openmptcprouter-feeds/openmptcprouter/files/bin/blocklanfw

#!/bin/sh
ss_rules_fw_drop() {
	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
			fw=$((fw+1))
		fi
	done
	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
			fw=$((fw+1))
		fi
	done
}

ss_rules6_fw_drop() {
	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
			fw=$((fw+1))
		fi
	done
	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
			fw=$((fw+1))
		fi
	done
}

v2r_rules_fw_drop() {
	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
			fw=$((fw+1))
		fi
	done
	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
			fw=$((fw+1))
		fi
	done
}

v2ray_rules6_fw_drop() {
	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
		fi
	done
	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
		fi
	done
}

[ -n "$(pgrep blocklanfw)" ] && exit 0
[ -z "$(iptables-save | grep zone_lan)" ] && exit 0
fw=0
if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
	ss_rules6_fw_drop
	ss_rules_fw_drop
elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then
	v2r_rules_fw_drop
	v2ray_rules6_fw_drop
fi
rule=$(timeout 1 fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/')
eval "$rule 2>&1 >/dev/null"
newrule=$(echo "$rule" | sed 's/-D PREROUTING/-I PREROUTING 1/')
eval "$newrule 2>&1 >/dev/null"
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`#!/bin/sh`
			`ss_rules_fw_drop() {`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`timeout 1 fw3 -4 print 2>/dev/null \| awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' \|`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`while IFS=$"\n" read -r c; do`
			`fwrule=$(echo "$c" \| sed 's/reject/REDIRECT --to-ports 65535/')`
			`if [ -n "$fwrule" ] && [ -z "$(iptables-save \| grep zone_lan_prerouting \| grep '${fwrule}')" ]; then`
			`eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`fw=$((fw+1))`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`fi`
			`done`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`timeout 1 fw3 -4 print 2>/dev/null \| awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' \|`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`while IFS=$"\n" read -r c; do`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`fwrule=$(echo "$c" \| sed 's/DROP/REDIRECT --to-ports 65535/')`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`if [ -n "$fwrule" ] && [ -z "$(iptables-save \| grep zone_lan_prerouting \| grep '${fwrule}')" ]; then`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`fw=$((fw+1))`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`fi`
			`done`
			`}`

			`ss_rules6_fw_drop() {`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`timeout 1 fw3 -6 print 2>/dev/null \| awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' \|`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`while IFS=$"\n" read -r c; do`
			`fwrule=$(echo "$c" \| sed 's/reject/REDIRECT --to-ports 65535/')`
			`if [ -n "$fwrule" ] && [ -z "$(iptables-save \| grep zone_lan_prerouting \| grep '${fwrule}')" ]; then`
			`eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`fw=$((fw+1))`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`fi`
			`done`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`timeout 1 fw3 -6 print 2>/dev/null \| awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' \|`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`while IFS=$"\n" read -r c; do`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`fwrule=$(echo "$c" \| sed 's/DROP/REDIRECT --to-ports 65535/')`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`if [ -n "$fwrule" ] && [ -z "$(iptables-save \| grep zone_lan_prerouting \| grep '${fwrule}')" ]; then`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`fw=$((fw+1))`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`fi`
			`done`
			`}`

			`v2r_rules_fw_drop() {`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`timeout 1 fw3 -4 print 2>/dev/null \| awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' \|`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`while IFS=$"\n" read -r c; do`
			`fwrule=$(echo "$c" \| sed 's/reject/REDIRECT --to-ports 65535/')`
			`if [ -n "$fwrule" ] && [ -z "$(iptables-save \| grep zone_lan_prerouting \| grep '${fwrule}')" ]; then`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"`
			`fw=$((fw+1))`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`fi`
			`done`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`timeout 1 fw3 -4 print 2>/dev/null \| awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' \|`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`while IFS=$"\n" read -r c; do`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`fwrule=$(echo "$c" \| sed 's/DROP/REDIRECT --to-ports 65535/')`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`if [ -n "$fwrule" ] && [ -z "$(iptables-save \| grep zone_lan_prerouting \| grep '${fwrule}')" ]; then`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`fw=$((fw+1))`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`fi`
			`done`
			`}`

			`v2ray_rules6_fw_drop() {`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`timeout 1 fw3 -6 print 2>/dev/null \| awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' \|`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`while IFS=$"\n" read -r c; do`
			`fwrule=$(echo "$c" \| sed 's/reject/REDIRECT --to-ports 65535/')`
			`if [ -n "$fwrule" ] && [ -z "$(iptables-save \| grep zone_lan_prerouting \| grep '${fwrule}')" ]; then`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`fi`
			`done`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`timeout 1 fw3 -6 print 2>/dev/null \| awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' \|`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`while IFS=$"\n" read -r c; do`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`fwrule=$(echo "$c" \| sed 's/DROP/REDIRECT --to-ports 65535/')`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`if [ -n "$fwrule" ] && [ -z "$(iptables-save \| grep zone_lan_prerouting \| grep '${fwrule}')" ]; then`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`fi`
			`done`
			`}`

Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`[ -n "$(pgrep blocklanfw)" ] && exit 0`
			`[ -z "$(iptables-save \| grep zone_lan)" ] && exit 0`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`fw=0`
Add blocklanfw file 2021-06-17 15:02:34 +00:00			`if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then`
			`ss_rules6_fw_drop`
			`ss_rules_fw_drop`
			`elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then`
			`v2r_rules_fw_drop`
			`v2ray_rules6_fw_drop`
			`fi`
Add timeout on block lan fw 2021-08-30 19:46:52 +00:00			`rule=$(timeout 1 fw3 -4 print \| grep 'A PREROUTING' \| grep zone_lan_prerouting \| sed 's/-A PREROUTING/-D PREROUTING/')`
Fix block lan fw 2021-06-18 18:13:59 +00:00			`eval "$rule 2>&1 >/dev/null"`
			`newrule=$(echo "$rule" \| sed 's/-D PREROUTING/-I PREROUTING 1/')`
			`eval "$newrule 2>&1 >/dev/null"`