DEVICE $IPT_FILTER_HTTPS -j DNAT --to [$DNAT6_TARGET]:$TPPORT_HTTPS
}
fw_tpws6()
{
__fw_tpws6 0
} }
fw_tpws_https6() fw_tpws_https6()
{ {
local DEVICE wan_iface ip6 __fw_tpws6 1
network_find_wan6_all wan_iface
for ext_iface in $wan_iface; do
network_get_device DEVICE $ext_iface
ipt6 OUTPUT -t nat -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTP -j DNAT --to [::1]:$TPPORT_HTTP
ipt6 OUTPUT -t nat -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTPS -j DNAT --to [::1]:$TPPORT_HTTPS
done
network_get_device DEVICE lan
dnat6_target
ipt6 PREROUTING -t nat -i $DEVICE $IPT_FILTER_HTTP -j DNAT --to [$DNAT6_TARGET]:$TPPORT_HTTP
ipt6 PREROUTING -t nat -i $DEVICE $IPT_FILTER_HTTPS -j DNAT --to [$DNAT6_TARGET]:$TPPORT_HTTPS
} }