mirror of
https://github.com/bol-van/zapret.git
synced 2024-12-23 14:53:18 +00:00
blockcheck: separate LINKLOCAL and LOCALHOST
This commit is contained in:
parent
353d34a425
commit
f892b625d2
@ -128,12 +128,12 @@ mpf_tpws_anchor()
|
|||||||
# $1 - port
|
# $1 - port
|
||||||
case "$IPV" in
|
case "$IPV" in
|
||||||
4)
|
4)
|
||||||
echo "rdr pass on $LO_IFACE inet proto tcp from \!127.0.0.0/8 to any port $1 -> $LOCALHOST port $TPPORT"
|
echo "rdr pass on $LO_IFACE inet proto tcp from \!127.0.0.0/8 to any port $1 -> $LINKLOCAL port $TPPORT"
|
||||||
echo "pass out route-to ($LO_IFACE $LOCALHOST) inet proto tcp from any to any port $1 user { >root }"
|
echo "pass out route-to ($LO_IFACE $LINKLOCAL) inet proto tcp from any to any port $1 user { >root }"
|
||||||
;;
|
;;
|
||||||
6)
|
6)
|
||||||
echo "rdr pass on $LO_IFACE inet6 proto tcp from \!::1 to any port $1 -> $LOCALHOST port $TPPORT"
|
echo "rdr pass on $LO_IFACE inet6 proto tcp from \!::1 to any port $1 -> $LINKLOCAL port $TPPORT"
|
||||||
echo "pass out route-to ($LO_IFACE $LOCALHOST) inet6 proto tcp from any to any port $1 user { >root }"
|
echo "pass out route-to ($LO_IFACE $LINKLOCAL) inet6 proto tcp from any to any port $1 user { >root }"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
@ -373,7 +373,7 @@ curl_translate_code()
|
|||||||
curl_supports_tls13()
|
curl_supports_tls13()
|
||||||
{
|
{
|
||||||
local r
|
local r
|
||||||
curl --tlsv1.3 -Is -o /dev/null http://$LOCALHOST_IPT:65535 2>/dev/null
|
curl --tlsv1.3 -Is -o /dev/null http://127.0.0.1:65535 2>/dev/null
|
||||||
# return code 2 = init failed. likely bad command line options
|
# return code 2 = init failed. likely bad command line options
|
||||||
[ $? = 2 ] && return 1
|
[ $? = 2 ] && return 1
|
||||||
# curl can have tlsv1.3 key present but ssl library without TLS 1.3 support
|
# curl can have tlsv1.3 key present but ssl library without TLS 1.3 support
|
||||||
@ -388,7 +388,7 @@ curl_supports_tlsmax()
|
|||||||
# supported only in OpenSSL and LibreSSL
|
# supported only in OpenSSL and LibreSSL
|
||||||
curl --version | grep -Fq -e OpenSSL -e LibreSSL -e GnuTLS || return 1
|
curl --version | grep -Fq -e OpenSSL -e LibreSSL -e GnuTLS || return 1
|
||||||
# supported since curl 7.54
|
# supported since curl 7.54
|
||||||
curl --tls-max 1.2 -Is -o /dev/null http://$LOCALHOST_IPT:65535 2>/dev/null
|
curl --tls-max 1.2 -Is -o /dev/null http://127.0.0.1:65535 2>/dev/null
|
||||||
# return code 2 = init failed. likely bad command line options
|
# return code 2 = init failed. likely bad command line options
|
||||||
[ $? != 2 ]
|
[ $? != 2 ]
|
||||||
}
|
}
|
||||||
@ -584,7 +584,7 @@ pktws_start()
|
|||||||
}
|
}
|
||||||
tpws_start()
|
tpws_start()
|
||||||
{
|
{
|
||||||
"$TPWS" --uid $TPWS_UID:$TPWS_GID --bind-addr=$LOCALHOST%$LO_IFACE --port=$TPPORT "$@" >/dev/null &
|
"$TPWS" --uid $TPWS_UID:$TPWS_GID --bind-addr=$LINKLOCAL%$LO_IFACE --port=$TPPORT "$@" >/dev/null &
|
||||||
PID=$!
|
PID=$!
|
||||||
# give some time to initialize
|
# give some time to initialize
|
||||||
minsleep
|
minsleep
|
||||||
@ -924,13 +924,17 @@ configure_ip_version()
|
|||||||
{
|
{
|
||||||
if [ "$IPV" = 6 ]; then
|
if [ "$IPV" = 6 ]; then
|
||||||
LOCALHOST=::1
|
LOCALHOST=::1
|
||||||
[ "$UNAME" = Darwin ] && LOCALHOST=fe80::1
|
|
||||||
LOCALHOST_IPT=[${LOCALHOST}]
|
LOCALHOST_IPT=[${LOCALHOST}]
|
||||||
|
LINKLOCAL=$LOCALHOST
|
||||||
|
[ "$UNAME" = Darwin ] && LINKLOCAL=fe80::1
|
||||||
|
LINKLOCAL_IPT=[${LINKLOCAL}]
|
||||||
IPVV=6
|
IPVV=6
|
||||||
else
|
else
|
||||||
IPTABLES=iptables
|
IPTABLES=iptables
|
||||||
LOCALHOST=127.0.0.1
|
LOCALHOST=127.0.0.1
|
||||||
LOCALHOST_IPT=$LOCALHOST
|
LOCALHOST_IPT=$LOCALHOST
|
||||||
|
LINKLOCAL=$LOCALHOST
|
||||||
|
LINKLOCAL_IPT=$LINKLOCAL
|
||||||
IPVV=
|
IPVV=
|
||||||
fi
|
fi
|
||||||
IPTABLES=ip${IPVV}tables
|
IPTABLES=ip${IPVV}tables
|
||||||
|
Loading…
Reference in New Issue
Block a user