openmptcprouter-feeds/openmptcprouter/files/bin/blocklanfw

#!/bin/sh
ss_rules_fw_drop() {
	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
		fi
	done
	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
		fi
	done
}

ss_rules6_fw_drop() {
	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
		fi
	done
	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
		fi
	done
}

v2r_rules_fw_drop() {
	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
		fi
	done
	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
		fi
	done
}

v2ray_rules6_fw_drop() {
	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
		fi
	done
	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
	while IFS=$"\n" read -r c; do
		fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
			eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
		fi
	done
}

if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
	ss_rules6_fw_drop
	ss_rules_fw_drop
elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then
	v2r_rules_fw_drop
	v2ray_rules6_fw_drop
fi