drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2024-12-02 22:50:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
0697347673
zapret/init.d/openwrt/99-zapret
bolvan 7443de517a first commit
2016-02-15 16:34:45 +03:00

36 lines
1.6 KiB
Plaintext
Raw Blame History

# copy it to /etc/hotplug.d/firewall/99-zapret
# CHOOSE ISP HERE. UNCOMMENT ONLY ONE LINE.
# if your ISP not in list then comment all lines
ISP=domru
TPPORT=1188
TPWS_USER=daemon
case "$ACTION" in
add)
case "$ISP" in
domru)
case "$INTERFACE" in
wan)
# BLOCK SPOOFED DNS FROM DOMRU
iptables -t raw -C PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|5cfff164|" --algo bm -j DROP --from 40 --to 300 ||
iptables -t raw -I PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|5cfff164|" --algo bm -j DROP --from 40 --to 300
iptables -t raw -C PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|2a022698a00000000000000000000064|" --algo bm -j DROP --from 40 --to 300 ||
iptables -t raw -I PREROUTING -i $DEVICE -p udp --sport 53 -m string --hex-string "|2a022698a00000000000000000000064|" --algo bm -j DROP --from 40 --to 300
# DNAT for local traffic
iptables -t nat -C OUTPUT -p tcp --dport 80 -o $DEVICE -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT ||
iptables -t nat -I OUTPUT -p tcp --dport 80 -o $DEVICE -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
;;
lan)
# DNAT for pass-thru traffic
sysctl -w net.ipv4.conf.$DEVICE.route_localnet=1
iptables -t nat -C prerouting_lan_rule -p tcp --dport 80 -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT ||
iptables -t nat -I prerouting_lan_rule -p tcp --dport 80 -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
;;
esac
;;
esac
esac
Reference in New Issue View Git Blame Copy Permalink