gsd
/
zapret
mirror of https://github.com/bol-van/zapret/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
195 Commits
1 Branch
23 Tags
188 MiB
 
 
 
Tree: 2acd50e130
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2acd50e130'
${ noResults }
zapret/init.d/openwrt/firewall.user.tpws_ipset_https

27 lines
1.3 KiB
Raw Blame History

TPPORT_HTTP=1188
TPPORT_HTTPS=1189
TPWS_USER=daemon
IPT_FILTER_HTTP="-p tcp --dport 80 -m set --match-set zapret dst"
IPT_FILTER_HTTPS="-p tcp --dport 443 -m set --match-set zapret dst"
. /lib/functions/network.sh
network_find_wan wan_iface
for ext_iface in $wan_iface; do
network_get_device DEVICE $ext_iface
# DNAT for local traffic
iptables -t nat -C OUTPUT -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP ||
iptables -t nat -I OUTPUT -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP
iptables -t nat -C OUTPUT -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTPS -j DNAT --to 127.0.0.1:$TPPORT_HTTPS ||
iptables -t nat -I OUTPUT -o $DEVICE -m owner ! --uid-owner $TPWS_USER $IPT_FILTER_HTTPS -j DNAT --to 127.0.0.1:$TPPORT_HTTPS
done
network_get_device DEVICE lan
sysctl -w net.ipv4.conf.$DEVICE.route_localnet=1
iptables -t nat -C prerouting_lan_rule $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP ||
iptables -t nat -I prerouting_lan_rule $IPT_FILTER_HTTP -j DNAT --to 127.0.0.1:$TPPORT_HTTP
iptables -t nat -C prerouting_lan_rule $IPT_FILTER_HTTPS -j DNAT --to 127.0.0.1:$TPPORT_HTTPS ||
iptables -t nat -I prerouting_lan_rule $IPT_FILTER_HTTPS -j DNAT --to 127.0.0.1:$TPPORT_HTTPS