drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-11-30 05:50:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

init.d: fix macos filter mode

Browse Source
This commit is contained in:
bol-van 2021-03-04 15:20:27 +03:00
parent 3703918a4b
commit 792b62f09f
1 changed files with 31 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
init.d/macos/functions
View File

@ -175,14 +175,13 @@ pf_anchor_zapret()
echo "table <nozapret> persist" echo "table <nozapret> persist"
fi fi
} }
[ "$DISABLE_IPV4" = "1" ] || { [ "$DISABLE_IPV6" = "1" ] || {
if [ -f "$ZIPLIST_EXCLUDE6" ]; then if [ -f "$ZIPLIST_EXCLUDE6" ]; then
echo "table <nozapret6> persist file \"$ZIPLIST_EXCLUDE6\"" echo "table <nozapret6> persist file \"$ZIPLIST_EXCLUDE6\""
else else
echo "table <nozapret6> persist" echo "table <nozapret6> persist"
fi fi
} }
echo
[ "$DISABLE_IPV4" = "1" ] || echo "rdr-anchor \"/zapret-v4\" inet to !<nozapret>" [ "$DISABLE_IPV4" = "1" ] || echo "rdr-anchor \"/zapret-v4\" inet to !<nozapret>"
[ "$DISABLE_IPV6" = "1" ] || echo "rdr-anchor \"/zapret-v6\" inet6 to !<nozapret6>" [ "$DISABLE_IPV6" = "1" ] || echo "rdr-anchor \"/zapret-v6\" inet6 to !<nozapret6>"
[ "$DISABLE_IPV4" = "1" ] || echo "anchor \"/zapret-v4\" inet to !<nozapret>" [ "$DISABLE_IPV4" = "1" ] || echo "anchor \"/zapret-v4\" inet to !<nozapret>"
@ -226,6 +225,7 @@ pf_anchor_zapret_v4()
local tbl port local tbl port
[ "$DISABLE_IPV4" = "1" ] || { [ "$DISABLE_IPV4" = "1" ] || {
[ "$MODE" = "tpws" ] && {
[ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ] && return [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ] && return
pf_anchor_zapret_tables tbl zapret-user "$ZIPLIST_USER" zapret "$ZIPLIST" pf_anchor_zapret_tables tbl zapret-user "$ZIPLIST_USER" zapret "$ZIPLIST"
port=$(pf_anchor_port_target) port=$(pf_anchor_port_target)
@ -237,12 +237,14 @@ pf_anchor_zapret_v4()
echo "pass out$OWAN route-to (lo0 127.0.0.1) inet proto tcp from !127.0.0.0/8 to $t port $port user { >root }" echo "pass out$OWAN route-to (lo0 127.0.0.1) inet proto tcp from !127.0.0.0/8 to $t port $port user { >root }"
done done
} }
}
} }
pf_anchor_zapret_v6() pf_anchor_zapret_v6()
{ {
local tbl port LL_LAN local tbl port LL_LAN
[ "$DISABLE_IPV6" = "1" ] || { [ "$DISABLE_IPV6" = "1" ] || {
[ "$MODE" = "tpws" ] && {
[ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ] && return [ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ] && return
# LAN link local is only for router # LAN link local is only for router
@ -258,6 +260,7 @@ pf_anchor_zapret_v6()
echo "pass out$OWAN route-to (lo0 fe80::1) inet6 proto tcp from !::1 to $t port $port user { >root }" echo "pass out$OWAN route-to (lo0 fe80::1) inet6 proto tcp from !::1 to $t port $port user { >root }"
done done
} }
}
} }
pf_anchors_create() pf_anchors_create()
{ {
@ -319,12 +322,15 @@ pf_table_reload()
[ "$DISABLE_IPV6" = "1" ] || pfctl -qTl -a zapret-v6 -f "$PF_ANCHOR_ZAPRET_V6" [ "$DISABLE_IPV6" = "1" ] || pfctl -qTl -a zapret-v6 -f "$PF_ANCHOR_ZAPRET_V6"
pfctl -qTl -a zapret -f "$PF_ANCHOR_ZAPRET" pfctl -qTl -a zapret -f "$PF_ANCHOR_ZAPRET"
} }
zapret_do_firewall() zapret_do_firewall()
{ {
# $1 - 1 - add, 0 - del # $1 - 1 - add, 0 - del
case "${MODE}" in case "${MODE}" in
tpws) tpws|filter)
if [ "$1" = "1" ] ; then if [ "$1" = "1" ] ; then
pf_anchor_root || return 1 pf_anchor_root || return 1
pf_anchors_create pf_anchors_create
@ -334,8 +340,6 @@ zapret_do_firewall()
pf_anchors_clear pf_anchors_clear
fi fi
;; ;;
filter)
;;
*) *)
echo "unsupported MODE=$MODE" echo "unsupported MODE=$MODE"
return 1 return 1