mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-26 20:20:53 +03:00
init: reuse builtin mode in custom scripts
This commit is contained in:
parent
09416dee64
commit
3a4bf75ce6
@ -244,27 +244,10 @@ fw_nfqws_post()
|
||||
}
|
||||
|
||||
|
||||
zapret_do_firewall_ipt()
|
||||
zapret_do_firewall_rules_ipt()
|
||||
{
|
||||
# $1 - 1 - add, 0 - del
|
||||
|
||||
if [ "$1" = 1 ]; then
|
||||
echo Applying iptables
|
||||
else
|
||||
echo Clearing iptables
|
||||
fi
|
||||
|
||||
local mode="${MODE_OVERRIDE:-$MODE}"
|
||||
|
||||
[ "$mode" = "tpws-socks" ] && return 0
|
||||
|
||||
local first_packet_only="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4"
|
||||
local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
|
||||
local f4 f6 qn qns qn6 qns6
|
||||
|
||||
# always create ipsets. ip_exclude ipset is required
|
||||
[ "$1" = 1 ] && create_ipset no-update
|
||||
|
||||
case "$mode" in
|
||||
tpws)
|
||||
if [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ]; then
|
||||
@ -321,6 +304,30 @@ zapret_do_firewall_ipt()
|
||||
existf zapret_custom_firewall && zapret_custom_firewall $1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
zapret_do_firewall_ipt()
|
||||
{
|
||||
# $1 - 1 - add, 0 - del
|
||||
|
||||
if [ "$1" = 1 ]; then
|
||||
echo Applying iptables
|
||||
else
|
||||
echo Clearing iptables
|
||||
fi
|
||||
|
||||
local mode="${MODE_OVERRIDE:-$MODE}"
|
||||
|
||||
[ "$mode" = "tpws-socks" ] && return 0
|
||||
|
||||
local first_packet_only="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes 1:4"
|
||||
local desync="-m mark ! --mark $DESYNC_MARK/$DESYNC_MARK"
|
||||
local f4 f6 qn qns qn6 qns6
|
||||
|
||||
# always create ipsets. ip_exclude ipset is required
|
||||
[ "$1" = 1 ] && create_ipset no-update
|
||||
|
||||
zapret_do_firewall_rules_ipt "$@"
|
||||
|
||||
if [ "$1" = 1 ] ; then
|
||||
existf flow_offloading_exempt && flow_offloading_exempt
|
||||
|
@ -91,7 +91,6 @@ _set_route_localnet()
|
||||
{
|
||||
# $1 - 1 = enable, 0 = disable
|
||||
# $2,$3,... - interface names
|
||||
|
||||
[ "$DISABLE_IPV4" = "1" ] || {
|
||||
local enable="$1"
|
||||
shift
|
||||
|
@ -437,22 +437,10 @@ zapret_list_table()
|
||||
return 0
|
||||
}
|
||||
|
||||
zapret_apply_firewall_nft()
|
||||
zapret_apply_firewall_rules_nft()
|
||||
{
|
||||
echo Applying nftables
|
||||
|
||||
local mode="${MODE_OVERRIDE:-$MODE}"
|
||||
|
||||
[ "$mode" = "tpws-socks" ] && return 0
|
||||
|
||||
local first_packet_only="ct original packets 1-4"
|
||||
local desync="mark and $DESYNC_MARK == 0"
|
||||
local f4 f6 qn qns qn6 qns6
|
||||
|
||||
create_ipset no-update
|
||||
nft_create_firewall
|
||||
nft_fill_ifsets_overload
|
||||
|
||||
case "$mode" in
|
||||
tpws)
|
||||
if [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ]; then
|
||||
@ -508,6 +496,25 @@ zapret_apply_firewall_nft()
|
||||
existf zapret_custom_firewall_nft && zapret_custom_firewall_nft
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
zapret_apply_firewall_nft()
|
||||
{
|
||||
echo Applying nftables
|
||||
|
||||
local mode="${MODE_OVERRIDE:-$MODE}"
|
||||
|
||||
[ "$mode" = "tpws-socks" ] && return 0
|
||||
|
||||
local first_packet_only="ct original packets 1-4"
|
||||
local desync="mark and $DESYNC_MARK == 0"
|
||||
local f4 f6 qn qns qn6 qns6
|
||||
|
||||
create_ipset no-update
|
||||
nft_create_firewall
|
||||
nft_fill_ifsets_overload
|
||||
|
||||
zapret_apply_firewall_rules_nft
|
||||
|
||||
[ "$FLOWOFFLOAD" = 'software' -o "$FLOWOFFLOAD" = 'hardware' ] && nft_apply_flow_offloading
|
||||
|
||||
|
46
init.d/openwrt/custom-reuse-builtin-mode
Normal file
46
init.d/openwrt/custom-reuse-builtin-mode
Normal file
@ -0,0 +1,46 @@
|
||||
# this custom script demonstrates how to reuse built-in modes and add something from yourself
|
||||
|
||||
MY_TPPORT=$(($TPPORT + 1))
|
||||
MY_TPWS_OPT="--methodeol --hostcase"
|
||||
MY_DPORT=81
|
||||
|
||||
zapret_custom_daemons()
|
||||
{
|
||||
# stop logic is managed by procd
|
||||
local MODE_OVERRIDE=tpws
|
||||
local opt
|
||||
|
||||
start_daemons_procd
|
||||
|
||||
opt="--port=$MY_TPPORT $MY_TPWS_OPT"
|
||||
filter_apply_hostlist_target opt
|
||||
run_tpws 100 "$opt"
|
||||
}
|
||||
zapret_custom_firewall()
|
||||
{
|
||||
# $1 - 1 - run, 0 - stop
|
||||
|
||||
local MODE_OVERRIDE=tpws
|
||||
local f4 f6
|
||||
|
||||
zapret_do_firewall_rules_ipt $1
|
||||
|
||||
f4="--dport $MY_DPORT"
|
||||
f6=$f4
|
||||
filter_apply_ipset_target f4 f6
|
||||
fw_tpws $1 "$f4" "$f6" $MY_TPPORT
|
||||
}
|
||||
zapret_custom_firewall_nft()
|
||||
{
|
||||
# stop logic is not required
|
||||
|
||||
local MODE_OVERRIDE=tpws
|
||||
local f4 f6
|
||||
|
||||
zapret_apply_firewall_rules_nft
|
||||
|
||||
f4="tcp dport $MY_DPORT"
|
||||
f6=$f4
|
||||
nft_filter_apply_ipset_target f4 f6
|
||||
nft_fw_tpws "$f4" "$f6" $MY_TPPORT
|
||||
}
|
47
init.d/sysv/custom-reuse-builtin-mode
Normal file
47
init.d/sysv/custom-reuse-builtin-mode
Normal file
@ -0,0 +1,47 @@
|
||||
# this custom script demonstrates how to reuse built-in modes and add something from yourself
|
||||
|
||||
MY_TPPORT=$(($TPPORT + 1))
|
||||
MY_TPWS_OPT="--methodeol --hostcase"
|
||||
MY_DPORT=81
|
||||
|
||||
zapret_custom_daemons()
|
||||
{
|
||||
# $1 - 1 - run, 0 - stop
|
||||
|
||||
local MODE_OVERRIDE=tpws
|
||||
local opt
|
||||
|
||||
zapret_do_daemons $1
|
||||
|
||||
opt="--port=$MY_TPPORT $MY_TPWS_OPT"
|
||||
filter_apply_hostlist_target opt
|
||||
do_tpws $1 100 "$opt"
|
||||
}
|
||||
zapret_custom_firewall()
|
||||
{
|
||||
# $1 - 1 - run, 0 - stop
|
||||
|
||||
local MODE_OVERRIDE=tpws
|
||||
local f4 f6
|
||||
|
||||
zapret_do_firewall_rules_ipt $1
|
||||
|
||||
f4="--dport $MY_DPORT"
|
||||
f6=$f4
|
||||
filter_apply_ipset_target f4 f6
|
||||
fw_tpws $1 "$f4" "$f6" $MY_TPPORT
|
||||
}
|
||||
zapret_custom_firewall_nft()
|
||||
{
|
||||
# stop logic is not required
|
||||
|
||||
local MODE_OVERRIDE=tpws
|
||||
local f4 f6
|
||||
|
||||
zapret_apply_firewall_rules_nft
|
||||
|
||||
f4="tcp dport $MY_DPORT"
|
||||
f6=$f4
|
||||
nft_filter_apply_ipset_target f4 f6
|
||||
nft_fw_tpws "$f4" "$f6" $MY_TPPORT
|
||||
}
|
Loading…
Reference in New Issue
Block a user