API tools faq
paste
Advertisement
rs232

p2partisan 3.01

rs232
Aug 28th, 2014
347
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 19.64 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. #
  3. # p2partisan v3.01 (28/08/2014)
  4. #
  5. # <CONFIGURATION> ###########################################
  6. # Adjust location where the files are kept
  7. P2Partisandir=/cifs1/p2partisan
  8. #
  9. # Edit the file "blacklists" to customise if needed
  10. # Edit the "whitelist" to overwrite the blacklist if needed
  11. #
  12. # Enable logging? Use only for troubleshooting. 0=off 1=on
  13. syslogs=1
  14. # Maximum number of logs to be recorded in a given 60 min
  15. # Consider set this very low (like 3 or 6) once your are
  16. # happy with the installation. To troubleshoot blocked
  17. # connection close all the secondary traffic e.g. p2p
  18. # and try a connection to the blocked site/port you should
  19. # find a reference in the logs.
  20. maxloghour=1
  21. #
  22. # What do you want to block?
  23. # 1) Input (Router only, running transmission?)
  24. # 2) LAN (LAN clients only)
  25. # 3) Both *default
  26. protection=3
  27. #
  28. # ports to be whitelisted. Whitelisted ports will never be
  29. # blocked no matter what the source/destination IP is.
  30. # This is very important if you're running a service like
  31. # e.g. SMTP/HTTP/IMAP/else. Separate value in the list below
  32. # with commas - NOTE: Leave 80 and 443 untouched, add custom ports only
  33. # you might want to add remote admin and VPN ports here if any.
  34. # Standard iptables syntax, individual ports divided by "," and ":" to
  35. # define a range e.g. "80,443,2100:2130". Do not whitelist you P2P client!
  36. whiteports="21,25,53,80,123,443,1194:1196"
  37. #
  38. # Fastrouting will process the IP classes very quickly but use
  39. # Lot of resources. If you disable the effect is transparent
  40. # but the full process will take minutes rather than seconds
  41. # 0=disabled 1=enabled
  42. fastroutine=1
  43. #
  44. # Enable check on script availability to help autorun
  45. # E.g. wait for the file to be available in cifs before run it
  46. # instead of quit with a file missing error
  47. autorun_availability_check=1
  48. #
  49. # Schedule updates? (once a week is plenty)
  50. schedule="30 4 * * 1"
  51. #
  52. testip="8.8.8.8"
  53. # </CONFIGURATION> ###########################################
  54.  
  55. # Wait until Internet is available
  56.     while :
  57.     do
  58.         ping -c 3 $testip >/dev/null 2>&1
  59.         if [ $? = 0 ]; then
  60.             break
  61.         fi
  62.         sleep 2
  63.     done
  64.  
  65. pidfile=/var/run/p2partisan.pid
  66. cd $P2Partisandir
  67. version=`head -3 ./p2partisan.sh | tail -1 | cut -f 3- -d " "`
  68.  
  69. alias ipset='/bin/nice -n19 /usr/sbin/ipset'
  70. alias sed='/bin/nice -n19 /bin/sed'
  71. alias iptables='/usr/sbin/iptables'
  72. alias service='/sbin/service'
  73. alias plog='logger -t P2PARTISAN -s'
  74. now=`date +"%H:%M:%S - %d/%m/%y"`
  75. wanif=`nvram get wan_ifname`
  76. lanif=`nvram get lan_ifname`
  77.  
  78.  
  79. psoftstop() {
  80.     ./iptables-del 2> /dev/null
  81.     plog "Stopping P2Partisan"
  82.     [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
  83. }
  84.  
  85. pblock() {
  86.     plog "P2PArtisan: Applying paranoia block"
  87.     iptables -N PARANOIA-DROP 2> /dev/null
  88.    
  89.     whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
  90.         a=1
  91.         b=8
  92.         rounds=`echo $(( $whiteports_number / $b ))`
  93.         if [ $rounds -eq 0 ]; then rounds="1"; fi
  94.     while [ $rounds -gt 0 ]
  95.     do
  96.         w=`echo $whiteports | cut -d"," -f $a-$b`
  97.         a=`echo $(( $a + $b ))`
  98.         b=`echo $(( $b + $b ))`
  99. whitep="${whitep}iptables -A PARANOIA-DROP -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
  100. iptables -A PARANOIA-DROP -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
  101. iptables -A PARANOIA-DROP -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
  102. iptables -A PARANOIA-DROP -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
  103. "
  104.     rounds=`echo $(( $rounds - 1 ))`
  105.     done
  106.  
  107.     iptables -A PARANOIA-DROP -m limit --limit $maxloghour/hour --limit-burst 5 -j LOG --log-prefix "P2Partisan Rejected (paranoia): " --log-level 1 2> /dev/null
  108.     iptables -A PARANOIA-DROP -j DROP
  109.     iptables -I wanin 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  110.     iptables -I wanout 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  111.     iptables -I INPUT 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  112.     iptables -I OUTPUT 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  113. }
  114.  
  115. punblock() {
  116.     while iptables -L wanin 2> /dev/null | grep "PARANOIA-DROP"
  117.     do
  118.         iptables -D wanin -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  119.     done
  120.     while iptables -L wanout 2> /dev/null | grep "PARANOIA-DROP"
  121.     do
  122.         iptables -D wanout -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  123.     done
  124.     while iptables -L OUTPUT 2> /dev/null | grep "PARANOIA-DROP"
  125.     do
  126.         iptables -D OUTPUT -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  127.     done
  128.     while iptables -L INPUT 2> /dev/null | grep "PARANOIA-DROP"
  129.     do
  130.         iptables -D INPUT -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  131.     done
  132.     iptables -F PARANOIA-DROP 2> /dev/null && plog "P2PArtisan: Removing paranoia block"
  133.     iptables -X PARANOIA-DROP 2> /dev/null
  134. }
  135.  
  136. pforcestop() {
  137.     while iptables -L wanin 2> /dev/null | grep P2PARTISAN-IN
  138.     do
  139.         iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  140.     done
  141.     while iptables -L wanout 2> /dev/null | grep P2PARTISAN-OUT
  142.     do
  143.         iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  144.     done
  145.     while iptables -L INPUT | grep P2PARTISAN-IN
  146.     do
  147.         iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  148.     done
  149.     while iptables -L INPUT | grep P2PARTISAN-OUT
  150.     do
  151.         iptables -D INPUT -i $lanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  152.     done
  153.     while iptables -L OUTPUT | grep P2PARTISAN-OUT
  154.     do
  155.         iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  156.     done
  157.     iptables -F P2PARTISAN-DROP-IN 2> /dev/null
  158.     iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
  159.     iptables -F P2PARTISAN-IN 2> /dev/null
  160.     iptables -F P2PARTISAN-OUT 2> /dev/null
  161.     iptables -X P2PARTISAN-DROP-IN 2> /dev/null
  162.     iptables -X P2PARTISAN-DROP-OUT 2> /dev/null   
  163.     iptables -X P2PARTISAN-IN 2> /dev/null
  164.     iptables -X P2PARTISAN-OUT 2> /dev/null
  165.     ipset -F
  166.     for i in `ipset --list | grep Name | cut -f2 -d ":" `; do
  167.         ipset -X $i
  168.     done
  169.     chmod 777 ./*.gz
  170.     [ -f iptables-add ] && rm iptables-add
  171.     [ -f iptables-del ] && rm iptables-del
  172.     [ -f ipset-del ] && rm ipset-del
  173.     [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
  174. plog "Unloading ipset modules"
  175.     lsmod | grep "ipt_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ipt_set 2> /dev/null
  176.     lsmod | grep "ip_set_iptreemap" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set_iptreemap 2> /dev/null
  177.     lsmod | grep "ip_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set 2> /dev/null
  178. plog "Stopping P2Partisan"
  179. }
  180.  
  181. pstatus() {
  182.     running3=`iptables -L | grep P2PARTISAN-IN  2> /dev/null | wc -l`
  183.     running4=`[ -f $pidfile ] && echo 1 || echo 0`
  184.     running5=`nvram get script_fire | grep p2partisan >/dev/null && echo Yes || echo No`
  185.     running6=`cru l | grep P2Partisan-update >/dev/null && echo Yes || echo No`
  186.     running7=`tail -200 /var/log/messages | grep Rejected | tail -1`
  187.    
  188.     from=`head -1 ./iptables-add 2> /dev/null | cut -c3-`
  189.     drop_packet_count_in=`iptables -vL P2PARTISAN-DROP-IN 2> /dev/null| grep " DROP " | awk '{print $1}'`
  190.     drop_packet_count_out=`iptables -vL P2PARTISAN-DROP-OUT 2> /dev/null| grep " REJECT " | awk '{print $1}'`
  191.    
  192.    
  193.     if [[ $running3 -eq "0" ]] && [[ $running4 -eq "0" ]]; then
  194.         running8=No
  195.     elif [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
  196.         running8=Loading...
  197.     elif [[ $running3 -gt "0" ]] && [[ $running4 -eq "0" ]]; then
  198.         running8=Not quite... try to run \"p2partisan.sh update\"
  199.     else
  200.         running8=Yes
  201.     fi
  202.    
  203.     echo "################### P2Partisan ##########################
  204. #   Release version: $version
  205. ################# P2Partisan status #####################
  206. #   P2Partisan running:   $running8
  207. #   P2Partisan autorun:   $running5
  208. #   P2Partisan scheduled: $running6
  209. #########################################################
  210. #   P2Partisan activity since: $from
  211. #   Dropped connections inbound: $drop_packet_count_in
  212. #   Rejected connections outbound: $drop_packet_count_out
  213. ################# Last log recorded #####################
  214. #   Remember your max logs per hour is set to: $maxloghour
  215. $running7
  216. #########################################################"
  217. }
  218.  
  219. if [ $autorun_availability_check = 1 ]; then
  220. av="while true; do [ -f $P2Partisandir/p2partisan.sh ] && break || sleep 5; done ;"
  221. fi
  222.  
  223. pautorunset() {
  224.     p=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
  225.     if [ $p -eq "0" ] ; then
  226.         t=`nvram get script_fire`; t=`printf "$t\n$av$P2Partisandir/p2partisan.sh\n"` ; nvram set "script_fire=$t"
  227.     fi
  228.     plog "P2Partisan AUTO RUN is ON"
  229.     nvram commit
  230. }
  231.  
  232. pautorununset() {
  233.     p=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
  234.     if [ $p -eq "1" ]; then
  235.     t=`nvram get script_fire`; t=`printf "$t\n$P2Partisandir/p2partisan.sh\n" | grep -v p2partisan` ; nvram set "script_fire=$t"
  236.     fi
  237.     plog "P2Partisan AUTO RUN is OFF"
  238.     nvram commit
  239. }
  240.  
  241. pscheduleset() {
  242.     cru d P2Partisan-update
  243.     cru a P2Partisan-update "$schedule $P2Partisandir/p2partisan.sh paranoia-update"
  244.     pp=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
  245.     p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
  246.     if [ $p -eq "0" ] ; then
  247.         if [ $pp -eq "0" ]; then
  248.         t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
  249.         else
  250.         pautorununset
  251.         t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
  252.         pautorunset
  253.         fi
  254.     fi
  255.     plog "P2Partisan AUTO UPDATE is ON"
  256.     nvram commit
  257. }
  258.  
  259. pscheduleunset() {
  260.     cru d P2Partisan-update
  261.     p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
  262.     if [ $p -eq "1" ] ; then
  263.     t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n" | grep -v "cru a P2Partisan-update"` ; nvram set "script_fire=$t"
  264.     fi
  265.     plog "P2Partisan AUTO UPDATE is OFF"
  266.     nvram commit
  267. }
  268.  
  269. pstart() {
  270.     running4=`[ -f $pidfile ] && echo 1 || echo 0`
  271.     if [ $running4 -eq "0" ] ; then
  272.  
  273.     echo $$ > $pidfile
  274.  
  275.     sleep 2
  276.    
  277.     [ -f iptables-add ] && rm iptables-add
  278.     [ -f iptables-del ] && rm iptables-del
  279.     [ -f ipset-del ] && rm ipset-del
  280.      
  281.     echo "### PREPARATION ###"
  282.     echo "Loading the ipset modules"
  283.     lsmod | grep "ip_set" > /dev/null 2>&1 || insmod ip_set
  284.     lsmod | grep "ip_set_iptreemap" > /dev/null 2>&1 || insmod ip_set_iptreemap
  285.     lsmod | grep "ipt_set" > /dev/null 2>&1 || insmod ipt_set
  286.  
  287. counter=0
  288. pos=1
  289. couscous=`cat blacklist-custom | grep -v "^#" | grep -v "^$" | wc -l`
  290.  
  291.         echo "### CUSTOM BLACKLIST ###
  292. blacklist-custom file -> $couscous entries found"
  293.  if [ $couscous -eq "0" ]; then
  294.         echo "No custom blacklist entries found: skipping"
  295.  else
  296.         echo "loading blacklist #$counter --> ***Custom IP blacklist***"
  297.         ipset --create blacklist-custom iptreemap
  298.         if [ -e blacklist-custom ]; then
  299.         for IP in `cat blacklist-custom | grep -v "^#" | grep -v "^$" | cut -d: -f2`
  300.             do
  301.                 ipset -A blacklist-custom $IP
  302.             done
  303.         fi
  304. fi
  305.    
  306. echo "### WHITELIST ###"
  307.        
  308.     whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
  309.         a=1
  310.         b=8
  311.         rounds=`echo $(( $whiteports_number / $b ))`
  312.         if [ $rounds -eq 0 ]; then rounds="1"; fi
  313.     while [ $rounds -gt 0 ]
  314.     do
  315.         w=`echo $whiteports | cut -d"," -f $a-$b`
  316.         a=`echo $(( $a + $b ))`
  317.         b=`echo $(( $b + $b ))`
  318.     echo "loading whitelisted ports $w exemption"
  319. whitep="${whitep}iptables -A P2PARTISAN-IN -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
  320. iptables -A P2PARTISAN-IN -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
  321. iptables -A P2PARTISAN-IN -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
  322. iptables -A P2PARTISAN-IN -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
  323. iptables -A P2PARTISAN-OUT -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
  324. iptables -A P2PARTISAN-OUT -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
  325. iptables -A P2PARTISAN-OUT -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
  326. iptables -A P2PARTISAN-OUT -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
  327. "
  328.     rounds=`echo $(( $rounds - 1 ))`
  329.     done
  330.  
  331.  
  332.         echo "# $now
  333. iptables -N P2PARTISAN-IN 2> /dev/null
  334. iptables -N P2PARTISAN-OUT 2> /dev/null
  335. iptables -N P2PARTISAN-DROP-IN 2> /dev/null
  336. iptables -N P2PARTISAN-DROP-OUT 2> /dev/null
  337. iptables -F P2PARTISAN-IN 2> /dev/null
  338. iptables -F P2PARTISAN-OUT 2> /dev/null
  339. iptables -F P2PARTISAN-DROP-IN 2> /dev/null
  340. iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
  341. iptables -A P2PARTISAN-IN -m set --set blacklist-custom src -j P2PARTISAN-DROP-IN 2> /dev/null
  342. iptables -A P2PARTISAN-OUT -m set --set blacklist-custom src -j P2PARTISAN-DROP-OUT 2> /dev/null
  343. $whitep" >> iptables-add
  344.  
  345.  
  346.         echo "# $now
  347. iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  348. iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  349. iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  350. iptables -D INPUT -i $lanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  351. iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  352. iptables -F P2PARTISAN-DROP-IN 2> /dev/null
  353. iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
  354. iptables -F P2PARTISAN-IN 2> /dev/null
  355. iptables -F P2PARTISAN-OUT 2> /dev/null
  356. iptables -X P2PARTISAN-IN 2> /dev/null
  357. iptables -X P2PARTISAN-OUT 2> /dev/null
  358. iptables -X P2PARTISAN-DROP-IN 2> /dev/null
  359. iptables -X P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-del
  360.  
  361.  
  362. echo "preparing the IP whitelist for the iptables"
  363. #Load the whitelist
  364. if [ "$(ipset --swap whitelist whitelist 2>&1 | grep 'Unknown set')" != "" ]
  365.     then
  366.     ipset --create whitelist iptreemap
  367.     cat whitelist | grep -v "^10." | grep -v "^172.16." | grep -v "^192.168." |
  368.     (
  369.     while read IP
  370.     do
  371.             echo "$IP" | grep "^#" >/dev/null 2>&1 && continue
  372.             echo "$IP" | grep "^$" >/dev/null 2>&1 && continue
  373.                     ipset -A whitelist $IP
  374.             done
  375.     )
  376. fi
  377.         echo "# $now
  378. ipset -F
  379. ipset -X blacklist-custom
  380. ipset -X whitelist" > ipset-del
  381.  
  382.             echo "loading the IP whitelist"
  383.             echo "iptables -A P2PARTISAN-IN -m set --set whitelist src -j ACCEPT 2> /dev/null
  384. iptables -A P2PARTISAN-OUT -m set --set whitelist dst -j ACCEPT 2> /dev/null" >> iptables-add
  385.  
  386.         if [ $syslogs -eq "1" ]; then        
  387.             echo "iptables -A P2PARTISAN-DROP-IN -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Dropped: \" --log-level 1 2> /dev/null" >> iptables-add
  388.             echo "iptables -A P2PARTISAN-DROP-OUT -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Rejected: \" --log-level 1 2> /dev/null" >> iptables-add
  389.        
  390.         fi
  391.         echo "iptables -A P2PARTISAN-DROP-IN -j DROP"  >> iptables-add
  392.         echo "iptables -A P2PARTISAN-DROP-OUT -j REJECT --reject-with icmp-admin-prohibited"  >> iptables-add
  393.  
  394.  
  395. echo "### BLACKLISTs ###"
  396.    
  397.     cat blacklists |
  398.    (
  399.     while read line
  400.     do
  401.             echo "$line" | grep "^#" >/dev/null 2>&1 && continue
  402.             echo "$line" | grep "^$" >/dev/null 2>&1 && continue
  403.             counter=`expr $counter + 1`
  404.             name=`echo $line |cut -d ' ' -f1`
  405.             url=`echo $line |cut -d ' ' -f2`
  406.             echo "loading blacklist #$counter --> ***$name***"
  407.      
  408.     if [ $fastroutine -eq "1" ]; then
  409.      
  410.      if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
  411.       then
  412.  
  413.           [ -e $name.gz ] || wget -q -O $name.gz "$url"
  414.           { echo "-N $name iptreemap"
  415.             gunzip -c  $name.gz | \
  416.             sed -e "/^[\t ]*#.*\|^[\t ]*$/d;s/^.*:/-A $name /"
  417.             echo COMMIT
  418.           } | ipset -R
  419.      fi
  420.     else
  421.      
  422.         if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
  423.             then
  424.             ipset --create $name iptreemap
  425.             [ -e $name.lst ] || wget -q -O - "$url" | gunzip | cut -d: -f2 | grep -E "^[-0-9.]+$" > $name.lst
  426.             for IP in $(cat $name.lst)
  427.                     do
  428.                     ipset -A $name $IP
  429.                     done
  430.             fi
  431.              
  432.     fi
  433.  
  434.                 echo "ipset -X $name " >> ipset-del
  435.                 echo "iptables -A P2PARTISAN-IN -m set --set $name src -j P2PARTISAN-DROP-IN 2> /dev/null
  436. iptables -A P2PARTISAN-OUT -m set --set $name dst -j P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-add 
  437.             done
  438.     )
  439.  
  440.  
  441.         if [ $protection -eq "1" ]; then
  442.             echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  443. iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add
  444.         elif [ $protection -eq "2" ]; then
  445.             echo "iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  446. iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  447. iptables -I INPUT $pos -i $lanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null" >> iptables-add
  448.         elif [ $protection -eq "3" ]; then
  449.             echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  450. iptables -I INPUT $pos -i $lanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  451. iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  452. iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  453. iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add
  454.  
  455.         fi
  456.  
  457. chmod 777 ./iptables-*
  458. chmod 777 ./ipset-*
  459. ./iptables-add  #protecting
  460.  
  461. plog "... P2Partisan started."
  462.  
  463. p=`nvram get dnsmasq_custom | grep log-async | wc -l`
  464. if [ $p -eq "1" ]; then
  465.     plog "log-async found under dnsmasq -> OK"
  466. else
  467.     plog "
  468. It appears like you don't have a log-async parameter
  469. in your dnsmasq config. This is strongly suggested
  470. due to the amount of logs involved. please consider
  471. adding the following command under Advanced/DHCP/DNS
  472. /Dnsmasq Custom configuration
  473.  
  474. log-async=10
  475. "
  476. fi
  477.  
  478. punblock  #remove paranoia DROPs if any
  479.  
  480. else
  481.         echo "
  482.     It appears like P2Partisan is already running. Skipping...
  483.            
  484.     If this is not what you expected? Try:
  485.     p2partisan.sh update
  486.         "
  487.     fi
  488. }
  489.  
  490.  
  491. for p in $1
  492. do
  493. case "$p" in
  494.         "start")
  495.                 pstart
  496.                 exit
  497.                 ;;     
  498.         "stop")
  499.                 pforcestop
  500.                 exit
  501.                 ;;
  502.         "restart")
  503.                 pscheduleunset
  504.                 psoftstop
  505.                 pscheduleset
  506.                 ;;
  507.         "status")
  508.                 pstatus
  509.                 exit               
  510.                 ;;     
  511.         "update")
  512.                 pscheduleunset
  513.                 pforcestop
  514.                 pscheduleset
  515.                 ;;
  516.         "paranoia-update")
  517.                 pscheduleunset
  518.                 pblock
  519.                 pforcestop
  520.                 pscheduleset
  521.                 ;;
  522.         "autorun-on")
  523.                 pautorunset
  524.                 exit
  525.                 ;;
  526.         "autorun-off")
  527.                 pautorununset
  528.                 exit
  529.                 ;;
  530.         "autoupdate-on")
  531.                 pscheduleset
  532.                 exit
  533.                 ;;
  534.         "autoupdate-off")
  535.                 pscheduleunset
  536.                 exit
  537.                 ;;
  538.         "help")
  539.                 echo
  540. P2Partisan parameters:
  541.                
  542.     help        Display this text      
  543.     start       Starts the process (this runs also if no option
  544.             is provided)
  545.     stop        Stops P2Partisan
  546.     restart     Soft restart, quick, updates iptables only
  547.     update      Hard restart, slow removes p2partisan, updates
  548.             the lists and does a fresh start
  549.     paranoia-update Like update but blocks any new connection until
  550.             P2Partisan is running again
  551.     status      Display P2Partisan running status + extra info
  552.     autorun-on  Sets P2Partisan to boot with the router
  553.     autorun-off Sets P2Partisan not to boot with the router
  554.     autoupdate-on   Sets automatic updates on
  555.     autoupdate-off  Sets automatic updates off
  556.                 "
  557.                 exit
  558.                 ;;
  559.         *)
  560.                 echo "parameter not valid. please run:
  561.                
  562.     p2partisan.sh help
  563.     "
  564.                 exit
  565.             ;;
  566.  
  567. esac
  568. done
  569.  
  570. pstart
  571.  
  572. exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!