API tools faq
paste
Advertisement
Guest User

droidwall.sh

a guest
Jul 16th, 2012
292
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.93 KB | None | 0 0
raw download clone embed print report
  1. #!/system/bin/sh
  2.  
  3. IPTABLES=iptables
  4. BUSYBOX=busybox
  5. GREP=grep
  6. ECHO=echo
  7. # Try to find busybox
  8. if /data/data/com.googlecode.droidwall/app_bin/busybox_g1 --help >/dev/null 2>/dev/null ; then
  9. BUSYBOX=/data/data/com.googlecode.droidwall/app_bin/busybox_g1
  10. GREP="$BUSYBOX grep"
  11. ECHO="$BUSYBOX echo"
  12. elif busybox --help >/dev/null 2>/dev/null ;
  13. then
  14. BUSYBOX=busybox
  15. elif /system/xbin/busybox --help >/dev/null 2>/dev/null ;
  16. then
  17. BUSYBOX=/system/xbin/busybox
  18. elif /system/bin/busybox --help >/dev/null 2>/dev/null ;
  19. then
  20. BUSYBOX=/system/bin/busybox
  21. fi
  22. # Try to find grep
  23.  
  24. if ! $ECHO 1 | $GREP -q 1 >/dev/null 2>/dev/null ; then
  25. if $ECHO 1 | $BUSYBOX grep -q 1 >/dev/null 2>/dev/null ;
  26. then
  27. GREP="$BUSYBOX grep"
  28. fi
  29. # Grep is absolutely required
  30. if ! $ECHO 1 | $GREP -q 1 >/dev/null 2>/dev/null ;
  31. then
  32. $ECHO The grep command is required. DroidWall will not work.
  33. exit 1
  34. fi
  35. fi
  36. # Try to find iptables
  37. if /data/data/com.googlecode.droidwall/app_bin/iptables_armv5 --version >/dev/null 2>/dev/null ; then
  38. IPTABLES=/data/data/com.googlecode.droidwall/app_bin/iptables_armv5
  39. fi
  40. $IPTABLES --version || exit 1
  41. # Create the droidwall chains if necessary
  42. $IPTABLES -L droidwall >/dev/null 2>/dev/null || $IPTABLES --new droidwall || exit 2
  43. $IPTABLES -L droidwall-3g >/dev/null 2>/dev/null || $IPTABLES --new droidwall-3g || exit 3
  44. $IPTABLES -L droidwall-wifi >/dev/null 2>/dev/null || $IPTABLES --new droidwall-wifi || exit 4
  45. $IPTABLES -L droidwall-reject >/dev/null 2>/dev/null || $IPTABLES --new droidwall-reject || exit 5
  46. # Add droidwall chain to OUTPUT chain if necessary
  47. $IPTABLES -L OUTPUT | $GREP -q droidwall || $IPTABLES -A OUTPUT -j droidwall || exit 6
  48. # Flush existing rules
  49. $IPTABLES -F droidwall || exit 7
  50. $IPTABLES -F droidwall-3g || exit 8
  51. $IPTABLES -F droidwall-wifi || exit 9
  52. $IPTABLES -F droidwall-reject || exit 10
  53. # Create the reject rule (log disabled)
  54. $IPTABLES -A droidwall-reject -j REJECT || exit 11
  55. # Main rules (per interface)
  56. $IPTABLES -A droidwall -o rmnet+ -j droidwall-3g || exit
  57. $IPTABLES -A droidwall -o pdp+ -j droidwall-3g || exit
  58. $IPTABLES -A droidwall -o ppp+ -j droidwall-3g || exit
  59.  
  60. $IPTABLES -A droidwall -o uwbr+ -j droidwall-3g || exit
  61. $IPTABLES -A droidwall -o wimax+ -j droidwall-3g || exit
  62. $IPTABLES -A droidwall -o vsnet+ -j droidwall-3g || exit
  63. $IPTABLES -A droidwall -o ccmni+ -j droidwall-3g || exit
  64. $IPTABLES -A droidwall -o usb+ -j droidwall-3g || exit
  65. $IPTABLES -A droidwall -o tiwlan+ -j droidwall-wifi || exit
  66. $IPTABLES -A droidwall -o wlan+ -j droidwall-wifi || exit
  67. $IPTABLES -A droidwall -o eth+ -j droidwall-wifi || exit
  68. $IPTABLES -A droidwall -o ra+ -j droidwall-wifi || exit
  69. # Filtering rules
  70. # dhcp user
  71. $IPTABLES -A droidwall-wifi -m owner --uid-owner 1014 -j RETURN || exit
  72. # wifi user
  73. $IPTABLES -A droidwall-wifi -m owner --uid-owner 1010 -j RETURN || exit
  74. $IPTABLES -A droidwall-3g -j droidwall-reject || exit
  75. $IPTABLES -A droidwall-wifi -j droidwall-reject || exit
  76. Exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!