mirror of
https://github.com/bol-van/zapret.git
synced 2025-04-20 05:52:57 +03:00
129 lines
2.7 KiB
Bash
Executable File
129 lines
2.7 KiB
Bash
Executable File
#!/bin/sh /etc/rc.common
|
|
# Copyright (C) 2006-2011 OpenWrt.org
|
|
|
|
USE_PROCD=1
|
|
# start betfore firewall - we need ipset populated
|
|
START=18
|
|
|
|
|
|
# +++ REVIEW CONFIG HERE +++
|
|
|
|
# CHOOSE OPERATION MODE
|
|
# leave only one MODE= uncommented
|
|
|
|
# using nfqws with ipset
|
|
#MODE=nfqws_ipset
|
|
# using nfqws for all
|
|
#MODE=nfqws_all
|
|
# CHOOSE NFQWS DAEMON OPTIONS. run "nfq/nfqws --help" for option list
|
|
NFQWS_OPT="--wsize=3 --hostspell=HOST"
|
|
|
|
# using tpws with ipset
|
|
MODE=tpws_ipset
|
|
# using tpws for all
|
|
#MODE=tpws_all
|
|
# using tpws with hostlist
|
|
#MODE=tpws_hostlist
|
|
# CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list
|
|
TPWS_OPT="--hostspell=HOST --split-http-req=method"
|
|
|
|
# only fill ipset, do not run daemons
|
|
#MODE=ipset
|
|
|
|
# Custom mode
|
|
# Find out what works for you and modify "# PLACEHOLDER" parts of this script
|
|
#MODE=custom
|
|
|
|
# --- REVIEW CONFIG HERE ---
|
|
|
|
# !!!!! in openwrt you need to add firewall rules manually to /etc/firewall.user
|
|
|
|
|
|
PIDDIR=/var/run
|
|
ZAPRET_BASE=/opt/zapret
|
|
IPSET_CR=$ZAPRET_BASE/ipset/create_ipset.sh
|
|
|
|
QNUM=200
|
|
NFQWS=$ZAPRET_BASE/nfq/nfqws
|
|
NFQWS_OPT_BASE="--qnum=$QNUM"
|
|
|
|
TPPORT=1188
|
|
TPWS=$ZAPRET_BASE/tpws/tpws
|
|
TPWS_USER=daemon
|
|
TPWS_HOSTLIST=$ZAPRET_BASE/ipset/zapret-hosts.txt
|
|
TPWS_OPT_BASE="--port=$TPPORT --user=$TPWS_USER --bind-addr=127.0.0.1"
|
|
|
|
|
|
# must execute /etc/firewall.user on every firewall reload
|
|
set_firewall_user_reload() {
|
|
i=0
|
|
while true
|
|
do
|
|
path=$(uci -q get firewall.@include[$i].path)
|
|
[ -n "$path" ] || break
|
|
[ "$path" == "/etc/firewall.user" ] && {
|
|
reload=$(uci -q get firewall.@include[$i].reload)
|
|
[ "$reload" = "1" ] || {
|
|
echo Setting 'reload' call option to /etc/firewall.user
|
|
uci set firewall.@include[$i].reload=1
|
|
uci commit firewall
|
|
}
|
|
}
|
|
i=$((i+1))
|
|
done
|
|
}
|
|
|
|
run_daemon()
|
|
{
|
|
# $1 - daemon string id or number. can use 1,2,3,...
|
|
# $2 - daemon
|
|
# $3 - daemon args
|
|
# use $PIDDIR/$DAEMONBASE$1.pid as pidfile
|
|
local DAEMONBASE=$(basename $2)
|
|
echo "Starting daemon $1: $2 $3"
|
|
procd_open_instance
|
|
procd_set_param command $2 $3
|
|
procd_set_param pidfile $PIDDIR/$DAEMONBASE$1.pid
|
|
procd_close_instance
|
|
}
|
|
|
|
create_ipset()
|
|
{
|
|
echo "Creating ipset"
|
|
($IPSET_CR)
|
|
}
|
|
|
|
|
|
start_service() {
|
|
set_firewall_user_reload
|
|
|
|
case "${MODE}" in
|
|
tpws_hostlist)
|
|
run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT --hostlist=$TPWS_HOSTLIST"
|
|
;;
|
|
tpws_ipset)
|
|
create_ipset
|
|
run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT"
|
|
;;
|
|
tpws_all)
|
|
run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT"
|
|
;;
|
|
nfqws_ipset)
|
|
create_ipset
|
|
run_daemon 1 $NFQWS "$NFQWS_OPT_BASE $NFQWS_OPT"
|
|
;;
|
|
nfqws_all)
|
|
run_daemon 1 $NFQWS "$NFQWS_OPT_BASE $NFQWS_OPT"
|
|
;;
|
|
ipset)
|
|
create_ipset
|
|
;;
|
|
custom)
|
|
# PLACEHOLDER
|
|
echo !!! NEED ATTENTION !!!
|
|
echo Start daemon\(s\)
|
|
echo Study how other sections work
|
|
;;
|
|
esac
|
|
}
|