gsd
/
zapret
mirror of https://github.com/bol-van/zapret/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fw_tpws_add separate from prepare_tpws

pull/33/head
bolvan 6 years ago
parent
b1337b805b
commit
f59feffd8c
1 changed files with 15 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 28
      init.d/sysv/zapret

28
init.d/sysv/zapret
View File

@ -72,21 +72,9 @@ exists()
which $1 >/dev/null 2>/dev/null
}
prepare_tpws()
{
# $TPWS_USER is required to prevent redirection of the traffic originating from TPWS itself
# otherwise infinite loop will occur
# also its good idea not to run tpws as root
id -u $TPWS_USER >/dev/null 2>/dev/null || useradd --no-create-home --system --shell /bin/false $TPWS_USER
# otherwise linux kernel will treat 127.0.0.1 as "martian" ip and refuse routing to it
# NOTE : kernels <3.6 do not have this feature. consider upgrading or change DNAT to REDIRECT and do not bind to 127.0.0.1
for iface in /proc/sys/net/ipv4/conf/*; do sysctl -qw net.ipv4.conf.$(basename $iface).route_localnet=1; done
}
fw_tpws_add()
{
# $1 - iptable filter
prepare_tpws
echo "Adding iptables rule for tpws : $1"
[ -n "$SLAVE_ETH" ] && {
iptables -t nat -C PREROUTING -i $SLAVE_ETH -p tcp $1 -j DNAT --to 127.0.0.1:$TPPORT 2>/dev/null ||
@ -188,26 +176,40 @@ stop_daemon()
fi
}
prepare_tpws()
{
# $TPWS_USER is required to prevent redirection of the traffic originating from TPWS itself
# otherwise infinite loop will occur
# also its good idea not to run tpws as root
id -u $TPWS_USER >/dev/null 2>/dev/null || useradd --no-create-home --system --shell /bin/false $TPWS_USER
# otherwise linux kernel will treat 127.0.0.1 as "martian" ip and refuse routing to it
# NOTE : kernels <3.6 do not have this feature. consider upgrading or change DNAT to REDIRECT and do not bind to 127.0.0.1
for iface in /proc/sys/net/ipv4/conf/*; do sysctl -qw net.ipv4.conf.$(basename $iface).route_localnet=1; done
}
create_ipset()
{
echo "Creating ipset"
($IPSET_CR)
"$IPSET_CR"
}
case "$1" in
start)
case "${MODE}" in
tpws_hostlist)
prepare_tpws
fw_tpws_add "--dport 80"
run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT --hostlist=$TPWS_HOSTLIST"
;;
tpws_ipset)
create_ipset
prepare_tpws
fw_tpws_add "--dport 80 -m set --match-set zapret dst"
run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT"
;;
tpws_all)
prepare_tpws
fw_tpws_add "--dport 80"
run_daemon 1 $TPWS "$TPWS_OPT_BASE $TPWS_OPT"
;;

Write Preview
Loading…
Cancel
Save