zapret/init.d/ubuntu12/zapret.conf

83 lines
2.8 KiB
Plaintext
Raw Normal View History

2016-02-21 17:45:20 +00:00
description "zapret"
2016-02-15 13:34:45 +00:00
start on runlevel [2345]
stop on runlevel [!2345]
# CHOOSE ISP HERE. UNCOMMENT ONLY ONE LINE.
env ISP=mns
2016-02-17 17:22:21 +00:00
#env ISP=rt
2016-02-15 13:34:45 +00:00
#env ISP=beeline
#env ISP=domru
# CHOSE NETWORK INTERFACE BEHIND NAT
env SLAVE_ETH=eth1
env QNUM=200
env TPPORT=1188
env ROUTE_TABLE_NUM=100
env NFQWS=/opt/zapret/nfq/nfqws
env TPWS=/opt/zapret/tpws/tpws
env TPWS_USER=tpws
pre-start script
/opt/zapret/ipset/create_ipset.sh
case "${ISP}" in
2016-02-17 17:22:21 +00:00
mns|rt)
2016-02-15 13:34:45 +00:00
iptables -t raw -C PREROUTING -p tcp --sport 80 --tcp-flags SYN,ACK SYN,ACK -m set --match-set zapret src -j NFQUEUE --queue-num $QNUM --queue-bypass ||
iptables -t raw -I PREROUTING -p tcp --sport 80 --tcp-flags SYN,ACK SYN,ACK -m set --match-set zapret src -j NFQUEUE --queue-num $QNUM --queue-bypass
;;
beeline)
iptables -t mangle -C POSTROUTING -p tcp --dport 80 -m set --match-set zapret dst -j NFQUEUE --queue-num $QNUM --queue-bypass ||
iptables -t mangle -I POSTROUTING -p tcp --dport 80 -m set --match-set zapret dst -j NFQUEUE --queue-num $QNUM --queue-bypass
;;
domru)
adduser --disabled-login --no-create-home --system --quiet $TPWS_USER
sysctl -w net.ipv4.conf.$SLAVE_ETH.route_localnet=1
iptables -t nat -C PREROUTING -p tcp --dport 80 -i $SLAVE_ETH -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT ||
iptables -t nat -I PREROUTING -p tcp --dport 80 -i $SLAVE_ETH -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
iptables -t nat -C OUTPUT -p tcp --dport 80 -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT ||
iptables -t nat -I OUTPUT -p tcp --dport 80 -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
;;
esac
end script
script
case "${ISP}" in
2016-02-17 17:22:21 +00:00
mns)
2016-02-15 13:34:45 +00:00
NFEXE=$NFQWS
NFARG="--qnum $QNUM --wsize=4"
;;
2016-02-17 17:22:21 +00:00
rt)
NFEXE=$NFQWS
NFARG="--qnum $QNUM --wsize=20"
;;
2016-02-15 13:34:45 +00:00
beeline)
NFEXE=$NFQWS
NFARG="--qnum $QNUM --hostcase"
;;
domru)
NFEXE=$TPWS
NFARG="--port=$TPPORT --hostcase --split-http-req=host --user=$TPWS_USER --bind-addr=127.0.0.1"
;;
esac
$NFEXE $NFARG
end script
pre-stop script
case "${ISP}" in
2016-02-17 17:22:21 +00:00
mns|rt)
2016-02-15 13:34:45 +00:00
iptables -t raw -D PREROUTING -p tcp --sport 80 --tcp-flags SYN,ACK SYN,ACK -m set --match-set zapret src -j NFQUEUE --queue-num $QNUM --queue-bypass
;;
beeline)
iptables -t mangle -D POSTROUTING -p tcp --dport 80 -m set --match-set zapret dst -j NFQUEUE --queue-num $QNUM --queue-bypass
;;
domru)
sysctl -w net.ipv4.conf.$SLAVE_ETH.route_localnet=0
iptables -t nat -D PREROUTING -p tcp --dport 80 -i $SLAVE_ETH -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
iptables -t nat -D OUTPUT -p tcp --dport 80 -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
;;
esac
end script