easy install on openwrt. separate firewall include

2025-04-19 05:22:58 +03:00 · 2019-05-06 12:18:58 +03:00 · 2019-05-06 12:18:58 +03:00 · 2014d46132
commit 2014d46132
parent 2acd50e130
14 changed files with 568 additions and 203 deletions
--- a/changes.txt
+++ b/changes.txt
@ -112,3 +112,9 @@ install_bin.sh : auto binaries preparation
 docs: readme review. some new topics added, others deleted
 docs: VPN setup with policy based routing using wireguard
 docs: wireguard modding guide
 v23
 major init system rewrite
 openwrt : separate firewall include /etc/firewall.zapret
 install_easy.sh : easy setup on openwrt, debian, ubuntu, centos, fedora, opensuse
--- a/init.d/openwrt/firewall.user.tpws_hostlist
+++ b/init.d/openwrt/firewall.user.tpws_hostlist
@ -1 +0,0 @@
 firewall.user.tpws_all
--- a/init.d/openwrt/firewall.zapret.nfqws_all
+++ b/init.d/openwrt/firewall.zapret.nfqws_all
--- a/init.d/openwrt/firewall.zapret.nfqws_all_https
+++ b/init.d/openwrt/firewall.zapret.nfqws_all_https
--- a/init.d/openwrt/firewall.zapret.nfqws_ipset
+++ b/init.d/openwrt/firewall.zapret.nfqws_ipset
--- a/init.d/openwrt/firewall.zapret.nfqws_ipset_https
+++ b/init.d/openwrt/firewall.zapret.nfqws_ipset_https
--- a/init.d/openwrt/firewall.zapret.tpws_all
+++ b/init.d/openwrt/firewall.zapret.tpws_all
--- a/init.d/openwrt/firewall.zapret.tpws_all_https
+++ b/init.d/openwrt/firewall.zapret.tpws_all_https
--- a/init.d/openwrt/firewall.zapret.tpws_hostlist
+++ b/init.d/openwrt/firewall.zapret.tpws_hostlist
@ -0,0 +1 @@
 firewall.zapret.tpws_all
--- a/init.d/openwrt/firewall.zapret.tpws_ipset
+++ b/init.d/openwrt/firewall.zapret.tpws_ipset
--- a/init.d/openwrt/firewall.zapret.tpws_ipset_https
+++ b/init.d/openwrt/firewall.zapret.tpws_ipset_https
--- a/install_easy.sh
+++ b/install_easy.sh
@ -1,8 +1,15 @@
 #!/bin/sh
-# automated script for easy installing zapret on systemd based system
+# automated script for easy installing zapret
-# all required tools must be already present or system must use apt as package manager
+
-# if its not apt or yum based system then manually install ipset, curl
+SCRIPT=$(readlink -f $0)
 EXEDIR=$(dirname $SCRIPT)
 ZAPRET_BASE=/opt/zapret
 SYSTEMD_SYSV_GENERATOR=/lib/systemd/system-generators/systemd-sysv-generator
 SYSTEMD_SYSV_GENERATOR2=/usr$SYSTEMD_SYSV_GENERATOR
 GET_IPLIST=$EXEDIR/ipset/get_antizapret.sh
 GET_IPLIST_PREFIX=/ipset/get_
 exists()
 {
@ -21,16 +28,6 @@ whichq()
 	exit 2
 }
 SCRIPT=$(readlink -f $0)
 EXEDIR=$(dirname $SCRIPT)
 ZAPRET_BASE=/opt/zapret
 INIT_SCRIPT_SRC=$EXEDIR/init.d/sysv/zapret
 INIT_SCRIPT=/etc/init.d/zapret
 GET_IPLIST=$EXEDIR/ipset/get_antizapret.sh
 GET_IPLIST_PREFIX=$EXEDIR/ipset/get_
 SYSTEMD_SYSV_GENERATOR=/lib/systemd/system-generators/systemd-sysv-generator
 SYSTEMD_SYSV_GENERATOR2=/usr$SYSTEMD_SYSV_GENERATOR
 exitp()
 {
 	echo
@ -39,164 +36,393 @@ exitp()
 	exit $1
 }
-
+get_dir_inode()
-echo \* checking system ...
+{
-
+	ls -id "$1" | cut -f1 -d ' '
 SYSTEMCTL=$(whichq systemctl)
 [ -x "$SYSTEMCTL" ] || {
 	echo not systemd based system
 	exitp 5
 }
 [ -x "$SYSTEMD_SYSV_GENERATOR" ] || [ -x "$SYSTEMD_SYSV_GENERATOR2" ] || {
 	echo systemd is present but it does not support sysvinit compatibility
 	echo $SYSTEMD_SYSV_GENERATOR is required
 	exitp 5
 }
 md5file()
 {
 	md5sum "$1" | cut -f1 -d ' '
 }
-echo \* checking location ...
+check_system()
 {
 	echo \* checking system ...
-[ "$EXEDIR" != "$ZAPRET_BASE" ] && {
+	SYSTEM=""
-	echo easy install is supported only from default location : $ZAPRET_BASE
+	SYSTEMCTL=$(whichq systemctl)
-	echo currenlty its run from $EXEDIR
+
-	echo -n "do you want the installer to copy it for you (Y/N) ? "
+	if [ -x "$SYSTEMCTL" ] ; then
-	read A
+		[ -x "$SYSTEMD_SYSV_GENERATOR" ] || [ -x "$SYSTEMD_SYSV_GENERATOR2" ] || {
-	if [ "$A" = "Y" ] || [ "$A" = "y" ]; then
+			echo systemd is present but it does not support sysvinit compatibility
-		if [ -d "$ZAPRET_BASE" ]; then
+			echo $SYSTEMD_SYSV_GENERATOR is required
-			echo installer found existing $ZAPRET_BASE
+			exitp 5
-			echo -n "do you want to delete all files there and copy this version (Y/N) ? "
+		}
-			read A
+		SYSTEM=systemd
-			if [ "$A" = "Y" ] || [ "$A" = "y" ]; then
+	elif [ -f "/etc/openwrt_release" ] && exists opkg && exists uci ; then
-				rm -r "$ZAPRET_BASE"
+		SYSTEM=openwrt
 			else
 				echo refused to overwrite $ZAPRET_BASE. exiting
 				exitp 3
 			fi
 		fi
 		cp -R $EXEDIR $ZAPRET_BASE
 		echo relaunching itself from $ZAPRET_BASE
 		exec $ZAPRET_BASE/$(basename $0)
 	else
-		echo copying aborted. exiting
+		echo system is not either systemd based or openwrt
 		exitp 3
 	fi
 }
 echo running from $EXEDIR
 echo \* checking prerequisites ...
 if exists ipset && exists curl ; then
 	echo everything is present
 else
 	echo \* installing prerequisites ...
 	APTGET=$(whichq apt-get)
 	YUM=$(whichq yum)
 	PACMAN=$(whichq pacman)
 	ZYPPER=$(whichq zypper)
 	if [ -x "$APTGET" ] ; then
 		"$APTGET" update
 		"$APTGET" install -y --no-install-recommends ipset curl dnsutils || {
 			echo could not install prerequisites
 			exitp 6
 		}
 	elif [ -x "$YUM" ] ; then
 		"$YUM" -y install curl ipset daemonize || {
 			echo could not install prerequisites
 			exitp 6
 		}
 	elif [ -x "$PACMAN" ] ; then
 		"$PACMAN" -Syy
 		"$PACMAN" --noconfirm -S ipset curl || {
 			echo could not install prerequisites
 			exitp 6
 		}
 	elif [ -x "$ZYPPER" ] ; then
 		"$ZYPPER" --non-interactive install ipset curl || {
 			echo could not install prerequisites
 			exitp 6
 		}
 	else
 		echo supported package manager not found
 		echo you must manually install : ipset curl
 		exitp 5
 	fi
-fi
+	echo system is based on $SYSTEM
 }
-echo \* installing binaries ...
+check_location()
 "$EXEDIR/install_bin.sh"
 echo \* installing init script ...
 "$SYSTEMCTL" stop zapret 2>/dev/null
 script_mode=Y
 [ -f "$INIT_SCRIPT" ] &&
 {
-	cmp -s $INIT_SCRIPT $INIT_SCRIPT_SRC ||
+	echo \* checking location ...
 	# use inodes in case something is linked
 	[ $(get_dir_inode "$EXEDIR") = $(get_dir_inode "$ZAPRET_BASE") ] || {
 		echo easy install is supported only from default location : $ZAPRET_BASE
 		echo currenlty its run from $EXEDIR
 		echo -n "do you want the installer to copy it for you (Y/N) ? "
 		read A
 		if [ "$A" = "Y" ] || [ "$A" = "y" ]; then
 			if [ -d "$ZAPRET_BASE" ]; then
 				echo installer found existing $ZAPRET_BASE
 				echo -n "do you want to delete all files there and copy this version (Y/N) ? "
 				read A
 				if [ "$A" = "Y" ] || [ "$A" = "y" ]; then
 					rm -r "$ZAPRET_BASE"
 				else
 					echo refused to overwrite $ZAPRET_BASE. exiting
 					exitp 3
 				fi
 			fi
 			cp -R $EXEDIR $ZAPRET_BASE
 			echo relaunching itself from $ZAPRET_BASE
 			exec $ZAPRET_BASE/$(basename $0)
 		else
 			echo copying aborted. exiting
 			exitp 3
 		fi
 	}
 	echo running from $EXEDIR
 }
 crontab_add()
 {
 	echo \* adding crontab entry ...
 	CRONTMP=/tmp/cron.tmp
 	crontab -l >$CRONTMP
 	if grep -q "$GET_IPLIST_PREFIX" $CRONTMP; then
 		echo some entries already exist in crontab. check if this is corrent :
 		grep "$GET_IPLIST_PREFIX" $CRONTMP
 	else
 		echo "0 12 * * */2 $GET_IPLIST" >>$CRONTMP
 		crontab $CRONTMP
 	fi
 	rm -f $CRONTMP
 }
 install_binaries()
 {
 	echo \* installing binaries ...
 	"$EXEDIR/install_bin.sh"
 }
 check_preprequisites_linux()
 {
 	echo \* checking prerequisites ...
 	if exists ipset && exists curl ; then
 		echo everything is present
 	else
 		echo \* installing prerequisites ...
 		APTGET=$(whichq apt-get)
 		YUM=$(whichq yum)
 		PACMAN=$(whichq pacman)
 		ZYPPER=$(whichq zypper)
 			if [ -x "$APTGET" ] ; then
 				"$APTGET" update
 				"$APTGET" install -y --no-install-recommends ipset curl dnsutils || {
 					echo could not install prerequisites
 					exitp 6
 				}
 			elif [ -x "$YUM" ] ; then
 			"$YUM" -y install curl ipset daemonize || {
 				echo could not install prerequisites
 				exitp 6
 			}
 		elif [ -x "$PACMAN" ] ; then
 			"$PACMAN" -Syy
 			"$PACMAN" --noconfirm -S ipset curl || {
 				echo could not install prerequisites
 				exitp 6
 			}
 		elif [ -x "$ZYPPER" ] ; then
 			"$ZYPPER" --non-interactive install ipset curl || {
 				echo could not install prerequisites
 				exitp 6
 			}
 		else
 			echo supported package manager not found
 			echo you must manually install : ipset curl
 			exitp 5
 		fi
 	fi
 }
 install_sysv_init()
 {
 	echo \* installing init script ...
 	[ -x "$INIT_SCRIPT" ] && "$INIT_SCRIPT" stop
 	script_mode=Y
 	[ -f "$INIT_SCRIPT" ] &&
 	{
-		echo $INIT_SCRIPT already exists and differs from $INIT_SCRIPT_SRC
+		[ $(md5file "$INIT_SCRIPT") = $(md5file "$INIT_SCRIPT_SRC") ] ||
-		echo Y = overwrite with new version 
+		{
-		echo N = exit
+			echo $INIT_SCRIPT already exists and differs from $INIT_SCRIPT_SRC
-		echo L = leave current version and continue
+			echo Y = overwrite with new version 
-		read script_mode
+			echo N = exit
-		case "${script_mode}" in
+			echo L = leave current version and continue
-			Y|y|L|l)
+			read script_mode
-				;;
+			case "${script_mode}" in
-			*)
+				Y|y|L|l)
-				echo aborted
+					;;
-				exitp 3
+				*)
-				;;
+					echo aborted
-		esac
+					exitp 3
 					;;
 			esac
 		}
 	}
 	if [ "$script_mode" = "Y" ] || [ "$script_mode" = "y" ]; then
 		echo "copying : $INIT_SCRIPT_SRC => $INIT_SCRIPT"
 		cp -f $INIT_SCRIPT_SRC $INIT_SCRIPT
 	fi
 }
 register_sysv_init_systemd()
 {
 	echo \* registering init script ...
 	"$SYSTEMCTL" daemon-reload
 	"$SYSTEMCTL" enable zapret || {
 		echo could not register $INIT_SCRIPT with systemd
 		exitp 20
 	}
 }
-if [ "$script_mode" = "Y" ] || [ "$script_mode" = "y" ]; then
+download_ip_list()
-	echo -n "copying : "
+{
-	cp -vf $INIT_SCRIPT_SRC $INIT_SCRIPT
+	echo \* downloading blocked ip list ...
 fi
 	"$GET_IPLIST" || {
 		echo could not download ip list
 		exitp 25
 	}
 }
-echo \* registering init script ...
+service_start_systemd()
 {
 	echo \* starting zapret service ...
-"$SYSTEMCTL" daemon-reload
+	systemctl start zapret || {
-"$SYSTEMCTL" enable zapret || {
+		echo could not start zapret service
-	echo could not register $INIT_SCRIPT with systemd
+		exitp 30
-	exitp 20
+	}
 }
 install_systemd()
 {
 	INIT_SCRIPT_SRC=$EXEDIR/init.d/sysv/zapret
 	INIT_SCRIPT=/etc/init.d/zapret
 	check_preprequisites_linux
 	install_binaries
 	install_sysv_init
 	register_sysv_init_systemd
 	download_ip_list
 	crontab_add
 	service_start_systemd
 }
 echo \* downloading blocked ip list ...
-"$GET_IPLIST" || {
+
-	echo could not download ip list
+
-	exitp 25
+check_kmod()
 {
 	[ -f "/lib/modules/$(uname -r)/$1.ko" ]
 }
 check_package_exists_openwrt()
 {
 	[ -n "opkg list $1" ]
 }
 check_package_openwrt()
 {
 	[ -n "$(opkg list-installed $1)" ]
 }
 check_packages_openwrt()
 {
 	for pkg in $@; do
 		check_package_openwrt $pkg || return
 	done
 }
 check_preprequisites_openwrt()
 {
 	echo \* checking prerequisites ...
 	local PKGS="iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt ipset curl"
 	# in recent lede/openwrt iptable_raw in separate package
 	if check_kmod iptable_raw && check_packages_openwrt $PKGS ; then
 		echo everything is present
 	else
 		echo \* installing prerequisites ...
 		opkg update
 		if check_package_exists_openwrt kmod-ipt-raw ; then PKGS="$PKGS kmod-ipt-raw" ; fi
 		check_package_exists_openwrt kmod-ipt-raw && echo fuck $PKGS
 		opkg install $PKGS || {
 			echo could not install prerequisites
 			exitp 6
 		}
 	fi
 }
 openwrt_fw_section_find()
 {
 	# echoes section number
 	i=0
 	while true
 	do
 	 path=$(uci -q get firewall.@include[$i].path)
 	 [ -n "$path" ] || break
 	 [ "$path" == "$OPENWRT_FW_INCLUDE" ] && {
 	 	echo $i
 	 	true
 	 	return
 	 }
 	 let i=i+1
 	done
 	false
 	return
 }
 openwrt_fw_section_add()
 {
 	# echoes section number
 	openwrt_fw_section_find ||
 	{
 		uci add firewall include >/dev/null || return
 		echo -1
 		true
 	}
 }
 openwrt_fw_section_del()
 {
 	local id=$(openwrt_fw_section_find)
 	[ -n "$id" ] && {
 		uci delete firewall.@include[$id] && uci commit firewall
 	}
 }
 openwrt_fw_section_configure()
 {
 	local id=$(openwrt_fw_section_add)
 	[ -z "$id" ] ||
 	 ! uci set firewall.@include[$id].path="$OPENWRT_FW_INCLUDE" ||
 	 ! uci set firewall.@include[$id].reload="1" ||
 	 ! uci commit firewall &&
 	{
 		echo could not add firewall include
 		exitp 50
 	}
 }
 install_openwrt_firewall()
 {
 	echo \* installing firewall script ...
 	local MODE=$(sed -nre 's/^MODE=([^[:space:]]+)/\1/p' "$INIT_SCRIPT" | tail -n 1)
 	[ -n "MODE" ] || {
 		echo could not get MODE from $INIT_SCRIPT
 		exitp 7
 	}
 	local FW_SCRIPT_SRC="$FW_SCRIPT_SRC_DIR.$MODE"
 	[ -f "$FW_SCRIPT_SRC" ] || {
 		echo firewall script $FW_SCRIPT_SRC not found. removing firewall include
 		openwrt_fw_section_del
 		return
 	}
 	echo "copying : $FW_SCRIPT_SRC => $OPENWRT_FW_INCLUDE"
 	cp -f "$FW_SCRIPT_SRC" "$OPENWRT_FW_INCLUDE"
 	openwrt_fw_section_configure
 }
 restart_openwrt_firewall()
 {
 	echo \* restarting firewall ...
 	fw3 -q restart || {
 		echo could not restart firewall
 		exitp 30
 	}
 }
 register_sysv_init()
 {
 	echo \* registering init script ...
 	"$INIT_SCRIPT" enable
 }
 service_start_sysv()
 {
 	echo \* starting zapret service ...
 	"$INIT_SCRIPT" start || {
 		echo could not start zapret service
 		exitp 30
 	}
 }
 echo \* adding crontab entry ...
-CRONTMP=/tmp/cron.tmp
+install_openwrt()
-crontab -l >$CRONTMP
+{
-if grep -q "$GET_IPLIST_PREFIX" $CRONTMP; then
+	INIT_SCRIPT_SRC=$EXEDIR/init.d/openwrt/zapret
-	echo some entries already exist in crontab. check if this is corrent :
+	INIT_SCRIPT=/etc/init.d/zapret
-	grep "$GET_IPLIST_PREFIX" $CRONTMP
+	FW_SCRIPT_SRC_DIR=$EXEDIR/init.d/openwrt/firewall.zapret
-else
+	OPENWRT_FW_INCLUDE=/etc/firewall.zapret
-	echo "0 12 * * */2 $GET_IPLIST" >>$CRONTMP
+	
-	crontab $CRONTMP
+	check_preprequisites_openwrt
-fi
+	install_sysv_init
-
+	register_sysv_init
-rm -f $CRONTMP
+	install_openwrt_firewall
-
+	download_ip_list
-
+	crontab_add
-echo \* starting zapret service ...
+	service_start_sysv
-
+	restart_openwrt_firewall
 systemctl start zapret || {
 	echo could not start zapret service
 	exitp 30
 }
 check_system
 check_location
 case $SYSTEM in
 	systemd)
 		install_systemd
 		;;
 	openwrt)
 		install_openwrt
 		;;
 esac
 exitp 0
--- a/readme.txt
+++ b/readme.txt
@ -1,4 +1,4 @@
-zapret v.22
+zapret v.23
 Для чего это надо
 -----------------
@ -470,10 +470,18 @@ MODE=custom
 /etc/init.d/zapret enable
 /etc/init.d/zapret start
-В зависимости от выбранного режима внести нужные записи в /etc/firewall.user.
+В зависимости от выбранного в инит скрипте MODE скопировать нужный файл настроек фаервола :
-Базовые варианты лежат в /opt/zapret/init.d/openwrt/firewall.user.*.
+ cp /opt/zapret/init.d/openwrt/firewall.zapret.$MODE /etc/firewall.zapret
-Если у вас еще нет firewall.user или он пуст, можно скопировать файл.
+Например :
-В противном случае добавьте записи или интегрируйте с уже имеющимся кодом.
+ cp /opt/zapret/init.d/openwrt/firewall.zapret.tpws_ipset_https /etc/firewall.zapret
 Проверить была ли создана ранее запись о firewall include :
 uci show firewall | grep firewall.zapret
 Если ничего не вывело, значит добавить :
 uci add firewall include
 uci set firewall.@include[-1].path="/etc/firewall.zapret"
 uci set firewall.@include[-1].reload="1"
 uci commit firewall
 Перезапустить фаервол :
 fw3 restart
 Посмотреть через iptables -nL или через luci вкладку "firewall" появились ли нужные правила.
--- a/uninstall_easy.sh
+++ b/uninstall_easy.sh
@ -1,11 +1,19 @@
 #!/bin/sh
-# automated script for easy uninstalling zapret on systemd based system
+# automated script for easy uninstalling zapret
 SCRIPT=$(readlink -f $0)
 EXEDIR=$(dirname $SCRIPT)
 GET_IPLIST_PREFIX=/ipset/get_
 exists()
 {
 	which $1 >/dev/null 2>/dev/null
 }
 whichq()
 {
 	which $1 2>/dev/null
 }
 [ $(id -u) -ne "0" ] && {
 	echo root is required
@ -15,13 +23,6 @@ exists()
 	exit 2
 }
 SCRIPT=$(readlink -f $0)
 EXEDIR=$(dirname $SCRIPT)
 INIT_SCRIPT_SRC=$EXEDIR/init.d/sysv/zapret
 INIT_SCRIPT=/etc/init.d/zapret
 GET_IPLIST_PREFIX=$EXEDIR/ipset/get_
 exitp()
 {
 	echo
@ -30,53 +31,177 @@ exitp()
 	exit $1
 }
-
+md5file()
 echo \* checking system ...
 SYSTEMCTL=$(which systemctl)
 [ -x "$SYSTEMCTL" ] || {
 	echo not systemd based system
 	exitp 5
 }
 echo \* stopping service and unregistering init script
 "$SYSTEMCTL" disable zapret
 "$SYSTEMCTL" stop zapret
 echo \* removing init script ...
 script_mode=Y
 [ -f "$INIT_SCRIPT" ] &&
 {
-	cmp -s $INIT_SCRIPT $INIT_SCRIPT_SRC ||
+	md5sum "$1" | cut -f1 -d ' '
 	{
 		echo $INIT_SCRIPT already exists and differs from $INIT_SCRIPT_SRC
 		echo Y = remove it
 		echo L = leave it
 		read script_mode
 	}
 	if [ "$script_mode" = "Y" ] || [ "$script_mode" = "y" ]; then
 		rm -vf $INIT_SCRIPT
 	fi
 }
 echo \* systemd cleanup ...
-"$SYSTEMCTL" daemon-reload
+check_system()
 {
 	echo \* checking system ...
-echo \* removing crontab entry ...
+	SYSTEM=""
 	SYSTEMCTL=$(whichq systemctl)
 	if [ -x "$SYSTEMCTL" ] ; then
 		SYSTEM=systemd
 	elif [ -f "/etc/openwrt_release" ] && exists opkg && exists uci ; then
 		SYSTEM=openwrt
 	else
 		echo system is not either systemd based or openwrt
 		exitp 5
 	fi
 	echo system is based on $SYSTEM
 }
 service_stop_systemd()
 {
 	echo \* stopping service and unregistering init script
 	"$SYSTEMCTL" disable zapret
 	"$SYSTEMCTL" stop zapret
 }
 remove_sysv_init()
 {
 	echo \* removing init script ...
 	script_mode=Y
 	[ -f "$INIT_SCRIPT" ] &&
 	{
 		[ $(md5file "$INIT_SCRIPT") = $(md5file "$INIT_SCRIPT_SRC") ] ||
 		{
 			echo $INIT_SCRIPT already exists and differs from $INIT_SCRIPT_SRC
 			echo Y = remove it
 			echo L = leave it
 			read script_mode
 		}
 		if [ "$script_mode" = "Y" ] || [ "$script_mode" = "y" ]; then
 			rm -vf $INIT_SCRIPT
 		fi
 	}
 }
 cleanup_systemd()
 {
 	echo \* systemd cleanup ...
 	"$SYSTEMCTL" daemon-reload
 }
 crontab_del()
 {
 	echo \* removing crontab entry ...
 	CRONTMP=/tmp/cron.tmp
 	crontab -l >$CRONTMP
 	if grep -q "$GET_IPLIST_PREFIX" $CRONTMP; then
 		echo removing following entries from crontab :
 		grep "$GET_IPLIST_PREFIX" $CRONTMP
 		grep -v "$GET_IPLIST_PREFIX" $CRONTMP >$CRONTMP.2
 		crontab $CRONTMP.2
 		rm -f $CRONTMP.2
 	fi
 	rm -f $CRONTMP
 }
 remove_systemd()
 {
 	INIT_SCRIPT_SRC=$EXEDIR/init.d/sysv/zapret
 	INIT_SCRIPT=/etc/init.d/zapret
 	service_stop_systemd
 	remove_sysv_init
 	cleanup_systemd
 	crontab_del
 }
 openwrt_fw_section_find()
 {
 	# echoes section number
 	i=0
 	while true
 	do
 	 path=$(uci -q get firewall.@include[$i].path)
 	 [ -n "$path" ] || break
 	 [ "$path" == "$OPENWRT_FW_INCLUDE" ] && {
 	 	echo $i
 	 	true
 	 	return
 	 }
 	 let i=i+1
 	done
 	false
 	return
 }
 openwrt_fw_section_del()
 {
 	local id=$(openwrt_fw_section_find)
 	[ -n "$id" ] && {
 		uci delete firewall.@include[$id] && uci commit firewall
 	}
 }
 remove_openwrt_firewall()
 {
 	echo \* removing firewall script ...
 	openwrt_fw_section_del
 	[ -f "$OPENWRT_FW_INCLUDE" ] && rm -f "$OPENWRT_FW_INCLUDE"
 }
 restart_openwrt_firewall()
 {
 	echo \* restarting firewall ...
 	fw3 -q restart || {
 		echo could not restart firewall
 		exitp 30
 	}
 }
 service_remove_sysv()
 {
 	echo \* removing zapret service ...
 	[ -x "$INIT_SCRIPT" ] && {
 		"$INIT_SCRIPT" disable
 		"$INIT_SCRIPT" stop
 	}
 	[ -f "$INIT_SCRIPT" ] && rm -f "$INIT_SCRIPT"
 }
 remove_openwrt()
 {
 	INIT_SCRIPT_SRC=$EXEDIR/init.d/openwrt/zapret
 	INIT_SCRIPT=/etc/init.d/zapret
 	OPENWRT_FW_INCLUDE=/etc/firewall.zapret
 	remove_openwrt_firewall
 	restart_openwrt_firewall
 	service_remove_sysv
 	crontab_del
 }
 check_system
 case $SYSTEM in
 	systemd)
 		remove_systemd
 		;;
 	openwrt)
 		remove_openwrt
 		;;
 esac
 CRONTMP=/tmp/cron.tmp
 crontab -l >$CRONTMP
 if grep -q "$GET_IPLIST_PREFIX" $CRONTMP; then
 	echo removing following entries from crontab :
 	grep "$GET_IPLIST_PREFIX" $CRONTMP
 	grep -v "$GET_IPLIST_PREFIX" $CRONTMP >$CRONTMP.2
 	crontab $CRONTMP.2
 	rm -f $CRONTMP.2
 fi
 rm -f $CRONTMP
 exitp 0