diff --git a/openmptcprouter/files/bin/blocklanfw b/openmptcprouter/files/bin/blocklanfw new file mode 100755 index 000000000..0f4a85367 --- /dev/null +++ b/openmptcprouter/files/bin/blocklanfw @@ -0,0 +1,76 @@ +#!/bin/sh +ss_rules_fw_drop() { + fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done + fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done +} + +ss_rules6_fw_drop() { + fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done + fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done +} + +v2r_rules_fw_drop() { + fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done + fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done +} + +v2ray_rules6_fw_drop() { + fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done + fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + while IFS=$"\n" read -r c; do + fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/') + if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then + eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + fi + done +} + +if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then + ss_rules6_fw_drop + ss_rules_fw_drop +elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then + v2r_rules_fw_drop + v2ray_rules6_fw_drop +fi