mirror of
https://github.com/gSpotx2f/ruantiblock_openwrt.git
synced 2026-05-14 06:30:59 +00:00
Scripts moved to /usr/share/ruantiblock.
This commit is contained in:
gSpot
@@ -1,24 +0,0 @@
|
||||
AWK_CMD="awk"
|
||||
UCI_SECTION="ruantiblock.config"
|
||||
UCI_VARS="proxy_mode proxy_local_clients nftset_clear_sets allowed_hosts_mode allowed_hosts_list if_vpn tor_trans_port tor_allow_udp onion_dns_addr t_proxy_port_tcp t_proxy_port_udp t_proxy_allow_udp add_user_entries user_entries_dns enable_logging bllist_min_entries bllist_module bllist_preset bllist_ip_limit bllist_gr_excluded_nets bllist_summarize_ip bllist_summarize_cidr bllist_ip_filter bllist_ip_filter_type bllist_sd_limit bllist_gr_excluded_sld bllist_fqdn_filter bllist_fqdn_filter_type bllist_enable_idn bllist_alt_nslookup bllist_alt_dns_addr update_at_startup"
|
||||
|
||||
eval `uci show "$UCI_SECTION" | $AWK_CMD -F "=" -v UCI_VARS="$UCI_VARS" '
|
||||
BEGIN {
|
||||
split(UCI_VARS, split_array, " ");
|
||||
for(i in split_array)
|
||||
vars_array[split_array[i]]="";
|
||||
}
|
||||
{
|
||||
sub(/^.*[.]/, "", $1);
|
||||
gsub(/["\047]/, "", $2);
|
||||
if($1 in vars_array) {
|
||||
print toupper($1) "=\"" $2 "\"";
|
||||
delete vars_array[$1];
|
||||
};
|
||||
}
|
||||
END {
|
||||
if(length(vars_array) > 0) {
|
||||
for(i in vars_array)
|
||||
print toupper(i) "=\"""\"";
|
||||
};
|
||||
}'`
|
||||
@@ -1,34 +0,0 @@
|
||||
Info() {
|
||||
local _update_status
|
||||
if [ -f "$UPDATE_STATUS_FILE" ]; then
|
||||
_update_status=`$AWK_CMD '{
|
||||
if(NF < 4)
|
||||
printf "{\"status\":false}";
|
||||
else
|
||||
printf "{\"status\":true,\"date\":\""$4"\",\"cidr\":\""$1"\",\"ip\":\""$2"\",\"fqdn\":\""$3"\"}";
|
||||
}' "$UPDATE_STATUS_FILE"`
|
||||
else
|
||||
_update_status="{\"status\":false}"
|
||||
fi
|
||||
NftListBllistChainJson 2> /dev/null | $AWK_CMD -v UPDATE_STATUS="$_update_status" '
|
||||
BEGIN {
|
||||
rules_str = "";
|
||||
}
|
||||
{
|
||||
rules_str = rules_str $0;
|
||||
}
|
||||
END {
|
||||
if(NR == 0) {
|
||||
printf "{\"status\": \"disabled\"}";
|
||||
exit 1;
|
||||
} else {
|
||||
printf "{\"status\":\"enabled\",\"last_blacklist_update\":%s,\"rules\":%s", UPDATE_STATUS, rules_str;
|
||||
exit 0;
|
||||
};
|
||||
}'
|
||||
if [ $? -eq 0 ]; then
|
||||
printf ",\"dnsmasq\":"
|
||||
$NFT_CMD -j list set $NFT_TABLE "$NFTSET_DNSMASQ" 2> /dev/null
|
||||
printf "}"
|
||||
fi
|
||||
}
|
||||
@@ -1,118 +0,0 @@
|
||||
IP_CMD="ip"
|
||||
NFT_ALLOWED_HOSTS_CHAIN="allowed_hosts"
|
||||
NFT_BLLIST_CHAIN="blacklist"
|
||||
NFT_ACTION_CHAIN="action"
|
||||
NFT_LOCAL_CLIENTS_CHAIN="local_clients"
|
||||
VPN_ROUTE_TABLE_ID=99
|
||||
|
||||
if [ "$PROXY_MODE" = "2" ]; then
|
||||
MAIN_CHAIN_TYPE="type filter hook prerouting priority -160; policy accept;"
|
||||
LOCAL_CLIENTS_CHAIN_TYPE="type route hook output priority -160; policy accept;"
|
||||
else
|
||||
MAIN_CHAIN_TYPE="type nat hook prerouting priority -110; policy accept;"
|
||||
LOCAL_CLIENTS_CHAIN_TYPE="type nat hook output priority -110; policy accept;"
|
||||
fi
|
||||
|
||||
case "$ALLOWED_HOSTS_MODE" in
|
||||
"1")
|
||||
IPT_ALLOWED_HOSTS_RULE="ip saddr @${NFTSET_ALLOWED_HOSTS} jump ${NFT_BLLIST_CHAIN}"
|
||||
;;
|
||||
"2")
|
||||
IPT_ALLOWED_HOSTS_RULE="ip saddr != @${NFTSET_ALLOWED_HOSTS} jump ${NFT_BLLIST_CHAIN}"
|
||||
;;
|
||||
*)
|
||||
IPT_ALLOWED_HOSTS_RULE="jump ${NFT_BLLIST_CHAIN}"
|
||||
;;
|
||||
esac
|
||||
|
||||
NftCmdWrapper() {
|
||||
local _i=0 _attempts=10 _return_code=1
|
||||
while [ $_i -lt $_attempts ]
|
||||
do
|
||||
if $*; then
|
||||
_return_code=$?
|
||||
break
|
||||
fi
|
||||
_i=`expr $_i + 1`
|
||||
done
|
||||
return $_return_code
|
||||
}
|
||||
|
||||
NftVpnRouteDelete() {
|
||||
$IP_CMD route flush table $VPN_ROUTE_TABLE_ID
|
||||
$IP_CMD rule del table $VPN_ROUTE_TABLE_ID
|
||||
}
|
||||
|
||||
NftVpnRouteAdd() {
|
||||
VPN_IP=`$IP_CMD addr list dev $IF_VPN 2> /dev/null | $AWK_CMD '/inet/{sub("/[0-9]{1,2}$", "", $2); print $2; exit}'`
|
||||
if [ -n "$VPN_IP" ]; then
|
||||
echo 0 > /proc/sys/net/ipv4/conf/$IF_VPN/rp_filter
|
||||
NftVpnRouteDelete 2> /dev/null
|
||||
$IP_CMD rule add fwmark $VPN_PKTS_MARK table $VPN_ROUTE_TABLE_ID priority 1000
|
||||
$IP_CMD route add default via $VPN_IP table $VPN_ROUTE_TABLE_ID
|
||||
fi
|
||||
}
|
||||
|
||||
NftVpnRouteStatus() {
|
||||
[ -n "`$IP_CMD route show table $VPN_ROUTE_TABLE_ID 2> /dev/null`" ] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
NftMainAdd() {
|
||||
local _nft_sets="${NFTSET_CIDR} ${NFTSET_IP} ${NFTSET_DNSMASQ}" _set
|
||||
$NFT_CMD add chain $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN" { $LOCAL_CLIENTS_CHAIN_TYPE }
|
||||
$NFT_CMD add chain $NFT_TABLE "$NFT_ACTION_CHAIN"
|
||||
$NFT_CMD add chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
|
||||
$NFT_CMD add chain $NFT_TABLE "$NFT_ALLOWED_HOSTS_CHAIN" { $MAIN_CHAIN_TYPE }
|
||||
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ALLOWED_HOSTS_CHAIN" $IPT_ALLOWED_HOSTS_RULE
|
||||
if [ "$PROXY_MODE" = "2" ]; then
|
||||
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_CHAIN" mark set $VPN_PKTS_MARK
|
||||
elif [ "$PROXY_MODE" = "3" ]; then
|
||||
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_CHAIN" tcp dport { 0-65535 } redirect to $T_PROXY_PORT_TCP
|
||||
if [ "$T_PROXY_ALLOW_UDP" = "1" ]; then
|
||||
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_CHAIN" udp dport { 0-65535 } redirect to $T_PROXY_PORT_UDP
|
||||
fi
|
||||
else
|
||||
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_CHAIN" tcp dport { 0-65535 } redirect to $TOR_TRANS_PORT
|
||||
if [ "$TOR_ALLOW_UDP" = "1" ]; then
|
||||
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_CHAIN" udp dport { 0-65535 } redirect to $TOR_TRANS_PORT
|
||||
fi
|
||||
_nft_sets="${NFTSET_ONION} ${_nft_sets}"
|
||||
fi
|
||||
for _set in $_nft_sets
|
||||
do
|
||||
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" ip daddr "@${_set}" counter goto "$NFT_ACTION_CHAIN"
|
||||
done
|
||||
if [ "$PROXY_MODE" = "2" ]; then
|
||||
NftVpnRouteAdd
|
||||
fi
|
||||
}
|
||||
|
||||
NftMainDelete() {
|
||||
$NFT_CMD flush chain $NFT_TABLE "$NFT_ALLOWED_HOSTS_CHAIN"
|
||||
$NFT_CMD delete chain $NFT_TABLE "$NFT_ALLOWED_HOSTS_CHAIN"
|
||||
$NFT_CMD flush chain $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN"
|
||||
$NFT_CMD delete chain $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN"
|
||||
$NFT_CMD flush chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
|
||||
$NFT_CMD delete chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
|
||||
$NFT_CMD flush chain $NFT_TABLE "$NFT_ACTION_CHAIN"
|
||||
$NFT_CMD delete chain $NFT_TABLE "$NFT_ACTION_CHAIN"
|
||||
NftVpnRouteDelete 2> /dev/null
|
||||
}
|
||||
|
||||
NftLocalClientsAdd() {
|
||||
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN" jump "$NFT_BLLIST_CHAIN"
|
||||
}
|
||||
|
||||
NftListBllistChain() {
|
||||
$NFT_CMD -t list chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
|
||||
}
|
||||
|
||||
NftListBllistChainJson() {
|
||||
$NFT_CMD -t -j list chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
|
||||
}
|
||||
|
||||
NftReturnStatus() {
|
||||
$NFT_CMD -c add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" continue &> /dev/null
|
||||
return $?
|
||||
}
|
||||
Reference in New Issue
Block a user