Changeset 4878
- Timestamp:
- 06/20/09 17:30:10 (4 years ago)
- Files:
-
- 1 modified
Legend:
- Unmodified
- Added
- Removed
-
luci/trunk/contrib/package/freifunk-p2pblock/files/freifunk-p2pblock.init
r4792 r4878 20 20 config_load network 21 21 config_get wan wan ifname 22 config_load freifunk_p2pblock23 config_get layer7 p2pblock layer724 config_get ipp2p p2pblock ipp2p25 config_get portrange p2pblock portrange26 config_get blocktime p2pblock blocktime27 22 28 # load modules 29 insmod ipt_ipp2p 2>&- 30 insmod ipt_layer7 2>&- 31 insmod ipt_recent ip_list_tot=400 ip_pkt_list_tot=3 2>&- 23 if [ -n "$wan" ]; then 24 config_load freifunk_p2pblock 25 config_get layer7 p2pblock layer7 26 config_get ipp2p p2pblock ipp2p 27 config_get portrange p2pblock portrange 28 config_get blocktime p2pblock blocktime 32 29 33 # create new p2p-chain 34 iptables -N p2pblock 35 # pipe all incomming FORWARD with source-/destination-port 1024-65535 throu p2p-chain 36 ipt_add "FORWARD -i $wan -p tcp --sport $portrange --dport $portrange -j p2pblock" 37 ipt_add "FORWARD -i $wan -p udp --sport $portrange --dport $portrange -j p2pblock" 30 # load modules 31 insmod ipt_ipp2p 2>&- 32 insmod ipt_layer7 2>&- 33 insmod ipt_recent ip_list_tot=400 ip_pkt_list_tot=3 2>&- 38 34 39 # if p2p-traffic blocked 3 packages to a destination ip then block all traffic within the next 180 sec (port 1024-65535) 40 ipt_add "p2pblock -m recent --rdest --rcheck --name P2PBLOCK --seconds $blocktime --hitcount 3 -j DROP" 41 ipt_add "p2pblock -m recent --rdest --rcheck --name P2PBLOCK --seconds $blocktime --hitcount 3 -m limit --limit 1/minute -j LOG --log-prefix P2PBLOCK-DROP:" 35 # create new p2p-chain 36 iptables -N p2pblock 37 # pipe all incomming FORWARD with source-/destination-port 1024-65535 throu p2p-chain 38 ipt_add "FORWARD -i $wan -p tcp --sport $portrange --dport $portrange -j p2pblock" 39 ipt_add "FORWARD -i $wan -p udp --sport $portrange --dport $portrange -j p2pblock" 42 40 43 # create layer7-rules 44 for proto in $layer7; do 45 ipt_add "p2pblock -m layer7 --l7proto $proto -m recent --rdest --set --name P2PBLOCK" 46 ipt_add "p2pblock -m layer7 --l7proto $proto -m limit --limit 1/minute -j LOG --log-prefix P2PBLOCK-seen-$proto:" 47 done 41 # if p2p-traffic blocked 3 packages to a destination ip then block all traffic within the next 180 sec (port 1024-65535) 42 ipt_add "p2pblock -m recent --rdest --rcheck --name P2PBLOCK --seconds $blocktime --hitcount 3 -j DROP" 43 ipt_add "p2pblock -m recent --rdest --rcheck --name P2PBLOCK --seconds $blocktime --hitcount 3 -m limit --limit 1/minute -j LOG --log-prefix P2PBLOCK-DROP:" 48 44 49 # create ipp2p-rules50 for proto in $ipp2p; do51 ipt_add "p2pblock -m ipp2p --$proto -m recent --rdest --set --name P2PBLOCK"52 ipt_add "p2pblock -m ipp2p --$proto -m limit --limit 1/minute -j LOG --log-prefix P2PBLOCK-seen-$proto:"53 done45 # create layer7-rules 46 for proto in $layer7; do 47 ipt_add "p2pblock -m layer7 --l7proto $proto -m recent --rdest --set --name P2PBLOCK" 48 ipt_add "p2pblock -m layer7 --l7proto $proto -m limit --limit 1/minute -j LOG --log-prefix P2PBLOCK-seen-$proto:" 49 done 54 50 55 # insert whitelisted ips 56 for ip in $WHITELIST; do 57 ipt_add "p2pblock -d $ip -j RETURN" 58 done 51 # create ipp2p-rules 52 for proto in $ipp2p; do 53 ipt_add "p2pblock -m ipp2p --$proto -m recent --rdest --set --name P2PBLOCK" 54 ipt_add "p2pblock -m ipp2p --$proto -m limit --limit 1/minute -j LOG --log-prefix P2PBLOCK-seen-$proto:" 55 done 59 56 60 logger -s -t "$ME" 'Done.'; return 0 57 # insert whitelisted ips 58 for ip in $WHITELIST; do 59 ipt_add "p2pblock -d $ip -j RETURN" 60 done 61 61 62 logger -s -t "$ME" 'Done.'; return 0 63 else 64 logger -s -t "$ME" 'No wan interface present.'; return 0 65 fi 62 66 else 63 67 logger -s -t "$ME" 'WARNING! already running - Aborting!'; return 2 64 65 68 fi 66 69 }
