drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-24 22:32:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

openwrt : simplify iptables in firewall include scripts

Browse Source
This commit is contained in:
bolvan
2019-05-07 11:30:15 +03:00
parent cd7de457e6
commit db5b2c2d39
13 changed files with 125 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
init.d/openwrt/firewall.zapret.tpws_ipset
View File

@@ -2,20 +2,20 @@ TPPORT_HTTP=1188
TPWS_USER=daemon
IPT_FILTER_HTTP="-p tcp --dport 80 -m set --match-set zapret dst"
. /lib/functions/network.sh
ipt()
{
iptables -C $@ 2>/dev/null || iptables -I $@
}
. /lib/functions/network.sh
network_find_wan wan_iface
for ext_iface in $wan_iface; do
network_get_device DEVICE $ext_iface
# DNAT for local traffic
iptables -t nat -C OUTPUT -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP ||
iptables -t nat -I OUTPUT -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP
ipt OUTPUT -t nat -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP
done
network_get_device DEVICE lan
sysctl -w net.ipv4.conf.$DEVICE.route_localnet=1
iptables -t nat -C prerouting_lan_rule $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP ||
iptables -t nat -I prerouting_lan_rule $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP
ipt prerouting_lan_rule -t nat $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP