mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-23 14:53:18 +00:00
add separate IFACE_WAN6 handling for sysv and macos targets
This commit is contained in:
parent
9f303c2748
commit
3f8825e668
@ -172,8 +172,8 @@ pf_anchor_zapret_v6_tpws()
|
||||
echo "rdr on lo0 inet6 proto tcp from !::1 to any port $port -> fe80::1 port $1"
|
||||
for t in $tbl; do
|
||||
rule="route-to (lo0 fe80::1) inet6 proto tcp from !::1 to $t port $port user { >root }"
|
||||
if [ -n "$IFACE_WAN" ] ; then
|
||||
for wan in $IFACE_WAN; do
|
||||
if [ -n "${IFACE_WAN6:-$IFACE_WAN}" ] ; then
|
||||
for wan in ${IFACE_WAN6:-$IFACE_WAN}; do
|
||||
echo "pass out on $wan $rule"
|
||||
done
|
||||
else
|
||||
|
4
config
4
config
@ -66,11 +66,13 @@ FLOWOFFLOAD=donttouch
|
||||
#OPENWRT_LAN="lan lan2 lan3"
|
||||
|
||||
# for routers based on desktop linux and macos. has no effect in openwrt.
|
||||
# CHOOSE LAN and optinally WAN NETWORK INTERFACES
|
||||
# CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES
|
||||
# or leave them commented if its not router
|
||||
# it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2"
|
||||
# if IFACE_WAN6 is not defined it take the value of IFACE_WAN
|
||||
#IFACE_LAN=eth0
|
||||
#IFACE_WAN=eth1
|
||||
#IFACE_WAN6="ipsec0 wireguard0 he_net"
|
||||
|
||||
# should start/stop command of init scripts apply firewall rules ?
|
||||
# not applicable to openwrt with firewall3+iptables
|
||||
|
@ -846,9 +846,12 @@ The following settings are not relevant for openwrt :
|
||||
|
||||
If your system works as a router, then you need to enter the names of the internal and external interfaces:
|
||||
```
|
||||
IFACE_LAN = eth0
|
||||
IFACE_WAN = eth1
|
||||
IFACE_LAN=eth0
|
||||
IFACE_WAN=eth1
|
||||
IFACE_WAN6="henet ipsec0"
|
||||
```
|
||||
Multiple interfaces are space separated. IF IFACE_WAN6 is omitted then IFACE_WAN value is taken.
|
||||
|
||||
IMPORTANT: configuring routing, masquerade, etc. not a zapret task.
|
||||
Only modes that intercept transit traffic are enabled.
|
||||
It's possible to specify multiple interfaces like this : `IFACE_LAN="eth0 eth1 eth2"`
|
||||
|
@ -1032,9 +1032,13 @@ OPENWRT_LAN="lan lan2 lan3"
|
||||
|
||||
Следующие настройки не актуальны для openwrt :
|
||||
|
||||
Если ваша система работает как роутер, то нужно вписать названия внутреннего и внешнего интерфейсов :
|
||||
Если ваша система работает как роутер, то нужно вписать названия внутренних и внешних интерфейсов :
|
||||
IFACE_LAN=eth0
|
||||
IFACE_WAN=eth1
|
||||
IFACE_WAN6="henet ipsec0"
|
||||
Несколько интерфейсов могут быть вписаны через пробел.
|
||||
Если IFACE_WAN6 не задан, то берется значение IFACE_WAN.
|
||||
|
||||
ВАЖНО : настройка маршрутизации , маскарада и т.д. не входит в задачу zapret.
|
||||
Включаются только режимы, обеспечивающие перехват транзитного трафика.
|
||||
Возможно определить несколько интерфейсов следующим образом : IFACE_LAN="eth0 eth1 eth2"
|
||||
|
@ -111,7 +111,7 @@ fw_nfqws_post4()
|
||||
}
|
||||
fw_nfqws_post6()
|
||||
{
|
||||
_fw_nfqws_post6 $1 "$2" $3 "$IFACE_WAN"
|
||||
_fw_nfqws_post6 $1 "$2" $3 "${IFACE_WAN6:-$IFACE_WAN}"
|
||||
}
|
||||
fw_tpws4()
|
||||
{
|
||||
@ -119,7 +119,7 @@ fw_tpws4()
|
||||
}
|
||||
fw_tpws6()
|
||||
{
|
||||
_fw_tpws6 $1 "$2" $3 "$IFACE_LAN" "$IFACE_WAN"
|
||||
_fw_tpws6 $1 "$2" $3 "$IFACE_LAN" "${IFACE_WAN6:-$IFACE_WAN}"
|
||||
}
|
||||
nft_fw_tpws4()
|
||||
{
|
||||
@ -127,7 +127,7 @@ nft_fw_tpws4()
|
||||
}
|
||||
nft_fw_tpws6()
|
||||
{
|
||||
_nft_fw_tpws6 "$1" $2 "$IFACE_LAN" "$IFACE_WAN"
|
||||
_nft_fw_tpws6 "$1" $2 "$IFACE_LAN" "${IFACE_WAN6:-$IFACE_WAN}"
|
||||
}
|
||||
nft_fw_nfqws_post4()
|
||||
{
|
||||
@ -135,11 +135,11 @@ nft_fw_nfqws_post4()
|
||||
}
|
||||
nft_fw_nfqws_post6()
|
||||
{
|
||||
_nft_fw_nfqws_post6 "$1" $2 "$IFACE_WAN"
|
||||
_nft_fw_nfqws_post6 "$1" $2 "${IFACE_WAN6:-$IFACE_WAN}"
|
||||
}
|
||||
nft_fill_ifsets_overload()
|
||||
{
|
||||
nft_fill_ifsets "$IFACE_LAN" "$IFACE_WAN" "$IFACE_WAN"
|
||||
nft_fill_ifsets "$IFACE_LAN" "$IFACE_WAN" "${IFACE_WAN6:-$IFACE_WAN}"
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user