gsd
/
zapret
mirror of https://github.com/bol-van/zapret/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

init functions : add QNUM parameter

pull/33/head
bolvan 6 years ago
parent
34f1ca1192
commit
ea5d008ee4
2 changed files with 28 additions and 24 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      init.d/openwrt/functions
  2. 26
      init.d/sysv/functions

26
init.d/openwrt/functions
View File

@ -116,6 +116,7 @@ fw_nfqws_pre()
{
# $1 - filter ipv4
# $2 - filter ipv6
# $3 - queue number
local DEVICE wan_iface
@ -123,14 +124,14 @@ fw_nfqws_pre()
network_find_wan_all wan_iface
for ext_iface in $wan_iface; do
network_get_device DEVICE $ext_iface
ipt PREROUTING -t raw -i $DEVICE -p tcp $1 -j NFQUEUE --queue-num $QNUM --queue-bypass
ipt PREROUTING -t raw -i $DEVICE -p tcp $1 -j NFQUEUE --queue-num $3 --queue-bypass
done
}
[ "$DISABLE_IPV6" = "1" ] || {
network_find_wan6_all wan_iface
for ext_iface in $wan_iface; do
network_get_device DEVICE $ext_iface
ipt6 PREROUTING -t raw -i $DEVICE -p tcp $2 -j NFQUEUE --queue-num $QNUM --queue-bypass
ipt6 PREROUTING -t raw -i $DEVICE -p tcp $2 -j NFQUEUE --queue-num $3 --queue-bypass
done
}
}
@ -138,6 +139,7 @@ fw_nfqws_post()
{
# $1 - filter ipv4
# $2 - filter ipv6
# $3 - queue number
local DEVICE wan_iface
@ -145,14 +147,14 @@ fw_nfqws_post()
network_find_wan_all wan_iface
for ext_iface in $wan_iface; do
network_get_device DEVICE $ext_iface
ipt POSTROUTING -t mangle -o $DEVICE -p tcp $1 -j NFQUEUE --queue-num $QNUM --queue-bypass
ipt POSTROUTING -t mangle -o $DEVICE -p tcp $1 -j NFQUEUE --queue-num $3 --queue-bypass
done
}
[ "$DISABLE_IPV6" = "1" ] || {
network_find_wan6_all wan_iface
for ext_iface in $wan_iface; do
network_get_device DEVICE $ext_iface
ipt6 POSTROUTING -t mangle -o $DEVICE -p tcp $2 -j NFQUEUE --queue-num $QNUM --queue-bypass
ipt6 POSTROUTING -t mangle -o $DEVICE -p tcp $2 -j NFQUEUE --queue-num $3 --queue-bypass
done
}
}
@ -220,21 +222,21 @@ zapret_apply_firewall()
;;
nfqws_ipset)
create_ipset no-update
fw_nfqws_pre "--sport 80 -m set --match-set zapret src" "--sport 80 -m set --match-set zapret6 src"
fw_nfqws_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
fw_nfqws_pre "--sport 80 -m set --match-set zapret src" "--sport 80 -m set --match-set zapret6 src" $QNUM
fw_nfqws_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $QNUM
;;
nfqws_ipset_https)
create_ipset no-update
fw_nfqws_pre "-m multiport --sports 80,443 -m set --match-set zapret src" "-m multiport --sports 80,443 -m set --match-set zapret6 src"
fw_nfqws_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
fw_nfqws_pre "-m multiport --sports 80,443 -m set --match-set zapret src" "-m multiport --sports 80,443 -m set --match-set zapret6 src" $QNUM
fw_nfqws_post "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $QNUM
;;
nfqws_all)
fw_nfqws_pre "--sport 80" "--sport 80"
fw_nfqws_post "--dport 80" "--dport 80"
fw_nfqws_pre "--sport 80" "--sport 80" $QNUM
fw_nfqws_post "--dport 80" "--dport 80" $QNUM
;;
nfqws_all_https)
fw_nfqws_pre "-m multiport --sports 80,443" "-m multiport --sports 80,443"
fw_nfqws_post "--dport 80" "--dport 80"
fw_nfqws_pre "-m multiport --sports 80,443" "-m multiport --sports 80,443" $QNUM
fw_nfqws_post "--dport 80" "--dport 80" $QNUM
;;
ipset)
create_ipset no-update

26
init.d/sysv/functions
View File

@ -185,13 +185,14 @@ fw_nfqws_pre()
# $1 - 1 - add, 0 - del
# $2 - iptable filter for ipv4
# $3 - iptable filter for ipv6
# $4 - queue number
[ "$DISABLE_IPV4" = "1" ] || {
print_op $1 "$2" "nfqws prerouting"
ipt_add_del $1 PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $2 -j NFQUEUE --queue-num $QNUM --queue-bypass
ipt_add_del $1 PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $2 -j NFQUEUE --queue-num $4 --queue-bypass
}
[ "$DISABLE_IPV6" = "1" ] || {
print_op $1 "$3" "nfqws prerouting" 6
ipt6_add_del $1 PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $3 -j NFQUEUE --queue-num $QNUM --queue-bypass
ipt6_add_del $1 PREROUTING -t raw $IPT_IWAN -p tcp --tcp-flags SYN,ACK SYN,ACK $3 -j NFQUEUE --queue-num $4 --queue-bypass
}
}
fw_nfqws_post()
@ -199,13 +200,14 @@ fw_nfqws_post()
# $1 - 1 - add, 0 - del
# $2 - iptable filter for ipv4
# $3 - iptable filter for ipv6
# $4 - queue number
[ "$DISABLE_IPV4" = "1" ] || {
print_op $1 "$2" "nfqws postrouting"
ipt_add_del $1 POSTROUTING -t mangle $IPT_OWAN -p tcp $2 -j NFQUEUE --queue-num $QNUM --queue-bypass
ipt_add_del $1 POSTROUTING -t mangle $IPT_OWAN -p tcp $2 -j NFQUEUE --queue-num $4 --queue-bypass
}
[ "$DISABLE_IPV6" = "1" ] || {
print_op $1 "$3" "nfqws postrouting" 6
ipt6_add_del $1 POSTROUTING -t mangle $IPT_OWAN -p tcp $3 -j NFQUEUE --queue-num $QNUM --queue-bypass
ipt6_add_del $1 POSTROUTING -t mangle $IPT_OWAN -p tcp $3 -j NFQUEUE --queue-num $4 --queue-bypass
}
}
@ -328,21 +330,21 @@ zapret_do_firewall()
;;
nfqws_ipset)
[ "$1" = "1" ] && create_ipset
fw_nfqws_pre $1 "--sport 80 -m set --match-set zapret src" "--sport 80 -m set --match-set zapret6 src"
fw_nfqws_post $1 "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
fw_nfqws_pre $1 "--sport 80 -m set --match-set zapret src" "--sport 80 -m set --match-set zapret6 src" $QNUM
fw_nfqws_post $1 "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $QNUM
;;
nfqws_ipset_https)
[ "$1" = "1" ] && create_ipset
fw_nfqws_pre $1 "-m multiport --sports 80,443 -m set --match-set zapret src" "-m multiport --sports 80,443 -m set --match-set zapret6 src"
fw_nfqws_post $1 "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst"
fw_nfqws_pre $1 "-m multiport --sports 80,443 -m set --match-set zapret src" "-m multiport --sports 80,443 -m set --match-set zapret6 src" $QNUM
fw_nfqws_post $1 "--dport 80 -m set --match-set zapret dst" "--dport 80 -m set --match-set zapret6 dst" $QNUM
;;
nfqws_all)
fw_nfqws_pre $1 "--sport 80" "--sport 80"
fw_nfqws_post $1 "--dport 80" "--dport 80"
fw_nfqws_pre $1 "--sport 80" "--sport 80" $QNUM
fw_nfqws_post $1 "--dport 80" "--dport 80" $QNUM
;;
nfqws_all_https)
fw_nfqws_pre $1 "-m multiport --sports 80,443" "-m multiport --sports 80,443"
fw_nfqws_post $1 "--dport 80" "--dport 80"
fw_nfqws_pre $1 "-m multiport --sports 80,443" "-m multiport --sports 80,443" $QNUM
fw_nfqws_post $1 "--dport 80" "--dport 80" $QNUM
;;
ipset)
[ "$1" != "1" ] || create_ipset

Write Preview
Loading…
Cancel
Save