first commit

2025-05-24 22:32:58 +03:00 · 2016-02-15 16:34:45 +03:00
commit 7443de517a
29 changed files with 9416 additions and 0 deletions
--- a/init.d/debian7/zapret
+++ b/init.d/debian7/zapret
@@ -0,0 +1,95 @@
+#!/bin/sh
+
+# CHOOSE ISP HERE. UNCOMMENT ONLY ONE LINE.
+ISP=mns
+#ISP=beeline
+#ISP=domru
+
+# CHOSE NETWORK INTERFACE BEHIND NAT
+SLAVE_ETH=eth0
+
+
+IPSET_CR=/opt/zapret/ipset/create_ipset.sh
+NAME=zapret
+DESC=anti-zapret
+
+QNUM=200
+TPPORT=1188
+ROUTE_TABLE_NUM=100
+NFQWS=/opt/zapret/nfq/nfqws
+TPWS=/opt/zapret/tpws/tpws
+TPWS_USER=tpws
+
+PIDFILE=/var/run/$NAME.pid
+
+set -e
+
+case "$1" in
+  start)
+	echo "Creating ipset"
+	($IPSET_CR)
+
+	echo "Adding iptables rule"
+	case "${ISP}" in
+	    mns)
+		iptables -t raw -C PREROUTING -p tcp --sport 80 --tcp-flags SYN,ACK SYN,ACK -m set --match-set zapret src -j NFQUEUE --queue-num $QNUM --queue-bypass 2>/dev/null ||
+		 iptables -t raw -I PREROUTING -p tcp --sport 80 --tcp-flags SYN,ACK SYN,ACK -m set --match-set zapret src -j NFQUEUE --queue-num $QNUM --queue-bypass
+		DAEMON=$NFQWS
+		DAEMON_OPTS="--qnum=$QNUM --wsize=4"
+		;;
+	    beeline)
+		iptables -t mangle -C POSTROUTING -p tcp --dport 80 -m set --match-set zapret dst -j NFQUEUE --queue-num $QNUM --queue-bypass 2>/dev/null ||
+		 iptables -t mangle -I POSTROUTING -p tcp --dport 80 -m set --match-set zapret dst -j NFQUEUE --queue-num $QNUM --queue-bypass
+		DAEMON=$NFQWS
+		DAEMON_OPTS="--qnum=$QNUM --hostcase"
+		;;
+	    domru)
+		adduser --disabled-login --no-create-home --system --quiet $TPWS_USER
+		sysctl -w net.ipv4.conf.$SLAVE_ETH.route_localnet=1
+		iptables -t nat -C PREROUTING -p tcp --dport 80 -i $SLAVE_ETH -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT 2>/dev/null ||
+		 iptables -t nat -I PREROUTING -p tcp --dport 80 -i $SLAVE_ETH -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
+		iptables -t nat -C OUTPUT -p tcp --dport 80 -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT 2>/dev/null ||
+		 iptables -t nat -I OUTPUT -p tcp --dport 80 -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
+		DAEMON=$TPWS
+		DAEMON_OPTS="--port=$TPPORT --hostcase --split-http-req=host --user=$TPWS_USER --bind-addr=127.0.0.1"
+		;;
+	esac
+
+	echo -n "Starting $DESC: "
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --background --make-pidfile \
+		--exec $DAEMON -- $DAEMON_OPTS
+	echo "$NAME."
+	;;
+  stop)
+	echo "Deleting iptables rule"
+
+	case "${ISP}" in
+	    mns)
+		iptables -t raw -D PREROUTING -p tcp --sport 80 --tcp-flags SYN,ACK SYN,ACK -m set --match-set zapret src -j NFQUEUE --queue-num $QNUM --queue-bypass
+		DAEMON=$NFQWS
+		;;
+	    beeline)
+		iptables -t mangle -D POSTROUTING -p tcp --dport 80 -m set --match-set zapret dst -j NFQUEUE --queue-num $QNUM --queue-bypass
+		DAEMON=$NFQWS
+		;;
+	    domru)
+		sysctl -w net.ipv4.conf.$SLAVE_ETH.route_localnet=0
+		iptables -t nat -D PREROUTING -p tcp --dport 80 -i $SLAVE_ETH -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
+		iptables -t nat -D OUTPUT -p tcp --dport 80 -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
+		DAEMON=$TPWS
+		;;
+	esac
+
+	echo -n "Stopping $DESC: "
+	start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE \
+		--exec $DAEMON
+	echo "$NAME."
+	;;
+  *)
+	N=/etc/init.d/$NAME
+	echo "Usage: $N {start|stop}" >&2
+	exit 1
+	;;
+esac
+
+exit 0