From d548d76c1bb7854a99ed74ee25d57bc9508cf63a Mon Sep 17 00:00:00 2001 From: bol-van Date: Mon, 21 Oct 2024 22:14:10 +0300 Subject: [PATCH] init.d: openwrt-minimal disable ipv6 instructions --- docs/readme.txt | 2 ++ init.d/openwrt-minimal/readme.txt | 2 ++ init.d/openwrt-minimal/tpws/etc/firewall.user | 19 +++++++++++-------- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/docs/readme.txt b/docs/readme.txt index 6343103..92f471d 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -1732,6 +1732,7 @@ install_easy.sh автоматизирует ручные варианты пр Скопируйте бинарник tpws подходящей архитектуры в /usr/bin/tpws. Установите права на файлы : chmod 755 /etc/init.d/tpws /usr/bin/tpws Отредактируйте /etc/config/tpws +Если не нужен ipv6, отредактируйте /etc/nftables.d/90-tpws.nft и закомментируйте строки с редиректом ipv6. /etc/init.d/tpws enable /etc/init.d/tpws start fw4 restart @@ -1759,6 +1760,7 @@ opkg install iptables-mod-extra Скопируйте бинарник tpws подходящей архитектуры в /usr/bin/tpws. Установите права на файлы : chmod 755 /etc/init.d/tpws /usr/bin/tpws Отредактируйте /etc/config/tpws +Если не нужен ipv6, отредактируйте /etc/firewall.user и установите там DISABLE_IPV6=1. /etc/init.d/tpws enable /etc/init.d/tpws start fw3 restart diff --git a/init.d/openwrt-minimal/readme.txt b/init.d/openwrt-minimal/readme.txt index 1b90bca..081df69 100644 --- a/init.d/openwrt-minimal/readme.txt +++ b/init.d/openwrt-minimal/readme.txt @@ -11,6 +11,7 @@ Copy everything from tpws directory to the root of the router. Copy tpws binary for your architecture to /usr/bin/tpws Set proper access rights : chmod 755 /etc/init.d/tpws /usr/bin/tpws EDIT /etc/config/tpws +If you don't want ipv6 : edit /etc/nftables.d and comment lines with ipv6 redirect /etc/init.d/tpws enable /etc/init.d/tpws start fw4 restart @@ -39,6 +40,7 @@ Copy everything from tpws directory to the root of the router. Copy tpws binary for your architecture to /usr/bin/tpws Set proper access rights : chmod 755 /etc/init.d/tpws /usr/bin/tpws EDIT /etc/config/tpws +If you don't want ipv6 : edit /etc/firewall.user and set DISABLE_IPV6=1 /etc/init.d/tpws enable /etc/init.d/tpws start fw3 restart diff --git a/init.d/openwrt-minimal/tpws/etc/firewall.user b/init.d/openwrt-minimal/tpws/etc/firewall.user index e1065d9..b2d24c6 100644 --- a/init.d/openwrt-minimal/tpws/etc/firewall.user +++ b/init.d/openwrt-minimal/tpws/etc/firewall.user @@ -1,8 +1,11 @@ +DISABLE_IPV6=0 TP_PORT=900 TP_USER=daemon EXCLUDE4="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16" EXCLUDE6="fc00::/7 fe80::/10" +IPTS="iptables ip6tables" +[ "$DISABLE_IPV6" = 1 ] && IPTS=iptables exists() { @@ -25,22 +28,22 @@ redirect() redirect_port 443 $TP_PORT } -for IPTABLES in iptables ip6tables; do +for IPTABLES in $IPTS; do $IPTABLES -t nat -N tpws 2>/dev/null $IPTABLES -t nat -F tpws redirect done -for net in $EXCLUDE4 -do +for net in $EXCLUDE4; do iptables -t nat -I tpws -d $net -j RETURN done -for net in $EXCLUDE6 -do - ip6tables -t nat -I tpws -d $net -j RETURN -done +[ "$DISABLE_IPV6" = 1 ] || { + for net in $EXCLUDE6; do + ip6tables -t nat -I tpws -d $net -j RETURN + done +} -for IPTABLES in iptables ip6tables; do +for IPTABLES in $IPTS; do ipt PREROUTING -t nat -j tpws ipt OUTPUT -t nat -m owner ! --uid-owner $TP_USER -j tpws done