diff --git a/openmptcprouter/files/bin/blocklanfw b/openmptcprouter/files/bin/blocklanfw index cf507eba4..a35694dac 100755 --- a/openmptcprouter/files/bin/blocklanfw +++ b/openmptcprouter/files/bin/blocklanfw @@ -1,6 +1,6 @@ #!/bin/sh ss_rules_fw_drop() { - fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | while IFS=$"\n" read -r c; do fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then @@ -8,18 +8,18 @@ ss_rules_fw_drop() { fw=$((fw+1)) fi done - fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | while IFS=$"\n" read -r c; do fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/') if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then - eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" fw=$((fw+1)) fi done } ss_rules6_fw_drop() { - fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | while IFS=$"\n" read -r c; do fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then @@ -27,18 +27,18 @@ ss_rules6_fw_drop() { fw=$((fw+1)) fi done - fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | while IFS=$"\n" read -r c; do fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/') if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then - eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" + eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null" fw=$((fw+1)) fi done } v2r_rules_fw_drop() { - fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | while IFS=$"\n" read -r c; do fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then @@ -46,33 +46,35 @@ v2r_rules_fw_drop() { fw=$((fw+1)) fi done - fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | while IFS=$"\n" read -r c; do fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/') if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then - eval "iptables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null" + eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null" fw=$((fw+1)) fi done } v2ray_rules6_fw_drop() { - fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | while IFS=$"\n" read -r c; do fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/') if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null" fi done - fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | + timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' | while IFS=$"\n" read -r c; do fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/') if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then - eval "ip6tables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null" + eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null" fi done } +[ -n "$(pgrep blocklanfw)" ] && exit 0 +[ -z "$(iptables-save | grep zone_lan)" ] && exit 0 fw=0 if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then ss_rules6_fw_drop @@ -81,7 +83,7 @@ elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then v2r_rules_fw_drop v2ray_rules6_fw_drop fi -rule=$(fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/') +rule=$(timeout 1 fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/') eval "$rule 2>&1 >/dev/null" newrule=$(echo "$rule" | sed 's/-D PREROUTING/-I PREROUTING 1/') eval "$newrule 2>&1 >/dev/null"