drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-04-19 21:42:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

sysv init : separate daemon launch and firewall

Browse Source
This commit is contained in:
bolvan 2019-05-14 12:27:04 +03:00
parent 599791dea0
commit b0f0cd1c75
3 changed files with 187 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
docs/readme.txt
View File

@ -307,14 +307,27 @@ IFACE_WAN=eth1
Параметр INIT_APPLY_FW=1 разрешает init скрипту самостоятельно применять правила iptables. Параметр INIT_APPLY_FW=1 разрешает init скрипту самостоятельно применять правила iptables.
При иных значениях или если параметр закомментирован, правила применены не будут. При иных значениях или если параметр закомментирован, правила применены не будут.
Это полезно, если у вас есть система управления фаерволом, в настройки которой и следует прикрутить правила. Это полезно, если у вас есть система управления фаерволом, в настройки которой и следует прикрутить правила.
Прикручивание к системе управления фаерволом или своей системе запуска
----------------------------------------------------------------------
Не всегда желательно, чтобы init скрипт или служба systemd применяли правила фаервола.
Хелпер-функции для настройки фаервола вынесены в отдельный shell include Хелпер-функции для настройки фаервола вынесены в отдельный shell include
Чтобы не копировать текст и не изобретать велосипед можно подключить include из ваших скриптов. Чтобы не копировать текст и не изобретать велосипед можно подключить include из ваших скриптов.
В своем скрипте необходимо выставить переменную APPLY_FW=1, чтобы принудительно разрешить применение правил iptales
вне зависимости от параметра INIT_APPLY_FW.
Пример :
. /opt/zapret/init.d/sysv/functions . /opt/zapret/init.d/sysv/functions
APPLY_FW=1
fw_tpws_add "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $TPPORT_HTTP Есть 2 простые функции, которые позволят добавить и удалить правила firewall от zapret :
zapret_apply_firewall
zapret_unapply_firewall
И 2 простых функции для запуска и остановки демонов :
zapret_run_daemons
zapret_stop_daemons
Посмотрите init скрипт /opt/zapret/init.d/sysv/zapret и все поймете сами.
Пример установки на debian-подобную систему Пример установки на debian-подобную систему
------------------------------------------- -------------------------------------------

179
init.d/sysv/functions
View File

@ -28,8 +28,6 @@ TPWS_OPT_BASE_HTTPS="--port=$TPPORT_HTTPS"
[ -n "$IFACE_WAN" ] && IPT_IWAN="-i $IFACE_WAN" [ -n "$IFACE_WAN" ] && IPT_IWAN="-i $IFACE_WAN"
[ -n "$IFACE_LAN" ] && IPT_ILAN="-i $IFACE_LAN" [ -n "$IFACE_LAN" ] && IPT_ILAN="-i $IFACE_LAN"
[ -n "$APPLY_FW" ] || APPLY_FW=$INIT_APPLY_FW
exists() exists()
{ {
which $1 >/dev/null 2>/dev/null which $1 >/dev/null 2>/dev/null
@ -88,14 +86,14 @@ fw_tpws_add()
# $1 - iptable filter for ipv4 # $1 - iptable filter for ipv4
# $2 - iptable filter for ipv6 # $2 - iptable filter for ipv6
# $3 - tpws port # $3 - tpws port
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV4" != "1" ] && { [ "$DISABLE_IPV4" != "1" ] && {
echo "Adding iptables rule for tpws : $1" echo "Adding iptables rule for tpws : $1"
[ -n "$IFACE_LAN" ] && { [ -n "$IFACE_LAN" ] && {
ipt PREROUTING -t nat $IPT_ILAN -p tcp $1 -j DNAT --to 127.0.0.1:$3 ipt PREROUTING -t nat $IPT_ILAN -p tcp $1 -j DNAT --to 127.0.0.1:$3
} }
ipt OUTPUT -t nat $IPT_OWAN -m owner ! --uid-owner $TPWS_USER -p tcp $1 -j DNAT --to 127.0.0.1:$3 ipt OUTPUT -t nat $IPT_OWAN -m owner ! --uid-owner $TPWS_USER -p tcp $1 -j DNAT --to 127.0.0.1:$3
} }
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV6" != "1" ] && { [ "$DISABLE_IPV6" != "1" ] && {
echo "Adding ip6tables rule for tpws : $2" echo "Adding ip6tables rule for tpws : $2"
[ -n "$IFACE_LAN" ] && { [ -n "$IFACE_LAN" ] && {
dnat6_target dnat6_target
@ -109,14 +107,14 @@ fw_tpws_del()
# $1 - iptable filter for ipv4 # $1 - iptable filter for ipv4
# $2 - iptable filter for ipv6 # $2 - iptable filter for ipv6
# $3 - tpws port # $3 - tpws port
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV4" != "1" ] && { [ "$DISABLE_IPV4" != "1" ] && {
echo "Deleting iptables rule for tpws : $1" echo "Deleting iptables rule for tpws : $1"
[ -n "$IFACE_LAN" ] && { [ -n "$IFACE_LAN" ] && {
ipt_del PREROUTING -t nat $IPT_ILAN -p tcp $1 -j DNAT --to 127.0.0.1:$3 ipt_del PREROUTING -t nat $IPT_ILAN -p tcp $1 -j DNAT --to 127.0.0.1:$3
} }
ipt_del OUTPUT -t nat $IPT_OWAN -m owner ! --uid-owner $TPWS_USER -p tcp $1 -j DNAT --to 127.0.0.1:$3 ipt_del OUTPUT -t nat $IPT_OWAN -m owner ! --uid-owner $TPWS_USER -p tcp $1 -j DNAT --to 127.0.0.1:$3
} }
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV6" != "1" ] && { [ "$DISABLE_IPV6" != "1" ] && {
echo "Deleting ip6tables rule for tpws : $2" echo "Deleting ip6tables rule for tpws : $2"
[ -n "$IFACE_LAN" ] && { [ -n "$IFACE_LAN" ] && {
dnat6_target dnat6_target
@ -130,11 +128,11 @@ fw_nfqws_add_pre()
{ {
# $1 - iptable filter for ipv4 # $1 - iptable filter for ipv4
# $2 - iptable filter for ipv6 # $2 - iptable filter for ipv6
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV4" != "1" ] && { [ "$DISABLE_IPV4" != "1" ] && {
echo "Adding iptables rule for nfqws prerouting : $1" echo "Adding iptables rule for nfqws prerouting : $1"
ipt PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $1 -j NFQUEUE --queue-num $QNUM --queue-bypass ipt PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $1 -j NFQUEUE --queue-num $QNUM --queue-bypass
} }
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV6" != "1" ] && { [ "$DISABLE_IPV6" != "1" ] && {
echo "Adding ip6tables rule for nfqws prerouting : $2" echo "Adding ip6tables rule for nfqws prerouting : $2"
ipt6 PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $2 -j NFQUEUE --queue-num $QNUM --queue-bypass ipt6 PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $2 -j NFQUEUE --queue-num $QNUM --queue-bypass
} }
@ -143,11 +141,11 @@ fw_nfqws_del_pre()
{ {
# $1 - iptable filter for ipv4 # $1 - iptable filter for ipv4
# $2 - iptable filter for ipv6 # $2 - iptable filter for ipv6
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV4" != "1" ] && { [ "$DISABLE_IPV4" != "1" ] && {
echo "Deleting iptables rule for nfqws prerouting : $1" echo "Deleting iptables rule for nfqws prerouting : $1"
ipt_del PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $1 -j NFQUEUE --queue-num $QNUM --queue-bypass ipt_del PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $1 -j NFQUEUE --queue-num $QNUM --queue-bypass
} }
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV6" != "1" ] && { [ "$DISABLE_IPV6" != "1" ] && {
echo "Deleting ip6tables rule for nfqws prerouting : $2" echo "Deleting ip6tables rule for nfqws prerouting : $2"
ipt6_del PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $2 -j NFQUEUE --queue-num $QNUM --queue-bypass ipt6_del PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $2 -j NFQUEUE --queue-num $QNUM --queue-bypass
} }
@ -156,11 +154,11 @@ fw_nfqws_add_post()
{ {
# $1 - iptable filter for ipv4 # $1 - iptable filter for ipv4
# $2 - iptable filter for ipv6 # $2 - iptable filter for ipv6
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV4" != "1" ] && { [ "$DISABLE_IPV4" != "1" ] && {
echo "Adding iptables rule for nfqws postrouting : $1" echo "Adding iptables rule for nfqws postrouting : $1"
ipt POSTROUTING -t mangle $IPT_OWAN -p tcp $1 -j NFQUEUE --queue-num $QNUM --queue-bypass ipt POSTROUTING -t mangle $IPT_OWAN -p tcp $1 -j NFQUEUE --queue-num $QNUM --queue-bypass
} }
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV6" != "1" ] && { [ "$DISABLE_IPV6" != "1" ] && {
echo "Adding ip6tables rule for nfqws postrouting : $2" echo "Adding ip6tables rule for nfqws postrouting : $2"
ipt6 POSTROUTING -t mangle $IPT_OWAN -p tcp $2 -j NFQUEUE --queue-num $QNUM --queue-bypass ipt6 POSTROUTING -t mangle $IPT_OWAN -p tcp $2 -j NFQUEUE --queue-num $QNUM --queue-bypass
} }
@ -169,11 +167,11 @@ fw_nfqws_del_post()
{ {
# $1 - iptable filter for ipv4 # $1 - iptable filter for ipv4
# $2 - iptable filter for ipv6 # $2 - iptable filter for ipv6
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV4" != "1" ] && { [ "$DISABLE_IPV4" != "1" ] && {
echo "Deleting iptables rule for nfqws postrouting : $1" echo "Deleting iptables rule for nfqws postrouting : $1"
ipt_del POSTROUTING -t mangle $IPT_OWAN -p tcp $1 -j NFQUEUE --queue-num $QNUM --queue-bypass ipt_del POSTROUTING -t mangle $IPT_OWAN -p tcp $1 -j NFQUEUE --queue-num $QNUM --queue-bypass
} }
[ "$APPLY_FW" = "1" ] && [ "$DISABLE_IPV6" != "1" ] && { [ "$DISABLE_IPV6" != "1" ] && {
echo "Deleting ip6tables rule for nfqws postrouting : $2" echo "Deleting ip6tables rule for nfqws postrouting : $2"
ipt6_del POSTROUTING -t mangle $IPT_OWAN -p tcp $2 -j NFQUEUE --queue-num $QNUM --queue-bypass ipt6_del POSTROUTING -t mangle $IPT_OWAN -p tcp $2 -j NFQUEUE --queue-num $QNUM --queue-bypass
} }
@ -240,6 +238,7 @@ prepare_tpws()
run_tpws() run_tpws()
{ {
prepare_tpws
[ "$DISABLE_IPV4" != "1" ] && run_daemon $1 $TPWS "$TPWS_OPT_BASE $2" [ "$DISABLE_IPV4" != "1" ] && run_daemon $1 $TPWS "$TPWS_OPT_BASE $2"
[ "$DISABLE_IPV6" != "1" ] && { [ "$DISABLE_IPV6" != "1" ] && {
run_daemon $((60+$1)) $TPWS "$TPWS_OPT_BASE6 $2" run_daemon $((60+$1)) $TPWS "$TPWS_OPT_BASE6 $2"
@ -261,3 +260,155 @@ create_ipset()
echo "Creating ipset" echo "Creating ipset"
"$IPSET_CR" "$IPSET_CR"
} }
zapret_apply_firewall()
{
case "${MODE}" in
tpws_hostlist)
prepare_tpws
fw_tpws_add "--dport 80" "--dport 80" $TPPORT_HTTP
;;
tpws_ipset)
create_ipset
prepare_tpws
fw_tpws_add "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $TPPORT_HTTP
;;
tpws_ipset_https)
create_ipset
prepare_tpws
fw_tpws_add "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $TPPORT_HTTP
fw_tpws_add "--dport 443 -m set --match-set zapret dst" "--dport 443 -m set --match-set zapret6 dst" $TPPORT_HTTPS
;;
tpws_all)
prepare_tpws
fw_tpws_add "--dport 80" "--dport 80" $TPPORT_HTTP
;;
tpws_all_https)
prepare_tpws
fw_tpws_add "--dport 80" "--dport 80" $TPPORT_HTTP
fw_tpws_add "--dport 443" "--dport 443" $TPPORT_HTTPS
;;
nfqws_ipset)
create_ipset
fw_nfqws_add_pre "--sport 80 -m set --match-set zapret src" "--sport 80 -m set --match-set zapret6 src"
fw_nfqws_add_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
;;
nfqws_ipset_https)
create_ipset
fw_nfqws_add_pre "-m multiport --sports 80,443 -m set --match-set zapret src" "-m multiport --sports 80,443 -m set --match-set zapret6 src"
fw_nfqws_add_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
;;
nfqws_all)
fw_nfqws_add_pre "--sport 80" "--sport 80"
fw_nfqws_add_post "--dport 80" "--dport 80"
;;
nfqws_all_https)
fw_nfqws_add_pre "-m multiport --sports 80,443" "-m multiport --sports 80,443"
fw_nfqws_add_post "--dport 80" "--dport 80"
;;
ipset)
create_ipset
;;
custom)
# PLACEHOLDER
echo !!! NEED ATTENTION !!!
echo Configure iptables for required actions
echo Study how other sections work
;;
esac
}
zapret_run_daemons()
{
case "${MODE}" in
tpws_hostlist)
run_tpws 1 "$TPWS_OPT_BASE_HTTP $TPWS_OPT_HTTP --hostlist=$TPWS_HOSTLIST"
;;
tpws_ipset)
run_tpws 1 "$TPWS_OPT_BASE_HTTP $TPWS_OPT_HTTP"
;;
tpws_ipset_https|tpws_all_https)
run_tpws 1 "$TPWS_OPT_BASE_HTTP $TPWS_OPT_HTTP"
run_tpws 2 "$TPWS_OPT_BASE_HTTPS $TPWS_OPT_HTTPS"
;;
tpws_all)
run_tpws 1 "$TPWS_OPT_BASE_HTTP $TPWS_OPT_HTTP"
;;
nfqws_ipset|nfqws_ipset_https|nfqws_all|nfqws_all_https)
run_daemon 1 $NFQWS "$NFQWS_OPT_BASE $NFQWS_OPT"
;;
ipset)
create_ipset
;;
custom)
# PLACEHOLDER
echo !!! NEED ATTENTION !!!
echo Start daemon\(s\)
echo Study how other sections work
run_daemon 1 /bin/sleep 20
;;
esac
}
zapret_unapply_firewall()
{
case "${MODE}" in
tpws_hostlist|tpws_all)
fw_tpws_del "--dport 80" "--dport 80" $TPPORT_HTTP
;;
tpws_ipset)
fw_tpws_del "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $TPPORT_HTTP
;;
tpws_ipset_https)
fw_tpws_del "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $TPPORT_HTTP
fw_tpws_del "--dport 443 -m set --match-set zapret dst" "--dport 443 -m set --match-set zapret6 dst" $TPPORT_HTTPS
;;
tpws_all_https)
fw_tpws_del "--dport 80" "--dport 80" $TPPORT_HTTP
fw_tpws_del "--dport 443" "--dport 443" $TPPORT_HTTPS
;;
nfqws_ipset)
fw_nfqws_del_pre "--sport 80 -m set --match-set zapret src" "--sport 80 -m set --match-set zapret6 src"
fw_nfqws_del_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
;;
nfqws_ipset_https)
fw_nfqws_del_pre "-m multiport --sports 80,443 -m set --match-set zapret src" "-m multiport --sports 80,443 -m set --match-set zapret6 src"
fw_nfqws_del_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
;;
nfqws_all)
fw_nfqws_del_pre "--sport 80" "--sport 80"
fw_nfqws_del_post "--dport 80" "--dport 80"
;;
nfqws_all_https)
fw_nfqws_del_pre "-m multiport --sports 80,443" "-m multiport --sports 80,443"
fw_nfqws_del_post "--dport 80" "--dport 80"
;;
custom)
# PLACEHOLDER
echo !!! NEED ATTENTION !!!
echo Clear firewall rules here. Remove iptables changes made previously.
echo Study how other sections work.
;;
esac
}
zapret_stop_daemons()
{
case "${MODE}" in
tpws_hostlist|tpws_all|tpws_ipset)
stop_tpws 1
;;
tpws_ipset_https|tpws_all_https)
stop_tpws 1
stop_tpws 2
;;
nfqws_ipset|nfqws_ipset_https|nfqws_all|nfqws_all_https)
stop_daemon 1 $NFQWS
;;
custom)
# PLACEHOLDER
echo !!! NEED ATTENTION !!!
echo Stop daemon\(s\) previously started.
echo Study how other sections work.
;;
esac
}

119
init.d/sysv/zapret
View File

@ -15,124 +15,13 @@ DESC=anti-zapret
case "$1" in case "$1" in
start) start)
case "${MODE}" in zapret_run_daemons
tpws_hostlist) [ "$INIT_APPLY_FW" = "1" ] && zapret_apply_firewall
prepare_tpws
fw_tpws_add "--dport 80" "--dport 80" $TPPORT_HTTP
run_tpws 1 "$TPWS_OPT_BASE_HTTP $TPWS_OPT_HTTP --hostlist=$TPWS_HOSTLIST"
;;
tpws_ipset)
create_ipset
prepare_tpws
fw_tpws_add "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $TPPORT_HTTP
run_tpws 1 "$TPWS_OPT_BASE_HTTP $TPWS_OPT_HTTP"
;;
tpws_ipset_https)
create_ipset
prepare_tpws
fw_tpws_add "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $TPPORT_HTTP
fw_tpws_add "--dport 443 -m set --match-set zapret dst" "--dport 443 -m set --match-set zapret6 dst" $TPPORT_HTTPS
run_tpws 1 "$TPWS_OPT_BASE_HTTP $TPWS_OPT_HTTP"
run_tpws 2 "$TPWS_OPT_BASE_HTTPS $TPWS_OPT_HTTPS"
;;
tpws_all)
prepare_tpws
fw_tpws_add "--dport 80" "--dport 80" $TPPORT_HTTP
run_tpws 1 "$TPWS_OPT_BASE_HTTP $TPWS_OPT_HTTP"
;;
tpws_all_https)
prepare_tpws
fw_tpws_add "--dport 80" "--dport 80" $TPPORT_HTTP
fw_tpws_add "--dport 443" "--dport 443" $TPPORT_HTTPS
run_tpws 1 "$TPWS_OPT_BASE_HTTP $TPWS_OPT_HTTP"
run_tpws 2 "$TPWS_OPT_BASE_HTTPS $TPWS_OPT_HTTPS"
;;
nfqws_ipset)
create_ipset
fw_nfqws_add_pre "--sport 80 -m set --match-set zapret src" "--sport 80 -m set --match-set zapret6 src"
fw_nfqws_add_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
run_daemon 1 $NFQWS "$NFQWS_OPT_BASE $NFQWS_OPT"
;;
nfqws_ipset_https)
create_ipset
fw_nfqws_add_pre "-m multiport --sports 80,443 -m set --match-set zapret src" "-m multiport --sports 80,443 -m set --match-set zapret6 src"
fw_nfqws_add_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
run_daemon 1 $NFQWS "$NFQWS_OPT_BASE $NFQWS_OPT"
;;
nfqws_all)
fw_nfqws_add_pre "--sport 80" "--sport 80"
fw_nfqws_add_post "--dport 80" "--dport 80"
run_daemon 1 $NFQWS "$NFQWS_OPT_BASE $NFQWS_OPT"
;;
nfqws_all_https)
fw_nfqws_add_pre "-m multiport --sports 80,443" "-m multiport --sports 80,443"
fw_nfqws_add_post "--dport 80" "--dport 80"
run_daemon 1 $NFQWS "$NFQWS_OPT_BASE $NFQWS_OPT"
;;
ipset)
create_ipset
;;
custom)
# PLACEHOLDER
echo !!! NEED ATTENTION !!!
echo Configure iptables for required actions
echo Start daemon\(s\)
echo Study how other sections work
run_daemon 1 /bin/sleep 20
;;
esac
;; ;;
stop) stop)
case "${MODE}" in zapret_stop_daemons
tpws_hostlist|tpws_all) [ "$INIT_APPLY_FW" = "1" ] && zapret_unapply_firewall
fw_tpws_del "--dport 80" "--dport 80" $TPPORT_HTTP
stop_tpws 1
;;
tpws_ipset)
fw_tpws_del "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $TPPORT_HTTP
stop_tpws 1
;;
tpws_ipset_https)
fw_tpws_del "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $TPPORT_HTTP
fw_tpws_del "--dport 443 -m set --match-set zapret dst" "--dport 443 -m set --match-set zapret6 dst" $TPPORT_HTTPS
stop_tpws 1
stop_tpws 2
;;
tpws_all_https)
fw_tpws_del "--dport 80" "--dport 80" $TPPORT_HTTP
fw_tpws_del "--dport 443" "--dport 443" $TPPORT_HTTPS
stop_tpws 1
stop_tpws 2
;;
nfqws_ipset)
fw_nfqws_del_pre "--sport 80 -m set --match-set zapret src" "--sport 80 -m set --match-set zapret6 src"
fw_nfqws_del_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
stop_daemon 1 $NFQWS
;;
nfqws_ipset_https)
fw_nfqws_del_pre "-m multiport --sports 80,443 -m set --match-set zapret src" "-m multiport --sports 80,443 -m set --match-set zapret6 src"
fw_nfqws_del_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
stop_daemon 1 $NFQWS
;;
nfqws_all)
fw_nfqws_del_pre "--sport 80" "--sport 80"
fw_nfqws_del_post "--dport 80" "--dport 80"
stop_daemon 1 $NFQWS
;;
nfqws_all_https)
fw_nfqws_del_pre "-m multiport --sports 80,443" "-m multiport --sports 80,443"
fw_nfqws_del_post "--dport 80" "--dport 80"
stop_daemon 1 $NFQWS
;;
custom)
# PLACEHOLDER
echo !!! NEED ATTENTION !!!
echo Clear firewall rules here. Remove iptables changes made previously.
echo Stop daemon\(s\) previously started.
echo Study how other sections work.
;;
esac
;; ;;
*) *)