drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-04-19 21:42:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

fw_tpws_add separate from prepare_tpws

Browse Source
This commit is contained in:
bolvan 2019-05-05 20:17:46 +03:00
parent b1337b805b
commit f59feffd8c
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
init.d/sysv/zapret
View File

@ -72,21 +72,9 @@ exists()
which $1 >/dev/null 2>/dev/null which $1 >/dev/null 2>/dev/null
} }
prepare_tpws()
{
# $TPWS_USER is required to prevent redirection of the traffic originating from TPWS itself
# otherwise infinite loop will occur
# also its good idea not to run tpws as root
id -u $TPWS_USER >/dev/null 2>/dev/null || useradd --no-create-home --system --shell /bin/false $TPWS_USER
# otherwise linux kernel will treat 127.0.0.1 as "martian" ip and refuse routing to it
# NOTE : kernels <3.6 do not have this feature. consider upgrading or change DNAT to REDIRECT and do not bind to 127.0.0.1
for iface in /proc/sys/net/ipv4/conf/*; do sysctl -qw net.ipv4.conf.$(basename $iface).route_localnet=1; done
}
fw_tpws_add() fw_tpws_add()
{ {
# $1 - iptable filter # $1 - iptable filter
prepare_tpws
echo "Adding iptables rule for tpws : $1" echo "Adding iptables rule for tpws : $1"
[ -n "$SLAVE_ETH" ] && { [ -n "$SLAVE_ETH" ] && {
iptables -t nat -C PREROUTING -i $SLAVE_ETH -p tcp $1 -j DNAT --to 127.0.0.1:$TPPORT 2>/dev/null || iptables -t nat -C PREROUTING -i $SLAVE_ETH -p tcp $1 -j DNAT --to 127.0.0.1:$TPPORT 2>/dev/null ||
@ -188,26 +176,40 @@ stop_daemon()
fi fi
} }
prepare_tpws()
{
# $TPWS_USER is required to prevent redirection of the traffic originating from TPWS itself
# otherwise infinite loop will occur
# also its good idea not to run tpws as root
id -u $TPWS_USER >/dev/null 2>/dev/null || useradd --no-create-home --system --shell /bin/false $TPWS_USER
# otherwise linux kernel will treat 127.0.0.1 as "martian" ip and refuse routing to it
# NOTE : kernels <3.6 do not have this feature. consider upgrading or change DNAT to REDIRECT and do not bind to 127.0.0.1
for iface in /proc/sys/net/ipv4/conf/*; do sysctl -qw net.ipv4.conf.$(basename $iface).route_localnet=1; done
}
create_ipset() create_ipset()
{ {
echo "Creating ipset" echo "Creating ipset"
($IPSET_CR) "$IPSET_CR"
} }
case "$1" in case "$1" in
start) start)
case "${MODE}" in case "${MODE}" in
tpws_hostlist) tpws_hostlist)
prepare_tpws
fw_tpws_add "--dport 80" fw_tpws_add "--dport 80"
run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT --hostlist=$TPWS_HOSTLIST" run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT --hostlist=$TPWS_HOSTLIST"
;; ;;
tpws_ipset) tpws_ipset)
create_ipset create_ipset
prepare_tpws
fw_tpws_add "--dport 80 -m set --match-set zapret dst" fw_tpws_add "--dport 80 -m set --match-set zapret dst"
run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT" run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT"
;; ;;
tpws_all) tpws_all)
prepare_tpws
fw_tpws_add "--dport 80" fw_tpws_add "--dport 80"
run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT" run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT"
;; ;;