From 2014d461325a42107416dc49aa0f5e06c392efc1 Mon Sep 17 00:00:00 2001 From: bolvan Date: Mon, 6 May 2019 12:18:58 +0300 Subject: [PATCH] easy install on openwrt. separate firewall include --- changes.txt | 6 + init.d/openwrt/firewall.user.tpws_hostlist | 1 - ...er.nfqws_all => firewall.zapret.nfqws_all} | 0 ..._https => firewall.zapret.nfqws_all_https} | 0 ...fqws_ipset => firewall.zapret.nfqws_ipset} | 0 ...ttps => firewall.zapret.nfqws_ipset_https} | 0 ...user.tpws_all => firewall.zapret.tpws_all} | 0 ...l_https => firewall.zapret.tpws_all_https} | 0 init.d/openwrt/firewall.zapret.tpws_hostlist | 1 + ....tpws_ipset => firewall.zapret.tpws_ipset} | 0 ...https => firewall.zapret.tpws_ipset_https} | 0 install_easy.sh | 520 +++++++++++++----- readme.txt | 18 +- uninstall_easy.sh | 225 ++++++-- 14 files changed, 568 insertions(+), 203 deletions(-) delete mode 120000 init.d/openwrt/firewall.user.tpws_hostlist rename init.d/openwrt/{firewall.user.nfqws_all => firewall.zapret.nfqws_all} (100%) rename init.d/openwrt/{firewall.user.nfqws_all_https => firewall.zapret.nfqws_all_https} (100%) rename init.d/openwrt/{firewall.user.nfqws_ipset => firewall.zapret.nfqws_ipset} (100%) rename init.d/openwrt/{firewall.user.nfqws_ipset_https => firewall.zapret.nfqws_ipset_https} (100%) rename init.d/openwrt/{firewall.user.tpws_all => firewall.zapret.tpws_all} (100%) rename init.d/openwrt/{firewall.user.tpws_all_https => firewall.zapret.tpws_all_https} (100%) create mode 120000 init.d/openwrt/firewall.zapret.tpws_hostlist rename init.d/openwrt/{firewall.user.tpws_ipset => firewall.zapret.tpws_ipset} (100%) rename init.d/openwrt/{firewall.user.tpws_ipset_https => firewall.zapret.tpws_ipset_https} (100%) diff --git a/changes.txt b/changes.txt index 9df6e79..c7c56c7 100644 --- a/changes.txt +++ b/changes.txt @@ -112,3 +112,9 @@ install_bin.sh : auto binaries preparation docs: readme review. some new topics added, others deleted docs: VPN setup with policy based routing using wireguard docs: wireguard modding guide + +v23 + +major init system rewrite +openwrt : separate firewall include /etc/firewall.zapret +install_easy.sh : easy setup on openwrt, debian, ubuntu, centos, fedora, opensuse diff --git a/init.d/openwrt/firewall.user.tpws_hostlist b/init.d/openwrt/firewall.user.tpws_hostlist deleted file mode 120000 index 039a5ba..0000000 --- a/init.d/openwrt/firewall.user.tpws_hostlist +++ /dev/null @@ -1 +0,0 @@ -firewall.user.tpws_all \ No newline at end of file diff --git a/init.d/openwrt/firewall.user.nfqws_all b/init.d/openwrt/firewall.zapret.nfqws_all similarity index 100% rename from init.d/openwrt/firewall.user.nfqws_all rename to init.d/openwrt/firewall.zapret.nfqws_all diff --git a/init.d/openwrt/firewall.user.nfqws_all_https b/init.d/openwrt/firewall.zapret.nfqws_all_https similarity index 100% rename from init.d/openwrt/firewall.user.nfqws_all_https rename to init.d/openwrt/firewall.zapret.nfqws_all_https diff --git a/init.d/openwrt/firewall.user.nfqws_ipset b/init.d/openwrt/firewall.zapret.nfqws_ipset similarity index 100% rename from init.d/openwrt/firewall.user.nfqws_ipset rename to init.d/openwrt/firewall.zapret.nfqws_ipset diff --git a/init.d/openwrt/firewall.user.nfqws_ipset_https b/init.d/openwrt/firewall.zapret.nfqws_ipset_https similarity index 100% rename from init.d/openwrt/firewall.user.nfqws_ipset_https rename to init.d/openwrt/firewall.zapret.nfqws_ipset_https diff --git a/init.d/openwrt/firewall.user.tpws_all b/init.d/openwrt/firewall.zapret.tpws_all similarity index 100% rename from init.d/openwrt/firewall.user.tpws_all rename to init.d/openwrt/firewall.zapret.tpws_all diff --git a/init.d/openwrt/firewall.user.tpws_all_https b/init.d/openwrt/firewall.zapret.tpws_all_https similarity index 100% rename from init.d/openwrt/firewall.user.tpws_all_https rename to init.d/openwrt/firewall.zapret.tpws_all_https diff --git a/init.d/openwrt/firewall.zapret.tpws_hostlist b/init.d/openwrt/firewall.zapret.tpws_hostlist new file mode 120000 index 0000000..248e381 --- /dev/null +++ b/init.d/openwrt/firewall.zapret.tpws_hostlist @@ -0,0 +1 @@ +firewall.zapret.tpws_all \ No newline at end of file diff --git a/init.d/openwrt/firewall.user.tpws_ipset b/init.d/openwrt/firewall.zapret.tpws_ipset similarity index 100% rename from init.d/openwrt/firewall.user.tpws_ipset rename to init.d/openwrt/firewall.zapret.tpws_ipset diff --git a/init.d/openwrt/firewall.user.tpws_ipset_https b/init.d/openwrt/firewall.zapret.tpws_ipset_https similarity index 100% rename from init.d/openwrt/firewall.user.tpws_ipset_https rename to init.d/openwrt/firewall.zapret.tpws_ipset_https diff --git a/install_easy.sh b/install_easy.sh index 9477204..1eafea7 100755 --- a/install_easy.sh +++ b/install_easy.sh @@ -1,8 +1,15 @@ #!/bin/sh -# automated script for easy installing zapret on systemd based system -# all required tools must be already present or system must use apt as package manager -# if its not apt or yum based system then manually install ipset, curl +# automated script for easy installing zapret + +SCRIPT=$(readlink -f $0) +EXEDIR=$(dirname $SCRIPT) +ZAPRET_BASE=/opt/zapret +SYSTEMD_SYSV_GENERATOR=/lib/systemd/system-generators/systemd-sysv-generator +SYSTEMD_SYSV_GENERATOR2=/usr$SYSTEMD_SYSV_GENERATOR + +GET_IPLIST=$EXEDIR/ipset/get_antizapret.sh +GET_IPLIST_PREFIX=/ipset/get_ exists() { @@ -21,16 +28,6 @@ whichq() exit 2 } -SCRIPT=$(readlink -f $0) -EXEDIR=$(dirname $SCRIPT) -ZAPRET_BASE=/opt/zapret -INIT_SCRIPT_SRC=$EXEDIR/init.d/sysv/zapret -INIT_SCRIPT=/etc/init.d/zapret -GET_IPLIST=$EXEDIR/ipset/get_antizapret.sh -GET_IPLIST_PREFIX=$EXEDIR/ipset/get_ -SYSTEMD_SYSV_GENERATOR=/lib/systemd/system-generators/systemd-sysv-generator -SYSTEMD_SYSV_GENERATOR2=/usr$SYSTEMD_SYSV_GENERATOR - exitp() { echo @@ -39,164 +36,393 @@ exitp() exit $1 } - -echo \* checking system ... - -SYSTEMCTL=$(whichq systemctl) -[ -x "$SYSTEMCTL" ] || { - echo not systemd based system - exitp 5 -} -[ -x "$SYSTEMD_SYSV_GENERATOR" ] || [ -x "$SYSTEMD_SYSV_GENERATOR2" ] || { - echo systemd is present but it does not support sysvinit compatibility - echo $SYSTEMD_SYSV_GENERATOR is required - exitp 5 +get_dir_inode() +{ + ls -id "$1" | cut -f1 -d ' ' } +md5file() +{ + md5sum "$1" | cut -f1 -d ' ' +} -echo \* checking location ... +check_system() +{ + echo \* checking system ... -[ "$EXEDIR" != "$ZAPRET_BASE" ] && { - echo easy install is supported only from default location : $ZAPRET_BASE - echo currenlty its run from $EXEDIR - echo -n "do you want the installer to copy it for you (Y/N) ? " - read A - if [ "$A" = "Y" ] || [ "$A" = "y" ]; then - if [ -d "$ZAPRET_BASE" ]; then - echo installer found existing $ZAPRET_BASE - echo -n "do you want to delete all files there and copy this version (Y/N) ? " - read A - if [ "$A" = "Y" ] || [ "$A" = "y" ]; then - rm -r "$ZAPRET_BASE" - else - echo refused to overwrite $ZAPRET_BASE. exiting - exitp 3 - fi - fi - cp -R $EXEDIR $ZAPRET_BASE - echo relaunching itself from $ZAPRET_BASE - exec $ZAPRET_BASE/$(basename $0) + SYSTEM="" + SYSTEMCTL=$(whichq systemctl) + + if [ -x "$SYSTEMCTL" ] ; then + [ -x "$SYSTEMD_SYSV_GENERATOR" ] || [ -x "$SYSTEMD_SYSV_GENERATOR2" ] || { + echo systemd is present but it does not support sysvinit compatibility + echo $SYSTEMD_SYSV_GENERATOR is required + exitp 5 + } + SYSTEM=systemd + elif [ -f "/etc/openwrt_release" ] && exists opkg && exists uci ; then + SYSTEM=openwrt else - echo copying aborted. exiting - exitp 3 - fi -} -echo running from $EXEDIR - - -echo \* checking prerequisites ... - -if exists ipset && exists curl ; then - echo everything is present -else - echo \* installing prerequisites ... - - APTGET=$(whichq apt-get) - YUM=$(whichq yum) - PACMAN=$(whichq pacman) - ZYPPER=$(whichq zypper) - if [ -x "$APTGET" ] ; then - "$APTGET" update - "$APTGET" install -y --no-install-recommends ipset curl dnsutils || { - echo could not install prerequisites - exitp 6 - } - elif [ -x "$YUM" ] ; then - "$YUM" -y install curl ipset daemonize || { - echo could not install prerequisites - exitp 6 - } - elif [ -x "$PACMAN" ] ; then - "$PACMAN" -Syy - "$PACMAN" --noconfirm -S ipset curl || { - echo could not install prerequisites - exitp 6 - } - elif [ -x "$ZYPPER" ] ; then - "$ZYPPER" --non-interactive install ipset curl || { - echo could not install prerequisites - exitp 6 - } - else - echo supported package manager not found - echo you must manually install : ipset curl + echo system is not either systemd based or openwrt exitp 5 fi -fi + echo system is based on $SYSTEM +} -echo \* installing binaries ... - -"$EXEDIR/install_bin.sh" - - -echo \* installing init script ... - -"$SYSTEMCTL" stop zapret 2>/dev/null - -script_mode=Y -[ -f "$INIT_SCRIPT" ] && +check_location() { - cmp -s $INIT_SCRIPT $INIT_SCRIPT_SRC || + echo \* checking location ... + + # use inodes in case something is linked + [ $(get_dir_inode "$EXEDIR") = $(get_dir_inode "$ZAPRET_BASE") ] || { + echo easy install is supported only from default location : $ZAPRET_BASE + echo currenlty its run from $EXEDIR + echo -n "do you want the installer to copy it for you (Y/N) ? " + read A + if [ "$A" = "Y" ] || [ "$A" = "y" ]; then + if [ -d "$ZAPRET_BASE" ]; then + echo installer found existing $ZAPRET_BASE + echo -n "do you want to delete all files there and copy this version (Y/N) ? " + read A + if [ "$A" = "Y" ] || [ "$A" = "y" ]; then + rm -r "$ZAPRET_BASE" + else + echo refused to overwrite $ZAPRET_BASE. exiting + exitp 3 + fi + fi + cp -R $EXEDIR $ZAPRET_BASE + echo relaunching itself from $ZAPRET_BASE + exec $ZAPRET_BASE/$(basename $0) + else + echo copying aborted. exiting + exitp 3 + fi + } + echo running from $EXEDIR +} + +crontab_add() +{ + echo \* adding crontab entry ... + + CRONTMP=/tmp/cron.tmp + crontab -l >$CRONTMP + if grep -q "$GET_IPLIST_PREFIX" $CRONTMP; then + echo some entries already exist in crontab. check if this is corrent : + grep "$GET_IPLIST_PREFIX" $CRONTMP + else + echo "0 12 * * */2 $GET_IPLIST" >>$CRONTMP + crontab $CRONTMP + fi + + rm -f $CRONTMP +} + +install_binaries() +{ + echo \* installing binaries ... + + "$EXEDIR/install_bin.sh" +} + +check_preprequisites_linux() +{ + echo \* checking prerequisites ... + + if exists ipset && exists curl ; then + echo everything is present + else + echo \* installing prerequisites ... + + APTGET=$(whichq apt-get) + YUM=$(whichq yum) + PACMAN=$(whichq pacman) + ZYPPER=$(whichq zypper) + if [ -x "$APTGET" ] ; then + "$APTGET" update + "$APTGET" install -y --no-install-recommends ipset curl dnsutils || { + echo could not install prerequisites + exitp 6 + } + elif [ -x "$YUM" ] ; then + "$YUM" -y install curl ipset daemonize || { + echo could not install prerequisites + exitp 6 + } + elif [ -x "$PACMAN" ] ; then + "$PACMAN" -Syy + "$PACMAN" --noconfirm -S ipset curl || { + echo could not install prerequisites + exitp 6 + } + elif [ -x "$ZYPPER" ] ; then + "$ZYPPER" --non-interactive install ipset curl || { + echo could not install prerequisites + exitp 6 + } + else + echo supported package manager not found + echo you must manually install : ipset curl + exitp 5 + fi + fi +} + +install_sysv_init() +{ + echo \* installing init script ... + + [ -x "$INIT_SCRIPT" ] && "$INIT_SCRIPT" stop + + script_mode=Y + [ -f "$INIT_SCRIPT" ] && { - echo $INIT_SCRIPT already exists and differs from $INIT_SCRIPT_SRC - echo Y = overwrite with new version - echo N = exit - echo L = leave current version and continue - read script_mode - case "${script_mode}" in - Y|y|L|l) - ;; - *) - echo aborted - exitp 3 - ;; - esac + [ $(md5file "$INIT_SCRIPT") = $(md5file "$INIT_SCRIPT_SRC") ] || + { + echo $INIT_SCRIPT already exists and differs from $INIT_SCRIPT_SRC + echo Y = overwrite with new version + echo N = exit + echo L = leave current version and continue + read script_mode + case "${script_mode}" in + Y|y|L|l) + ;; + *) + echo aborted + exitp 3 + ;; + esac + } + } + + if [ "$script_mode" = "Y" ] || [ "$script_mode" = "y" ]; then + echo "copying : $INIT_SCRIPT_SRC => $INIT_SCRIPT" + cp -f $INIT_SCRIPT_SRC $INIT_SCRIPT + fi +} + +register_sysv_init_systemd() +{ + echo \* registering init script ... + + "$SYSTEMCTL" daemon-reload + "$SYSTEMCTL" enable zapret || { + echo could not register $INIT_SCRIPT with systemd + exitp 20 } } -if [ "$script_mode" = "Y" ] || [ "$script_mode" = "y" ]; then - echo -n "copying : " - cp -vf $INIT_SCRIPT_SRC $INIT_SCRIPT -fi +download_ip_list() +{ + echo \* downloading blocked ip list ... + "$GET_IPLIST" || { + echo could not download ip list + exitp 25 + } +} -echo \* registering init script ... +service_start_systemd() +{ + echo \* starting zapret service ... -"$SYSTEMCTL" daemon-reload -"$SYSTEMCTL" enable zapret || { - echo could not register $INIT_SCRIPT with systemd - exitp 20 + systemctl start zapret || { + echo could not start zapret service + exitp 30 + } +} + +install_systemd() +{ + INIT_SCRIPT_SRC=$EXEDIR/init.d/sysv/zapret + INIT_SCRIPT=/etc/init.d/zapret + + check_preprequisites_linux + install_binaries + install_sysv_init + register_sysv_init_systemd + download_ip_list + crontab_add + service_start_systemd } -echo \* downloading blocked ip list ... -"$GET_IPLIST" || { - echo could not download ip list - exitp 25 + + +check_kmod() +{ + [ -f "/lib/modules/$(uname -r)/$1.ko" ] +} +check_package_exists_openwrt() +{ + [ -n "opkg list $1" ] +} +check_package_openwrt() +{ + [ -n "$(opkg list-installed $1)" ] +} +check_packages_openwrt() +{ + for pkg in $@; do + check_package_openwrt $pkg || return + done +} + +check_preprequisites_openwrt() +{ + echo \* checking prerequisites ... + + local PKGS="iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt ipset curl" + + # in recent lede/openwrt iptable_raw in separate package + if check_kmod iptable_raw && check_packages_openwrt $PKGS ; then + echo everything is present + else + echo \* installing prerequisites ... + + opkg update + if check_package_exists_openwrt kmod-ipt-raw ; then PKGS="$PKGS kmod-ipt-raw" ; fi + check_package_exists_openwrt kmod-ipt-raw && echo fuck $PKGS + opkg install $PKGS || { + echo could not install prerequisites + exitp 6 + } + fi +} + +openwrt_fw_section_find() +{ + # echoes section number + + i=0 + while true + do + path=$(uci -q get firewall.@include[$i].path) + [ -n "$path" ] || break + [ "$path" == "$OPENWRT_FW_INCLUDE" ] && { + echo $i + true + return + } + let i=i+1 + done + false + return +} +openwrt_fw_section_add() +{ + # echoes section number + + openwrt_fw_section_find || + { + uci add firewall include >/dev/null || return + echo -1 + true + } +} +openwrt_fw_section_del() +{ + local id=$(openwrt_fw_section_find) + [ -n "$id" ] && { + uci delete firewall.@include[$id] && uci commit firewall + } +} +openwrt_fw_section_configure() +{ + local id=$(openwrt_fw_section_add) + [ -z "$id" ] || + ! uci set firewall.@include[$id].path="$OPENWRT_FW_INCLUDE" || + ! uci set firewall.@include[$id].reload="1" || + ! uci commit firewall && + { + echo could not add firewall include + exitp 50 + } +} + +install_openwrt_firewall() +{ + echo \* installing firewall script ... + + local MODE=$(sed -nre 's/^MODE=([^[:space:]]+)/\1/p' "$INIT_SCRIPT" | tail -n 1) + [ -n "MODE" ] || { + echo could not get MODE from $INIT_SCRIPT + exitp 7 + } + + local FW_SCRIPT_SRC="$FW_SCRIPT_SRC_DIR.$MODE" + [ -f "$FW_SCRIPT_SRC" ] || { + echo firewall script $FW_SCRIPT_SRC not found. removing firewall include + openwrt_fw_section_del + return + } + echo "copying : $FW_SCRIPT_SRC => $OPENWRT_FW_INCLUDE" + cp -f "$FW_SCRIPT_SRC" "$OPENWRT_FW_INCLUDE" + + openwrt_fw_section_configure +} + +restart_openwrt_firewall() +{ + echo \* restarting firewall ... + + fw3 -q restart || { + echo could not restart firewall + exitp 30 + } +} + +register_sysv_init() +{ + echo \* registering init script ... + + "$INIT_SCRIPT" enable +} + +service_start_sysv() +{ + echo \* starting zapret service ... + + "$INIT_SCRIPT" start || { + echo could not start zapret service + exitp 30 + } } -echo \* adding crontab entry ... -CRONTMP=/tmp/cron.tmp -crontab -l >$CRONTMP -if grep -q "$GET_IPLIST_PREFIX" $CRONTMP; then - echo some entries already exist in crontab. check if this is corrent : - grep "$GET_IPLIST_PREFIX" $CRONTMP -else - echo "0 12 * * */2 $GET_IPLIST" >>$CRONTMP - crontab $CRONTMP -fi - -rm -f $CRONTMP - - -echo \* starting zapret service ... - -systemctl start zapret || { - echo could not start zapret service - exitp 30 +install_openwrt() +{ + INIT_SCRIPT_SRC=$EXEDIR/init.d/openwrt/zapret + INIT_SCRIPT=/etc/init.d/zapret + FW_SCRIPT_SRC_DIR=$EXEDIR/init.d/openwrt/firewall.zapret + OPENWRT_FW_INCLUDE=/etc/firewall.zapret + + check_preprequisites_openwrt + install_sysv_init + register_sysv_init + install_openwrt_firewall + download_ip_list + crontab_add + service_start_sysv + restart_openwrt_firewall } + + +check_system +check_location + +case $SYSTEM in + systemd) + install_systemd + ;; + openwrt) + install_openwrt + ;; +esac + + exitp 0 diff --git a/readme.txt b/readme.txt index a439606..b35f5aa 100644 --- a/readme.txt +++ b/readme.txt @@ -1,4 +1,4 @@ -zapret v.22 +zapret v.23 Для чего это надо ----------------- @@ -470,10 +470,18 @@ MODE=custom /etc/init.d/zapret enable /etc/init.d/zapret start -В зависимости от выбранного режима внести нужные записи в /etc/firewall.user. -Базовые варианты лежат в /opt/zapret/init.d/openwrt/firewall.user.*. -Если у вас еще нет firewall.user или он пуст, можно скопировать файл. -В противном случае добавьте записи или интегрируйте с уже имеющимся кодом. +В зависимости от выбранного в инит скрипте MODE скопировать нужный файл настроек фаервола : + cp /opt/zapret/init.d/openwrt/firewall.zapret.$MODE /etc/firewall.zapret +Например : + cp /opt/zapret/init.d/openwrt/firewall.zapret.tpws_ipset_https /etc/firewall.zapret +Проверить была ли создана ранее запись о firewall include : + uci show firewall | grep firewall.zapret +Если ничего не вывело, значит добавить : + uci add firewall include + uci set firewall.@include[-1].path="/etc/firewall.zapret" + uci set firewall.@include[-1].reload="1" + uci commit firewall +Перезапустить фаервол : fw3 restart Посмотреть через iptables -nL или через luci вкладку "firewall" появились ли нужные правила. diff --git a/uninstall_easy.sh b/uninstall_easy.sh index 8871c00..17322a0 100755 --- a/uninstall_easy.sh +++ b/uninstall_easy.sh @@ -1,11 +1,19 @@ #!/bin/sh -# automated script for easy uninstalling zapret on systemd based system +# automated script for easy uninstalling zapret + +SCRIPT=$(readlink -f $0) +EXEDIR=$(dirname $SCRIPT) +GET_IPLIST_PREFIX=/ipset/get_ exists() { which $1 >/dev/null 2>/dev/null } +whichq() +{ + which $1 2>/dev/null +} [ $(id -u) -ne "0" ] && { echo root is required @@ -15,13 +23,6 @@ exists() exit 2 } -SCRIPT=$(readlink -f $0) -EXEDIR=$(dirname $SCRIPT) -INIT_SCRIPT_SRC=$EXEDIR/init.d/sysv/zapret -INIT_SCRIPT=/etc/init.d/zapret -GET_IPLIST_PREFIX=$EXEDIR/ipset/get_ - - exitp() { echo @@ -30,53 +31,177 @@ exitp() exit $1 } - -echo \* checking system ... - -SYSTEMCTL=$(which systemctl) -[ -x "$SYSTEMCTL" ] || { - echo not systemd based system - exitp 5 -} - - -echo \* stopping service and unregistering init script - -"$SYSTEMCTL" disable zapret -"$SYSTEMCTL" stop zapret - -echo \* removing init script ... - -script_mode=Y -[ -f "$INIT_SCRIPT" ] && +md5file() { - cmp -s $INIT_SCRIPT $INIT_SCRIPT_SRC || - { - echo $INIT_SCRIPT already exists and differs from $INIT_SCRIPT_SRC - echo Y = remove it - echo L = leave it - read script_mode - } - if [ "$script_mode" = "Y" ] || [ "$script_mode" = "y" ]; then - rm -vf $INIT_SCRIPT - fi + md5sum "$1" | cut -f1 -d ' ' } -echo \* systemd cleanup ... -"$SYSTEMCTL" daemon-reload +check_system() +{ + echo \* checking system ... -echo \* removing crontab entry ... + SYSTEM="" + SYSTEMCTL=$(whichq systemctl) + + if [ -x "$SYSTEMCTL" ] ; then + SYSTEM=systemd + elif [ -f "/etc/openwrt_release" ] && exists opkg && exists uci ; then + SYSTEM=openwrt + else + echo system is not either systemd based or openwrt + exitp 5 + fi + echo system is based on $SYSTEM +} + + +service_stop_systemd() +{ + echo \* stopping service and unregistering init script + + "$SYSTEMCTL" disable zapret + "$SYSTEMCTL" stop zapret +} + +remove_sysv_init() +{ + echo \* removing init script ... + + script_mode=Y + [ -f "$INIT_SCRIPT" ] && + { + [ $(md5file "$INIT_SCRIPT") = $(md5file "$INIT_SCRIPT_SRC") ] || + { + echo $INIT_SCRIPT already exists and differs from $INIT_SCRIPT_SRC + echo Y = remove it + echo L = leave it + read script_mode + } + if [ "$script_mode" = "Y" ] || [ "$script_mode" = "y" ]; then + rm -vf $INIT_SCRIPT + fi + } +} + +cleanup_systemd() +{ + echo \* systemd cleanup ... + + "$SYSTEMCTL" daemon-reload +} + +crontab_del() +{ + echo \* removing crontab entry ... + + CRONTMP=/tmp/cron.tmp + crontab -l >$CRONTMP + if grep -q "$GET_IPLIST_PREFIX" $CRONTMP; then + echo removing following entries from crontab : + grep "$GET_IPLIST_PREFIX" $CRONTMP + grep -v "$GET_IPLIST_PREFIX" $CRONTMP >$CRONTMP.2 + crontab $CRONTMP.2 + rm -f $CRONTMP.2 + fi + rm -f $CRONTMP +} + + +remove_systemd() +{ + INIT_SCRIPT_SRC=$EXEDIR/init.d/sysv/zapret + INIT_SCRIPT=/etc/init.d/zapret + + service_stop_systemd + remove_sysv_init + cleanup_systemd + crontab_del +} + + + +openwrt_fw_section_find() +{ + # echoes section number + + i=0 + while true + do + path=$(uci -q get firewall.@include[$i].path) + [ -n "$path" ] || break + [ "$path" == "$OPENWRT_FW_INCLUDE" ] && { + echo $i + true + return + } + let i=i+1 + done + false + return +} +openwrt_fw_section_del() +{ + local id=$(openwrt_fw_section_find) + [ -n "$id" ] && { + uci delete firewall.@include[$id] && uci commit firewall + } +} + +remove_openwrt_firewall() +{ + echo \* removing firewall script ... + + openwrt_fw_section_del + [ -f "$OPENWRT_FW_INCLUDE" ] && rm -f "$OPENWRT_FW_INCLUDE" +} + +restart_openwrt_firewall() +{ + echo \* restarting firewall ... + + fw3 -q restart || { + echo could not restart firewall + exitp 30 + } +} + + +service_remove_sysv() +{ + echo \* removing zapret service ... + + [ -x "$INIT_SCRIPT" ] && { + "$INIT_SCRIPT" disable + "$INIT_SCRIPT" stop + } + [ -f "$INIT_SCRIPT" ] && rm -f "$INIT_SCRIPT" +} + +remove_openwrt() +{ + INIT_SCRIPT_SRC=$EXEDIR/init.d/openwrt/zapret + INIT_SCRIPT=/etc/init.d/zapret + OPENWRT_FW_INCLUDE=/etc/firewall.zapret + + remove_openwrt_firewall + restart_openwrt_firewall + service_remove_sysv + crontab_del +} + + + +check_system + +case $SYSTEM in + systemd) + remove_systemd + ;; + openwrt) + remove_openwrt + ;; +esac -CRONTMP=/tmp/cron.tmp -crontab -l >$CRONTMP -if grep -q "$GET_IPLIST_PREFIX" $CRONTMP; then - echo removing following entries from crontab : - grep "$GET_IPLIST_PREFIX" $CRONTMP - grep -v "$GET_IPLIST_PREFIX" $CRONTMP >$CRONTMP.2 - crontab $CRONTMP.2 - rm -f $CRONTMP.2 -fi -rm -f $CRONTMP exitp 0