macos custom mode

4 years ago · 4dd0524929
5 changed files with 143 additions and 40 deletions
--- a/docs/bsd.txt
+++ b/docs/bsd.txt
@ -373,3 +373,19 @@ start-fw создает 3 файла anchors в /etc/pf.anchors : zapret,zapret-
 Таблицы zapret6,zapret6-user - в anchor "zapret-v6".
 Если какая-то версия протокола отключена - соответствующий anchor пустой и не упоминается в anchor "zapret".
 Таблицы и правила создаются только на те листы, которые фактически есть в директории ipset.
+
+
+MacOS вариант custom
+--------------------
+
+Так же как и в других системах, поддерживаемых в простом инсталяторе, можно создавать свои custom скрипты.
+Расположение : /opt/zapret/init.d/macos/custom
+
+zapret_custom_daemons() получает в $1 "0" или "1". "0" - stop, "1" - start
+custom firewall отличается от linux варианта.
+Вместо заполнения iptables вам нужно сгенерировать правила для zapret-v4 и zapret-v6 anchors и выдать их в stdout.
+Это делается в функциях zapret_custom_firewall_v4() и zapret_custom_firewall_v6().
+Определения таблиц заполняются основным скриптом - вам это делать не нужно.
+Можно ссылаться на таблицы zapret и zapret-user в v4, zapret6 и zapret6-user.
+
+Cм. пример в файле custom-tpws
--- a/init.d/macos/custom
+++ b/init.d/macos/custom
@ -0,0 +1,21 @@
+# this script contain your special code to launch daemons and configure firewall
+# use helpers from "functions" file
+# in case of upgrade keep this file only, do not modify others
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+	:
+}
+
+# custom firewall functions echo rules for zapret-v4 and zapret-v6 anchors
+# they come after automated table definitions. so you can use <zapret> <zapret6> <zapret-user> ...
+
+zapret_custom_firewall_v4()
+{
+	:
+}
+zapret_custom_firewall_v6()
+{
+	:
+}
--- a/init.d/macos/custom-tpws
+++ b/init.d/macos/custom-tpws
@ -0,0 +1,25 @@
+# this script is an example describing how to run tpws on a custom port
+
+TPPORT_MY=987
+
+zapret_custom_daemons()
+{
+	# $1 - 1 - run, 0 - stop
+	local opt="--user=root --port=$TPPORT_MY"
+	filter_apply_hostlist_target opt
+	tpws_apply_binds opt
+	opt="$opt $TPWS_OPT"
+	do_daemon $1 1 "$TPWS" "$opt"
+}
+
+# custom firewall functions echo rules for zapret-v4 and zapret-v6 anchors
+# they come after automated table definitions. so you can use <zapret> <zapret6> <zapret-user> ...
+
+zapret_custom_firewall_v4()
+{
+	pf_anchor_zapret_v4_tpws $TPPORT_MY
+}
+zapret_custom_firewall_v6()
+{
+	pf_anchor_zapret_v6_tpws $TPPORT_MY
+}
--- a/init.d/macos/functions
+++ b/init.d/macos/functions
@ -20,6 +20,14 @@ PF_ANCHOR_ZAPRET_V6="$PF_ANCHOR_DIR/zapret-v6"

 [ -n "$IFACE_WAN" ] && OWAN=" on $IFACE_WAN"

+CUSTOM_SCRIPT="$ZAPRET_BASE/init.d/macos/custom"
+[ -f "$CUSTOM_SCRIPT" ] && . "$CUSTOM_SCRIPT"
+
+existf()
+{
+	type "$1" >/dev/null 2>/dev/null
+}
+
 on_off_function()
 {
 	# $1 : function name on
@ -220,46 +228,72 @@ pf_anchor_port_target()
 		echo "80"
 	fi
 }
+pf_anchor_zapret_v4_tpws()
+{
+	# $1 - port
+
+	local port=$(pf_anchor_port_target)
+	[ -n "$IFACE_LAN" ] && {
+		for t in $tbl; do
+			 echo "rdr on $IFACE_LAN inet proto tcp from any to $t port $port -> 127.0.0.1 port $1"
+		done
+	}
+	echo "rdr on lo0 inet proto tcp from !127.0.0.0/8 to any port $port -> 127.0.0.1 port $1"
+	for t in $tbl; do
+		echo "pass out$OWAN route-to (lo0 127.0.0.1) inet proto tcp from !127.0.0.0/8 to $t port $port user { >root }"
+	done
+}
+
 pf_anchor_zapret_v4()
 {
 	local tbl port
-
 	[ "$DISABLE_IPV4" = "1" ] || {
-		[ "$MODE" = "tpws" ] && {
-			[ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ] && return
-			pf_anchor_zapret_tables tbl zapret-user "$ZIPLIST_USER" zapret "$ZIPLIST"
-			port=$(pf_anchor_port_target)
-			for t in $tbl; do
-				[ -n "$IFACE_LAN" ] && echo "rdr on $IFACE_LAN inet proto tcp from any to $t port $port -> 127.0.0.1 port $TPPORT"
-			done
-			echo "rdr on lo0 inet proto tcp from !127.0.0.0/8 to any port $port -> 127.0.0.1 port $TPPORT"
-			for t in $tbl; do
-				echo "pass out$OWAN route-to (lo0 127.0.0.1) inet proto tcp from !127.0.0.0/8 to $t port $port user { >root }"
-			done
-		}
+		case $MODE in
+			tpws)
+				[ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ] && return
+				pf_anchor_zapret_tables tbl zapret-user "$ZIPLIST_USER" zapret "$ZIPLIST"
+				pf_anchor_zapret_v4_tpws $TPPORT
+				;;
+			custom)
+				pf_anchor_zapret_tables tbl zapret-user "$ZIPLIST_USER" zapret "$ZIPLIST"
+				existf zapret_custom_firewall_v4 && zapret_custom_firewall_v4
+				;;
+		esac
 	}
 }
+pf_anchor_zapret_v6_tpws()
+{
+	# $1 - port
+
+	local port=$(pf_anchor_port_target)
+	# LAN link local is only for router
+	[ -n "$IFACE_LAN" ] && LL_LAN=$(get_ipv6_linklocal $IFACE_LAN)
+	[ -n "$LL_LAN" ] && {
+		for t in $tbl; do
+			echo "rdr on $IFACE_LAN inet6 proto tcp from any to $t port $port -> $LL_LAN port $1"
+		done
+	}
+	echo "rdr on lo0 inet6 proto tcp from !::1 to any port $port -> fe80::1 port $1"
+	for t in $tbl; do
+		echo "pass out$OWAN route-to (lo0 fe80::1) inet6 proto tcp from !::1 to $t port $port user { >root }"
+	done
+}
 pf_anchor_zapret_v6()
 {
 	local tbl port LL_LAN

 	[ "$DISABLE_IPV6" = "1" ] || {
-		[ "$MODE" = "tpws" ] && {
-			[ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ] && return
-
-			# LAN link local is only for router
-			[ -n "$IFACE_LAN" ] && LL_LAN=$(get_ipv6_linklocal $IFACE_LAN)
-
-			pf_anchor_zapret_tables tbl zapret6-user "$ZIPLIST_USER6" zapret6 "$ZIPLIST6"
-			port=$(pf_anchor_port_target)
-			for t in $tbl; do
-				[ -n "$LL_LAN" ] && echo "rdr on $IFACE_LAN inet6 proto tcp from any to $t port $port -> $LL_LAN port $TPPORT"
-			done
-			echo "rdr on lo0 inet6 proto tcp from !::1 to any port $port -> fe80::1 port $TPPORT"
-			for t in $tbl; do
-				echo "pass out$OWAN route-to (lo0 fe80::1) inet6 proto tcp from !::1 to $t port $port user { >root }"
-			done
-		}
+		case $MODE in
+			tpws)
+				[ ! "$MODE_HTTP" = "1" ] && [ ! "$MODE_HTTPS" = "1" ] && return
+				pf_anchor_zapret_tables tbl zapret6-user "$ZIPLIST_USER6" zapret6 "$ZIPLIST6"
+				pf_anchor_zapret_v6_tpws $TPPORT
+				;;
+			custom)
+				pf_anchor_zapret_tables tbl zapret6-user "$ZIPLIST_USER6" zapret6 "$ZIPLIST6"
+				existf zapret_custom_firewall_v6 && zapret_custom_firewall_v6
+				;;
+		esac
 	}
 }
 pf_anchors_create()
@ -330,7 +364,7 @@ zapret_do_firewall()
 	# $1 - 1 - add, 0 - del

 	case "${MODE}" in
-		tpws|filter)
+		tpws|filter|custom)
 			if [ "$1" = "1" ] ; then
 				pf_anchor_root || return 1
 				pf_anchors_create
@ -384,6 +418,9 @@ zapret_do_daemons()
 			;;
 		filter)
 			;;
+		custom)
+			existf zapret_custom_daemons && zapret_custom_daemons $1
+			;;
 		*)
 			echo "unsupported MODE=$MODE"
 			return 1
--- a/install_easy.sh
+++ b/install_easy.sh
@ -292,7 +292,7 @@ write_config_var()
 select_mode_mode()
 {
 	local MODES="tpws nfqws filter custom"
-	[ "$SYSTEM" = "macos" ] && MODES="tpws filter"
+	[ "$SYSTEM" = "macos" ] && MODES="tpws filter custom"
 	echo
 	echo select MODE :
 	ask_list MODE "$MODES" tpws && write_config_var MODE
@ -540,7 +540,7 @@ backup_restore_settings()
 {
 	# $1 - 1 - backup, 0 - restore
 	local mode=$1
-	on_off_function _backup_settings _restore_settings $mode "config" "init.d/sysv/custom" "init.d/openwrt/custom" "ipset/zapret-hosts-user.txt" "ipset/zapret-hosts-user-exclude.txt" "ipset/zapret-hosts-user-ipban.txt"
+	on_off_function _backup_settings _restore_settings $mode "config" "init.d/sysv/custom" "init.d/openwrt/custom" "init.d/macos/custom" "ipset/zapret-hosts-user.txt" "ipset/zapret-hosts-user-exclude.txt" "ipset/zapret-hosts-user-ipban.txt"
 }

 check_location()
@ -1176,17 +1176,21 @@ service_start_macos()
 }
 macos_fw_reload_trigger_clear()
 {
-	[ "$MODE" = "tpws" ] && {
-		LISTS_RELOAD=
-		write_config_var LISTS_RELOAD
-	}
+	case "$MODE" in
+		tpws|custom)
+			LISTS_RELOAD=
+			write_config_var LISTS_RELOAD
+			;;
+	esac
 }
 macos_fw_reload_trigger_set()
 {
-	[ "$MODE" = "tpws" ] && {
-		LISTS_RELOAD="$INIT_SCRIPT_SRC reload-fw-tables"
-		write_config_var LISTS_RELOAD
-	}
+	case "$MODE" in
+		tpws|custom)
+			LISTS_RELOAD="$INIT_SCRIPT_SRC reload-fw-tables"
+			write_config_var LISTS_RELOAD
+			;;
+	esac
 }

 install_macos()