init.d: openwrt-minimal disable ipv6 instructions

6 months ago · d548d76c1b
3 changed files with 15 additions and 8 deletions
--- a/docs/readme.txt
+++ b/docs/readme.txt
@ -1732,6 +1732,7 @@ install_easy.sh автоматизирует ручные варианты пр
 Скопируйте бинарник tpws подходящей архитектуры в /usr/bin/tpws.
 Установите права на файлы : chmod 755 /etc/init.d/tpws /usr/bin/tpws
 Отредактируйте /etc/config/tpws
+Если не нужен ipv6, отредактируйте /etc/nftables.d/90-tpws.nft и закомментируйте строки с редиректом ipv6.
 /etc/init.d/tpws enable
 /etc/init.d/tpws start
 fw4 restart
@ -1759,6 +1760,7 @@ opkg install iptables-mod-extra
 Скопируйте бинарник tpws подходящей архитектуры в /usr/bin/tpws.
 Установите права на файлы : chmod 755 /etc/init.d/tpws /usr/bin/tpws
 Отредактируйте /etc/config/tpws
+Если не нужен ipv6, отредактируйте /etc/firewall.user и установите там DISABLE_IPV6=1.
 /etc/init.d/tpws enable
 /etc/init.d/tpws start
 fw3 restart
--- a/init.d/openwrt-minimal/readme.txt
+++ b/init.d/openwrt-minimal/readme.txt
@ -11,6 +11,7 @@ Copy everything from tpws directory to the root of the router.
 Copy tpws binary for your architecture to /usr/bin/tpws
 Set proper access rights : chmod 755 /etc/init.d/tpws /usr/bin/tpws
 EDIT /etc/config/tpws
+If you don't want ipv6 : edit /etc/nftables.d and comment lines with ipv6 redirect
 /etc/init.d/tpws enable
 /etc/init.d/tpws start
 fw4 restart
@ -39,6 +40,7 @@ Copy everything from tpws directory to the root of the router.
 Copy tpws binary for your architecture to /usr/bin/tpws
 Set proper access rights : chmod 755 /etc/init.d/tpws /usr/bin/tpws
 EDIT /etc/config/tpws
+If you don't want ipv6 : edit /etc/firewall.user and set DISABLE_IPV6=1
 /etc/init.d/tpws enable
 /etc/init.d/tpws start
 fw3 restart
--- a/init.d/openwrt-minimal/tpws/etc/firewall.user
+++ b/init.d/openwrt-minimal/tpws/etc/firewall.user
@ -1,8 +1,11 @@
+DISABLE_IPV6=0
 TP_PORT=900
 TP_USER=daemon

 EXCLUDE4="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16"
 EXCLUDE6="fc00::/7 fe80::/10"
+IPTS="iptables ip6tables"
+[ "$DISABLE_IPV6" = 1 ] && IPTS=iptables

 exists()
 {
@ -25,22 +28,22 @@ redirect()
 	redirect_port 443 $TP_PORT
 }

-for IPTABLES in iptables ip6tables; do
+for IPTABLES in $IPTS; do
 	$IPTABLES -t nat -N tpws 2>/dev/null
 	$IPTABLES -t nat -F tpws
 	redirect
 done

-for net in $EXCLUDE4
-do
+for net in $EXCLUDE4; do
 	iptables -t nat -I tpws -d $net -j RETURN
 done
-for net in $EXCLUDE6
-do
-	ip6tables -t nat -I tpws -d $net -j RETURN
-done
+[ "$DISABLE_IPV6" = 1 ] || {
+	for net in $EXCLUDE6; do
+		ip6tables -t nat -I tpws -d $net -j RETURN
+	done
+}

-for IPTABLES in iptables ip6tables; do
+for IPTABLES in $IPTS; do
 	ipt PREROUTING -t nat -j tpws
 	ipt OUTPUT -t nat -m owner ! --uid-owner $TP_USER -j tpws
 done