#!/bin/sh
#
# p2partisan v5.16 (23/02/2020)
#
# Official page - http://www.linksysinfo.org/index.php?posts/235301/
#
# ###########################################
# Adjust location where the files are kept
P2Partisandir=/cifs1/p2partisan
#
# Enable logging? Use only for troubleshooting. 0=off 1=on
syslogs=1
# Maximum number of logs to be recorded in a given 60 min
# Consider set this very low (like 3 or 6) once your are
# happy with the installation. To troubleshoot blocked
# connection close all the secondary traffic e.g. p2p
# and try a connection to the blocked site/port you should
# find a reference in the logs.
maxloghour=1
#
# Ports to be whitelisted. Whitelisted ports will never be
# blocked no matter what the source/destination IP is.
# This is very important if you're running a service like
# e.g. SMTP/HTTP/IMAP/else. Separate value in the list below
# with commas - NOTE: It is suggested to leave the following ports
# always on as a minimum:
# tcp:43,80,443
# udp:53,67,68,123,1194:1196
# you might want to append remote admin and VPN ports, and
# anything else you think it's relevant.
# Standard iptables syntax, individual ports divided by "," and ":" to
# define a range e.g. 80,443,2100:2130. Do not whitelist you P2P client!
whiteports_tcp=80,443,3658,8080
whiteports_udp=53,123,1194:1197,1723,3658
#
# Greyports are port/s you absolutely want to filter against lists.
# Think of an Internet host that has its P2P client set on port 53 UDP.
# If you have the DNS port is in the whiteports_udp then P2Partisan would
# be completely bypassed. Internet-client:53 -> your-client:"P2Pport""
# greyport is in a nutshell a list of port/s used by your LAN P2Pclient/s.
# It's suggested you disable random port on your P2Pclient and add the
# client port/s here. NOTE:
# Accepted syntax: single port, multiple ports and ranges e.g.
# greyports=22008,6789
# the above would grey list 22008 and 6789. Don't know your client port?
# try ./p2partisan.sh detective
greyports_tcp=
greyports_udp=
#
# Greyline is the limit of connections per given "IP:port" above which
# Detective becomes suspicious. NOTE: This counts 1/2 of the sessions the
# router actually reports on because of the NAT implication. So this number
# represents the session as seen on the LAN client. Affects detective only.
greyline=100
#
# Fastrouting will process the IP classes very quickly but use
# Lot of resources. If you disable the effect is transparent
# but the full process will take minutes rather than seconds
# 0=disabled 1=enabled
fastroutine=1
#
# Enable check on script availability to help autorun.
# If the ./partisan.sh is remote wait for the file to be available
# instead of quit with a file missing error
autorun_availability_check=1
#
# Schedule updates? (once a week is plenty). Custom syntax:
# m = random minute picked up in the range[0-59]
# h = random hour picked up in the range [1-5]am
# d = random day of the week picked up in the range Sun to Sat [0-6]
# if unwanted set your own specific time e.g.
# "30 4 * * 1" 4:30 on a Monday
# or use a combination e.g. random minute at 1am on a Tuesday:
# "m 1 * * 3"
# Specify this always in between "" please
schedule="m h * * d"
#
# IP for testing Internet connectivity
testip=8.8.8.8
# ###########################################
ipsetversion=`ipset -V | grep ipset | awk '{print $2}' | cut -c2` #4=old 6=new
if [ $ipsetversion != 4 ]; then
echo "ipset not compatible with this P2Partisan version"
exit
fi
paranoiastuck=`iptables -L | grep PARANOIA | wc -l`
if [[ $paranoiastuck -lt 1 ]]; then
# Wait until Internet is available
while :
do
ping -c 3 $testip >/dev/null 2>&1
if [ $? = 0 ]; then
break
fi
sleep 5
done
fi
pidfile="/var/run/p2partisan.pid"
logfile=`nvram get log_file_path` || logfile=`/var/log/messages`
cd $P2Partisandir
version=`head -3 ./p2partisan.sh | tail -1 | cut -f 3- -d " "`
alias ipset='/bin/nice -n19 /usr/sbin/ipset'
alias sed='/bin/nice -n19 /bin/sed'
alias iptables='/usr/sbin/iptables'
alias service='/sbin/service'
alias plog='logger -t "| P2PARTISAN" -s'
now=`date +%s`
rm=1
wanif=`nvram get wan_ifname` && rm=0 || wanif=`nvram get wan_ifnames` #RMerlin work around
lanif=`nvram get lan_ifname`
# DHCP hardcoded patch
p1=`echo $whiteports_udp | grep -Eo '[,|:]67[,|:| ]' | wc -l`
p2=`echo $whiteports_udp | grep -Eo '[,|:]68[,|:| ]' | wc -l`
if [ $p1 -eq "0" ]; then
whiteports_udp=${whiteports_udp},67
fi
if [ $p2 -eq "0" ]; then
whiteports_udp=${whiteports_udp},68
fi
psoftstop() {
[ -f /tmp/p2partisan.loading ] && echo "P2Partisan is still loading. Can't stop right now Exiting..." && exit
echo -e "
+------------------------- P2Partisan --------------------------+
| _______ __
| | __| |_.-----.-----.
| |__ | _| _ | _ |
| Soft |_______|____|_____| __|
| |__|
|
+---------------------------------------------------------------+"
echo -e "| Stopping P2Partisan..."
./iptables-del 2> /dev/null
plog "Stopping P2Partisan..."
[ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
[ -f iptables-add ] && rm -f "iptables-add" 2> /dev/null
[ -f iptables-del ] && rm -f "iptables-del" 2> /dev/null
echo "+---------------------------------------------------------------+"
}
pblock() {
plog "P2PArtisan: Applying paranoia block"
iptables -N PARANOIA-DROP 2> /dev/null
echo $whiteports_tcp | awk -v RS=',' -F : '{ gsub(/\n$/, "") } NF > 1 { r=(r ? r "," : "") $0; if (r ~ /([^,]*,){6}/) { print r; r=""; } next } { s=(s ? s "," : "") $0; if (s ~ /([^,]*,){14}/) { print s; s=""; } } END { if (r && s) { p = r "," s; if (p !~ /([^,:]*[:,]){15}/) { print p; r=s="" } } if (r) print r ; if (s) print s }' | while read w; do
echo "| loading whitelisted ports $w exemption for paranoia-update"
iptables -A PARANOIA-DROP -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
done
echo $whiteports_udp | awk -v RS=',' -F : '{ gsub(/\n$/, "") } NF > 1 { r=(r ? r "," : "") $0; if (r ~ /([^,]*,){6}/) { print r; r=""; } next } { s=(s ? s "," : "") $0; if (s ~ /([^,]*,){14}/) { print s; s=""; } } END { if (r && s) { p = r "," s; if (p !~ /([^,:]*[:,]){15}/) { print p; r=s="" } } if (r) print r ; if (s) print s }' | while read w; do
echo "| loading whitelisted UDP ports $w exemption"
iptables -A PARANOIA-DROP -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
done
iptables -A PARANOIA-DROP -m set --set whitelist dst -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -m limit --limit $maxloghour/hour --limit-burst 5 -j LOG --log-prefix "P2Partisan DROP (PARANOIA) >> " --log-level 1 2> /dev/null
iptables -A PARANOIA-DROP -j DROP
iptables -I wanin 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
iptables -I wanout 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
iptables -I INPUT 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
iptables -I OUTPUT 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
}
punblock() {
while iptables -L wanin 2> /dev/null | grep "PARANOIA-DROP" > /dev/null 2>&1
do
iptables -D wanin -i $wanif -m state --state NEW -j PARANOIA-DROP > /dev/null 2>&1
done
while iptables -L wanout 2> /dev/null | grep "PARANOIA-DROP" > /dev/null 2>&1
do
iptables -D wanout -o $wanif -m state --state NEW -j PARANOIA-DROP > /dev/null 2>&1
done
while iptables -L OUTPUT 2> /dev/null | grep "PARANOIA-DROP" > /dev/null 2>&1
do
iptables -D OUTPUT -o $wanif -m state --state NEW -j PARANOIA-DROP > /dev/null 2>&1
done
while iptables -L INPUT 2> /dev/null | grep "PARANOIA-DROP" > /dev/null 2>&1
do
iptables -D INPUT -i $wanif -m state --state NEW -j PARANOIA-DROP > /dev/null 2>&1
done
iptables -F PARANOIA-DROP 2> /dev/null && plog "P2PArtisan: Removing paranoia block"
iptables -X PARANOIA-DROP 2> /dev/null
}
pforcestop() {
echo -e "
+------------------------- P2Partisan --------------------------+
| _______ __
| | __| |_.-----.-----.
| |__ | _| _ | _ |
| Hard |_______|____|_____| __|
| |__|
|
+---------------------------------------------------------------+"
counter=0
while iptables -L wanin 2> /dev/null | grep P2PARTISAN-IN > /dev/null 2>&1
do
iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN > /dev/null 2>&1
done
while iptables -L wanout 2> /dev/null | grep P2PARTISAN-OUT > /dev/null 2>&1
do
iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT > /dev/null 2>&1
done
while iptables -L INPUT | grep P2PARTISAN-IN > /dev/null 2>&1
do
iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN > /dev/null 2>&1
done
while iptables -L OUTPUT | grep P2PARTISAN-OUT > /dev/null 2>&1
do
iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT > /dev/null 2>&1
done
#Remove wanin/wanout. For P2Partisan-RMerlin compatibility only
if [ $rm -eq 1 ]; then
iptables -F wanin 2> /dev/null
iptables -X wanin 2> /dev/null
iptables -D FORWARD -i $wanif -j wanin 2> /dev/null
iptables -F wanout 2> /dev/null
iptables -X wanout 2> /dev/null
iptables -D FORWARD -o $wanif -j wanout 2> /dev/null
fi
#
iptables -F P2PARTISAN-DROP-IN > /dev/null 2>&1
iptables -F P2PARTISAN-DROP-OUT > /dev/null 2>&1
iptables -F P2PARTISAN-LISTS-IN > /dev/null 2>&1
iptables -F P2PARTISAN-LISTS-OUT > /dev/null 2>&1
iptables -F P2PARTISAN-IN > /dev/null 2>&1
iptables -F P2PARTISAN-OUT > /dev/null 2>&1
iptables -X P2PARTISAN-DROP-IN > /dev/null 2>&1
iptables -X P2PARTISAN-DROP-OUT > /dev/null 2>&1
iptables -X P2PARTISAN-LISTS-IN > /dev/null 2>&1
iptables -X P2PARTISAN-LISTS-OUT > /dev/null 2>&1
iptables -X P2PARTISAN-IN > /dev/null 2>&1
iptables -X P2PARTISAN-OUT > /dev/null 2>&1
ipset -F > /dev/null 2>&1
for i in `ipset --list | grep Name | cut -f2 -d ":" `; do
ipset -X $i > /dev/null 2>&1
done
chmod 777 ./*.gz > /dev/null 2>&1
[ -f iptables-add ] && rm iptables-add
[ -f iptables-del ] && rm iptables-del
[ -f ipset-del ] && rm ipset-del
[ -f $pidfile ] && rm -f "$pidfile" > /dev/null 2>&1
[ -f runtime ] && rm -f "runtime" > /dev/null 2>&1
[ -f /tmp/p2partisan.loading ] && rm -r "status.loading" >/dev/null 2>&1
plog " Unloading ipset modules"
lsmod | grep "ipt_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ipt_set > /dev/null 2>&1
lsmod | grep "ip_set_iptreemap" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set_iptreemap > /dev/null 2>&1
lsmod | grep "ip_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set > /dev/null 2>&1
plog " Removing the list files"
cat blacklists | grep -Ev "^#|^$" | tr -d "\r" |
(
while read line
do
counter=`expr $counter + 1`
name=`echo $line | awk '{print $1}'`
echo "| Removing blacklist #$counter --> ***$name***"
[ -f ./$name.gz ] && rm -f ./$name.gz > /dev/null 2>&1
done
)
plog " P2Partisan stopped."
echo -e "+---------------------------------------------------------------+"
}
pstatus() {
counter=0
running3=`iptables -L INPUT 2> /dev/null | grep P2PARTISAN-IN | wc -l`
running4=`[ -f $pidfile ] && echo 1 || echo 0`
running5=`nvram get script_fire | grep "p2partisan.sh ]" >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
running6=`cru l | grep P2Partisan-update >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
running7=`tail -200 $logfile | grep Dropped | tail -1 | awk '{printf "| %s %s %s ",$1,$2,$3;for (i=4;i<=NF;i++) if ($i~/(IN|OUT|SRC|DST|PROTO|SPT|DPT)=/) printf "%s ",$i;print ""}'| sed -e 's/PROTO=//g' -e 's/IN=/I=/g' -e 's/OUT=/O=/g' -e 's/SPT=/S=/g' -e 's/DPT=/D=/g' -e 's/SRC=/S=/g' -e 's/DST=/D=/g'`
running7a=`tail -200 $logfile | grep Rejected | tail -1 | awk '{printf "| %s %s %s ",$1,$2,$3;for (i=4;i<=NF;i++) if ($i~/(IN|OUT|SRC|DST|PROTO|SPT|DPT)=/) printf "%s ",$i;print ""}'| sed -e 's/PROTO=//g' -e 's/IN=/I=/g' -e 's/OUT=/O=/g' -e 's/SPT=/S=/g' -e 's/DPT=/D=/g' -e 's/SRC=/S=/g' -e 's/DST=/D=/g'` runningA=`cat $logfile | grep "Applying paranoia" | wc -l`
running9=`nvram get script_fire | grep "P2Partisan-tutor" >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
logwin=`echo $(( $now - 86400 ))`
tail -1500 $logfile | grep -i "P2Partisan tutor" > /tmp/tutor.tmp
cat /tmp/tutor.tmp |
(
while read line
do
logtime=`echo $line | awk '{print $3}'`
if [[ `date -d"$logtime" +%s` -gt $logwin ]]; then
echo $line >> /tmp/tutor.temp
fi
done
)
[ -f /tmp/tutor.temp ] && runningB=`wc -l /tmp/tutor.temp | awk '{print $1}'`
[ -f /tmp/tutor.tmp ] && rm /tmp/tutor.tmp; [ -f /tmp/tutor.temp ] && rm /tmp/tutor.temp || runningB=0
runningC=`cat blacklists | grep -Ev "^#|^$" | tr -d "\r" | wc -l`
runningD=`[ -f ./runtime ] && cat ./runtime`
runningF=`iptables -L P2PARTISAN-DROP-IN 2> /dev/null | grep DEBUG | wc -l`
if [ -e ./iptables-add ]; then
from=`head -1 ./iptables-add 2> /dev/null | awk '{print $2}'`
runtime=`echo $(( $now - $from ))`
d=`echo $(( $runtime / 86400 ))`
h=`echo $((( $runtime / 3600 ) %24 ))`
m=`echo $((( $runtime / 60 ) %60 ))`
s=`echo $(( $runtime %60 ))`
runtime=`printf "$d - %02d:%02d:%02d\n" $h $m $s`
fi
drop_packet_count_in=`iptables -vL P2PARTISAN-DROP-IN 2> /dev/null | grep " DROP " | awk '{print $1}'`
drop_packet_count_out=`iptables -vL P2PARTISAN-DROP-OUT 2> /dev/null | grep " REJECT " | awk '{print $1}'`
if [ -e ./iptables-debug-del ]; then
dfrom=`[ -f ./iptables-debug ] && head -1 ./iptables-debug 2> /dev/null | awk '{print $2}'`
druntime=`echo $(( $now - $dfrom ))`
h=`echo $((( $druntime / 3600 ) %24 ))`
m=`echo $((( $druntime / 60 ) %60 ))`
s=`echo $(( $druntime %60 ))`
druntime=`printf "%02d:%02d:%02d\n" $h $m $s`
dendtime=`[ -f ./iptables-debug-del ] && head -2 ./iptables-debug-del | tail -n 1 | awk '{print $2}'`
ttime=`echo $(( $dendtime / 60 ))`
ttime=`echo $(( $dfrom + $dendtime ))`
leftime=`echo $(( $ttime - $now ))`
m=`echo $((( $leftime / 60 ) %60 ))`
s=`echo $(( $leftime %60 ))`
leftime=`printf "%02d:%02d:%02d\n" $h $m $s`
zzztime=`echo $(( $dendtime / 60 ))`
fi
if [[ $running3 -eq "0" ]] && [[ $running4 -eq "0" ]]; then
running8="\033[1;31mNo\033[0;39m"
elif [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
running8="\033[1;35mLoading...\033[0;39m"
elif [[ $running3 -gt "0" ]] && [[ $running4 -eq "0" ]]; then
running8="\033[1;31mNot quite... try to run \"p2partisan.sh update\"\033[0;39m"
else
running8="\033[1;32mYes\033[0;39m"
fi
if [[ $runningF -eq 1 ]]; then
runningF="\033[1;35mOn\033[0;39m IP \033[1;33m`iptables -L P2PARTISAN-DROP-IN 2> /dev/null | grep DEBUG | awk '{print $5}'` \033[1;33m$f\033[0;39mrunning for \033[1;33m$druntime\033[0;39m /\033[1;33m$zzztime\033[0;39m min (\033[1;33m$leftime\033[0;39m left)"
else
runningF="Off"
fi
whiteip=`ipset -L whitelist 2> /dev/null | grep -E "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" | wc -l`
whiteextra=`ipset -L whitelist 2> /dev/null | grep -E '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' | wc -l`
if [[ $whiteextra == "0" ]]; then
whiteextra=" "
else
whiteextra=`echo "/ $whiteextra" LAN IP ref defined`
fi
blackip=`ipset -L blacklist-custom 2> /dev/null | grep -E "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" | wc -l`
echo -e "
+------------------------- P2Partisan --------------------------+
| _______ __ __
| | __| |_.---.-.| |_.--.--.-----.
| |__ | _| _ || _| | |__ --|
| |_______|____|___._||____|_____|_____|
|
| Release version: \033[1;37m$version\033[0;39m
+---------------------------------------------------------------+
| Running: $running8
| Autorun: $running5
| Scheduled: $running6 / \033[1;37m$runningA\033[0;39m since device boot
| Tutor: $running9 / \033[1;37m$runningB\033[0;39m in the last 24h
| Debugger: $runningF
+---------------------------------------------------------------+
| Partisan uptime: \033[1;37m$runtime\033[0;39m
| Startup time: \033[1;37m$runningD\033[0;39m seconds
| Dropped in: \033[1;37m$drop_packet_count_in\033[0;39m
| Rejected out: \033[1;37m$drop_packet_count_out\033[0;39m
+---------------------------------------------------------------+
| Black IPs: \033[1;37m$blackip\033[0;39m
| White IPs: \033[1;37m$whiteip $whiteextra\033[0;39m"
transmissionenable=`nvram get bt_enable`
if [ -z $transmissionenable ]; then
echo "| TransmissionBT: Not available"
elif [ "$transmissionenable" = "0" ]; then
echo "| TransmissionBT: Off"
elif [ "$transmissionenable" = "1" ]; then
echo -e "| TransmissionBT: \033[1;37mOn\033[0;39m"
transmissionport=`nvram get bt_port 2> /dev/null`
greyports_tcp=$greyports_tcp,$transmissionport
greyports_udp=$greyports_udp,$transmissionport
fi
echo $greyports_tcp | awk -v RS=',' -F : '{ gsub(/\n$/, "") } NF > 1 { r=(r ? r "," : "") $0; if (r ~ /([^,]*,){6}/) { print r; r=""; } next } { s=(s ? s "," : "") $0; if (s ~ /([^,]*,){14}/) { print s; s=""; } } END { if (r && s) { p = r "," s; if (p !~ /([^,:]*[:,]){15}/) { print p; r=s="" } } if (r) print r ; if (s) print s }' | while read w; do
echo -e "| Grey ports TCP: \033[1;37m$w\033[0;39m"
done
echo $greyports_udp | awk -v RS=',' -F : '{ gsub(/\n$/, "") } NF > 1 { r=(r ? r "," : "") $0; if (r ~ /([^,]*,){6}/) { print r; r=""; } next } { s=(s ? s "," : "") $0; if (s ~ /([^,]*,){14}/) { print s; s=""; } } END { if (r && s) { p = r "," s; if (p !~ /([^,:]*[:,]){15}/) { print p; r=s="" } } if (r) print r ; if (s) print s }' | while read w; do
echo -e "| Grey ports UDP: \033[1;37m$w\033[0;39m"
done
echo $whiteports_tcp | awk -v RS=',' -F : '{ gsub(/\n$/, "") } NF > 1 { r=(r ? r "," : "") $0; if (r ~ /([^,]*,){6}/) { print r; r=""; } next } { s=(s ? s "," : "") $0; if (s ~ /([^,]*,){14}/) { print s; s=""; } } END { if (r && s) { p = r "," s; if (p !~ /([^,:]*[:,]){15}/) { print p; r=s="" } } if (r) print r ; if (s) print s }' | while read w; do
echo -e "| White ports TCP: \033[1;37m$w\033[0;39m"
done
echo $whiteports_udp | awk -v RS=',' -F : '{ gsub(/\n$/, "") } NF > 1 { r=(r ? r "," : "") $0; if (r ~ /([^,]*,){6}/) { print r; r=""; } next } { s=(s ? s "," : "") $0; if (s ~ /([^,]*,){14}/) { print s; s=""; } } END { if (r && s) { p = r "," s; if (p !~ /([^,:]*[:,]){15}/) { print p; r=s="" } } if (r) print r ; if (s) print s }' | while read w; do
echo -e "| White ports UDP: \033[1;37m$w\033[0;39m"
done
echo -e "| Black lists: \033[1;37m$runningC\033[0;39m"
echo "+----------------------- Logs max($maxloghour/hour) ----------------------+
$running7
$running7a
+---------------------------------------------------------------+"
}
if [ $autorun_availability_check = 1 ]; then
av="while true; do [ -f $P2Partisandir/p2partisan.sh ] && break || sleep 5; done ;"
fi
pautorunset() {
echo -e "
+------------------------- P2Partisan --------------------------+
| ______ __ __
| | |.-----.-----.| |_.----.-----.| |
| | ---|| _ | || _| _| _ || |
| |______||_____|__|__||____|__| |_____||__|
|
+--------------------------- Autorun ---------------------------+"
p=`nvram get script_fire | grep "p2partisan.sh restart" | grep -v cru | wc -l`
if [ $p -eq "0" ] ; then
t=`nvram get script_fire`; t=`printf "$t\n$av$P2Partisandir/p2partisan.sh restart\n"` ; nvram set "script_fire=$t"
fi
plog "P2Partisan AUTO RUN is ON"
echo "+---------------------------------------------------------------+"
nvram commit
}
pautorununset() {
echo -e "
+------------------------- P2Partisan --------------------------+
| ______ __ __
| | |.-----.-----.| |_.----.-----.| |
| | ---|| _ | || _| _| _ || |
| |______||_____|__|__||____|__| |_____||__|
|
+--------------------------- Autorun ---------------------------+"
p=`nvram get script_fire | grep "p2partisan.sh restart" | grep -v cru | wc -l`
if [ $p -eq "1" ]; then
t=`nvram get script_fire`; t=`printf "$t" | grep -v "p2partisan.sh restart"` ; nvram set "script_fire=$t"
fi
plog "P2Partisan AUTO RUN is OFF"
echo "+---------------------------------------------------------------+"
nvram commit
}
pscheduleset() {
echo -e "
+------------------------- P2Partisan --------------------------+
| ______ __ __
| | |.-----.-----.| |_.----.-----.| |
| | ---|| _ | || _| _| _ || |
| |______||_____|__|__||____|__| |_____||__|
|
+-------------------------- Scheduler --------------------------+"
cru d P2Partisan-update
e=`tr -cd 0-5 /dev/null
wget -q -O - http://pastebin.com/raw.php?i=eDgM0S5i | grep "p2partisan v" | grep -v grep> ./latest
latest=`cat ./latest | cut -c3-31`
current=`cat ./p2partisan.sh | grep "p2partisan v" | head -1 | cut -c3-32 `
if [[ "$latest" == "$current" ]]; then
echo "
+------------------------- P2Partisan --------------------------+
| _______ __
| | | |.-----.-----.----.---.-.--| |.-----.
| | | || _ | _ | _| _ | _ || -__|
| |_______|| __|___ |__| |___._|_____||_____|
| |__| |_____|
|
+---------------------------------------------------------------+
You're already running the latest version of P2Partisan
"
else
echo "
+------------------------- P2Partisan --------------------------+
| _______ __
| | | |.-----.-----.----.---.-.--| |.-----.
| | | || _ | _ | _| _ | _ || -__|
| |_______|| __|___ |__| |___._|_____||_____|
| |__| |_____|
|
+---------------------------------------------------------------+
| There's a new P2Partisan update available. Do you want to upgrade?
|
| current = $current
|
| to
|
| latest = $latest
|
| y/n"
read answer
if [[ $answer == "y" ]]; then
wget -q -O ./p2partisan_new.sh http://pastebin.com/raw.php?i=eDgM0S5i
pupgraderoutine
else
echo "| Upgrade skipped. Quitting...
+---------------------------------------------------------------+"
exit
fi
fi
}
pupgradebeta() {
[ -f p2partisan_new.sh ] && rm -f "p2partisan_new.sh" 2> /dev/null
wget -q -O - http://pastebin.com/raw.php?i=qe79uDJi | grep "p2partisan v" | grep -v grep > ./latest
echo "| Do you want to install the latest testing beta (not suggested)?
|
| y/n"
read answer
if [[ $answer == "y" ]]; then
wget -q -O ./p2partisan_new.sh http://pastebin.com/raw.php?i=qe79uDJi
pupgraderoutine
else
echo "| Beta upgrade skipped. Quitting...
+---------------------------------------------------------------+"
exit
fi
}
pupgraderoutine() {
echo "| Upgrading, please wait:"
echo "| 1/6) Stopping the script"
pforcestop
[ -f p2partisan_new.sh ] || plog "There's a problem with the p2partisan upgrade. Please try again"
echo "| 2/6) Migrating the configuration"
sed '1,/P2Partisandir/{s@P2Partisandir=.*@'"P2Partisandir=$P2Partisandir"'@'} -i ./p2partisan_new.sh
sed '1,/syslogs/{s@syslogs=.*@'"syslogs=$syslogs"'@'} -i ./p2partisan_new.sh
sed '1,/maxloghour/{s@maxloghour=.*@'"maxloghour=$maxloghour"'@'} -i ./p2partisan_new.sh
sed '1,/whiteports_tcp/{s@whiteports_tcp=.*@'"whiteports_tcp=$whiteports_tcp"'@'} -i ./p2partisan_new.sh
sed '1,/whiteports_udp/{s@whiteports_udp=.*@'"whiteports_udp=$whiteports_udp"'@'} -i ./p2partisan_new.sh
sed '1,/greyports_tcp/{s@greyports_tcp=.*@'"greyports_tcp=$greyports_tcp"'@'} -i ./p2partisan_new.sh
sed '1,/greyports_udp/{s@greyports_udp=.*@'"greyports_udp=$greyports_udp"'@'} -i ./p2partisan_new.sh
sed '1,/greyline/{s@greyline=.*@'"greyline=$greyline"'@'} -i ./p2partisan_new.sh
sed '1,/fastroutine/{s@fastroutine=.*@'"fastroutine=$fastroutine"'@'} -i ./p2partisan_new.sh
sed '1,/autorun_availability_check/{s@autorun_availability_check=.*@'"autorun_availability_check=$autorun_availability_check"'@'} -i ./p2partisan_new.sh
sed '1,/schedule/{s@schedule=.*@'"schedule=\"$schedule\""'@'} -i ./p2partisan_new.sh
sed '1,/testip/{s@testip=.*@'"testip=$testip"'@'} -i ./p2partisan_new.sh
tr -d "\r"< ./p2partisan_new.sh > ./.temp ; mv ./.temp ./p2partisan_new.sh
echo "| 3/6) Copying p2partisan.sh into p2partisan.sh.old"
cp ./p2partisan.sh ./p2partisan_old
echo "| 4/6) Installing new script into p2partisan.sh"
mv ./p2partisan_new.sh ./p2partisan.sh
echo "| 5/6) Setting up permissions"
chmod -R 777 ./p2partisan.sh
echo -e "| 6/6) all done, \033[1;32mPlease run the script manually!\033[0;39m
| NOTE: autorun, autoupdate and tutor settings are left as they were found
+---------------------------------------------------------------+
"
exit
}
ptutor() {
h=`date +%H`
pwhitelist
pblacklistcustom
running3=`iptables -L INPUT | grep P2PARTISAN-IN 2> /dev/null | wc -l`
running4=`[ -f $pidfile ] && echo 1 || echo 0`
runningE=`iptables -L wanin | grep P2PARTISAN-IN 2> /dev/null | wc -l`
cat blacklists | grep -Ev "^#|^$" | tr -d "\r" |
(
while read line
do
name=`echo $line | awk '{print $1}'`
iptables -L P2PARTISAN-LISTS-IN | grep $name > /dev/null || {
plog "P2Partisan tutor had to reinstall the iptables due to: P2PARTISAN-LIST-IN $name instruction missing"
./iptables-del ; ./iptables-add
exit
}
iptables -L P2PARTISAN-LISTS-OUT | grep $name > /dev/null || {
plog "P2Partisan tutor had to reinstall the iptables due to: P2PARTISAN-LIST-OUT $name instruction missing"
./iptables-del ; ./iptables-add
exit
}
# age=`echo $((\`date +%s\` - \`date -r $name.cidr +%s\`))`
# if [[ $age -gt "604800" ]] && [[ $h -le 6 ]] && [[ $h -ge 2 ]]; then
# plog "P2Partisan is updating list $name"
# pforcestop $name
# exit
# fi
done
)
if [[ $runningE -gt "1" ]]; then
pforcestop
plog "P2Partisan tutor had to restart due to: iptables redundant rules found"
pstart
elif [[ $running3 -eq "1" ]] && [[ $running4 -eq "0" ]]; then
plog "P2Partisan tutor had to restart due to: pid file missing"
pforcestop
pstart
elif [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
plog "P2Partisan tutor had to restart due to: iptables instructions missing"
pforcestop
pstart
elif [[ $running3 -ne "1" ]] && [[ $running4 -eq "1" ]]; then
plog "P2Partisan appears to be loading, I'll wait 30 seconds..."
sleep 30
if [[ $running3 -ne "1" ]] && [[ $running4 -eq "1" ]]; then
plog "P2Partisan tutor had to restart due to Stuck on Loading"
pforcestop
pstart
fi
else
echo -e "
+------------------------- P2Partisan --------------------------+
| _______ __
| |_ _|.--.--.| |_.-----.----.
| | | | | || _| _ | _|
| |___| |_____||____|_____|__|
|
+---------------------------------------------------------------+
| P2Partisan up and running. The tutor is happy
+---------------------------------------------------------------+"
fi
}
ptutorset() {
echo -e "
+------------------------- P2Partisan --------------------------+
| _______ __
| |_ _|.--.--.| |_.-----.----.
| | | | | || _| _ | _|
| |___| |_____||____|_____|__|
|
+-------------------------- Scheduler --------------------------+"
cru d P2Partisan-tutor
ab=`tr -cd 0-5 /dev/null 2>&1 && test=1 || test=0
if [[ $test -eq 1 ]]; then
echo $checklist | tr " " "\n" |
(
while read LIST
do
ipset -T $LIST $1 > /dev/null 2>&1 && if [ $LIST = "whitelist" ]; then echo -e "| \033[1;32m$1 found in $LIST\033[0;39m"; else echo -e "| \033[1;31m$1 found in $LIST\033[0;39m"; fi || echo -e "| $1 not found in $LIST"
done
)
echo "+---------------------------------------------------------------+
| in case of multiple match the first prevails
+---------------------------------------------------------------+"
elif [[ $test -eq 0 ]]; then
echo "| Invalid input. Please specify a valid IP address.
+---------------------------------------------------------------+"
fi
fi
}
pdebug() {
echo -e "
+------------------------- P2Partisan --------------------------+
| _____ __
| | \.-----.| |--.--.--.-----.
| | -- | -__|| _ | | | _ |
| |_____/|_____||_____|_____|___ |
| |_____|
|
+--------------------------- Guide -----------------------------+
| Debug allows to fully log the P2Partisan interventions given a LAN IP
| Maximum 1 debug at the time / Debug automatically times out or can be forced off manually
+---------------------------------------------------------------+
| p2partisan.sh debug Syntax
| p2partisan.sh debug Displays debug status and this help text
| p2partisan.sh debug 192.168.0.3 <1-120> Enables debug for the given LAN IP for N min (15 default)
| p2partisan.sh debug 192.168.0.3 9 Enables debug for the given LAN IP for 9 min
| p2partisan.sh debug reverse <1-120> Enables debug for all the LAN IPs excluding greyports_tcp/udp
| p2partisan.sh debug off Disable debug without waiting for the timer to timeout
| p2partisan.sh debug-display Display logs Syntax
| p2partisan.sh debug-display Displays in&out debug logs + guide
| p2partisan.sh debug-display out Same as above but displays outbound records only
+-------------------------- Activity ---------------------------+"
echo "$1" | grep -Eo "([2][5][0-5].|[2][0-4][0-9].|[1][0-9][0-9].|[0-9][0-9].|[0-9].)([2][0-5][0-5].|[2][0-4][0-9].|[1][0-9][0-9].|[0-9][0-9].|[0-9].)([2][0-5][0-5].|[2][0-4][0-9].|[1][0-9][0-9].|[0-9][0-9].|[0-9].)([2][0-5][0-5]|[2][0-4][0-9]|[1][0-9][0-9]|[0-9][0-9]|[0-9])" >/dev/null 2>&1 && q=0 || q=1
echo "$1" | grep "reverse" >/dev/null 2>&1 && q=2
echo "$1" | grep "off" >/dev/null 2>&1 && off=1 || off=0
if [ -e ./iptables-debug-del ]; then
dfrom=`head -1 ./iptables-debug 2> /dev/null | awk '{print $2}'`
druntime=`echo $(( $now - $dfrom ))`
h=`echo $((( $druntime / 3600 ) %24 ))`
m=`echo $((( $druntime / 60 ) %60 ))`
s=`echo $(( $druntime %60 ))`
druntime=`printf "%02d:%02d:%02d\n" $h $m $s`
dendtime=`head -2 ./iptables-debug-del | tail -n 1 | awk '{print $2}'`
ttime=`echo $(( $dendtime / 60 ))`
ttime=`echo $(( $dfrom + $dendtime ))`
leftime=`echo $(( $ttime - $now ))`
m=`echo $((( $leftime / 60 ) %60 ))`
s=`echo $(( $leftime %60 ))`
leftime=`printf "%02d:%02d:%02d\n" $h $m $s`
zzztime=`echo $(( $dendtime / 60 ))`
fi
if [[ $off -eq 1 ]]; then
f=`iptables -L P2PARTISAN-DROP-IN | grep DEBUG `
fc=`iptables -L P2PARTISAN-DROP-IN | grep DEBUG | wc -l`
if [[ $fc -ge 1 ]]; then
kill `ps | grep -E "sleep $dendtime$" | awk '{print $1}'` > /dev/null 2>&1
plog "| All DEBUG activities have stopped"
{
while iptables -L P2PARTISAN-DROP-IN | grep DEBUG
do
iptables -D P2PARTISAN-DROP-IN 1
done
while iptables -L P2PARTISAN-DROP-OUT | grep DEBUG
do
iptables -D P2PARTISAN-DROP-OUT 1
done
} > /dev/null 2>&1
echo -e "| Use \033[1;33m./p2partisan.sh debug-display\033[0;39m to show debug information, if any.
+---------------------------------------------------------------+" ; exit
else
echo -e "| Debug is currently off and not collecting any information.
| Use \033[1;33m./p2partisan.sh debug-display\033[0;39m to show existing debug information, if any.
+---------------------------------------------------------------+" ; exit
fi
fi
if [[ -z $1 ]]; then
f=`iptables -L P2PARTISAN-DROP-IN | grep DEBUG | awk '{print $5}' | head -1`
fc=`iptables -L P2PARTISAN-DROP-IN | grep DEBUG | wc -l`
if [[ $fc -gt 1 ]]; then
echo -e "| P2partisan is currently debugging IP \033[1;33m$f\033[0;39m for \033[1;33m$druntime\033[0;39m /\033[1;33m$zzztime\033[0;39m min (\033[1;33m$leftime\033[0;39m left)
| Use \033[1;33m./p2partisan.sh debug-display\033[0;39m to show debug information
+---------------------------------------------------------------+" ; exit
elif [[ $fc -eq 0 ]]; then
echo -e "| Debug is currently off and not collecting any information.
| Use \033[1;33m./p2partisan.sh debug-display\033[0;39m to show existing debug information, if any.
+---------------------------------------------------------------+" ; exit
fi
elif [[ $q -eq 1 ]]; then
echo -e "| The input \033[1;31m$1\033[0;39m doesn't appear to be a valid IP
+---------------------------------------------------------------+" ; exit
fi
f=`iptables -L P2PARTISAN-DROP-IN | grep DEBUG | awk '{print $5}' | head -1`
fc=`iptables -L P2PARTISAN-DROP-IN | grep DEBUG | wc -l`
if [[ $fc -gt 1 ]]; then
echo -e "| P2partisan is currently debugging IP \033[1;33m$f\033[0;39m for \033[1;33m$druntime\033[0;39m /\033[1;33m$zzztime\033[0;39m min (\033[1;33m$leftime\033[0;39m left)
| NOTE: Only one debug at the time is possible! Command ignored.
| Use \033[1;33m./p2partisan.sh debug-display\033[0;39m to show the debug information
+---------------------------------------------------------------+" ; exit
fi
if [ -z $2 ]; then
minutes=15
time=900
elif [[ $2 -gt 120 ]] || [[ $2 -eq 0 ]]; then
echo "| Please specify an acceptable time: 1 to 60 (min). If omitted 15 will be used
| Debug NOT enabled. Exiting...
+---------------------------------------------------------------+" ; exit
else
minutes=$2
time=` echo $(( $2 * 60 ))`
fi
if [[ $q -eq 2 ]]; then
if [ -z $greyports_tcp ] || [ -z $greyports_udp ]; then
echo -e "| It appears like you have no greyport set. This function due to the potential amount
| of logging involved requires the both greyports_tcp and greyports_udp to be set
| if unsure on what ports to use, try to run \033[1;33m./p2partisan.sh detective\033[0;39m
+---------------------------------------------------------------+"
exit
fi
echo "# $now
iptables -I P2PARTISAN-DROP-IN 1 -p tcp --sport $greyports_tcp -j DROP
iptables -I P2PARTISAN-DROP-IN 1 -p udp --sport $greyports_udp -j DROP
iptables -I P2PARTISAN-DROP-IN 1 -p tcp --dport $greyports_tcp -j DROP
iptables -I P2PARTISAN-DROP-IN 1 -p udp --dport $greyports_udp -j DROP
iptables -I P2PARTISAN-DROP-OUT 1 -p tcp --sport $greyports_tcp -j DROP
iptables -I P2PARTISAN-DROP-OUT 1 -p udp --sport $greyports_udp -j DROP
iptables -I P2PARTISAN-DROP-OUT 1 -p tcp --dport $greyports_tcp -j DROP
iptables -I P2PARTISAN-DROP-OUT 1 -p udp --dport $greyports_udp -j DROP
iptables -I P2PARTISAN-DROP-IN 5 -j LOG --log-prefix 'P2Partisan-DEBUG-IN->> ' --log-level 1
iptables -I P2PARTISAN-DROP-OUT 5 -j LOG --log-prefix 'P2Partisan-DEBUG-OUT->> ' --log-level 1" > ./iptables-debug
chmod 777 ./iptables-debug > /dev/null 2>&1
plog "Reverse Debug started for for $minutes minute"
./iptables-debug 1>/dev/null &
echo -e "| Enabled full debug logging for all the LAN IPs for \033[1;32m$minutes\033[0;39m minutes
| This excludes the greyports_tcp $greyports_tcp and greyports_udp $greyports_udp
| Use \033[1;33m./p2partisan.sh debug-display\033[0;39m to show the debug information
+---------------------------------------------------------------+"
echo "# $now
sleep $time
iptables -D P2PARTISAN-DROP-IN -p tcp -m tcp --sport $greyports_tcp -j DROP
iptables -D P2PARTISAN-DROP-IN -p udp -m udp --sport $greyports_udp -j DROP
iptables -D P2PARTISAN-DROP-IN -p tcp -m tcp --dport $greyports_tcp -j DROP
iptables -D P2PARTISAN-DROP-IN -p udp -m udp --dport $greyports_udp -j DROP
iptables -D P2PARTISAN-DROP-OUT -p tcp -m tcp --sport $greyports_tcp -j DROP
iptables -D P2PARTISAN-DROP-OUT -p udp -m udp --sport $greyports_udp -j DROP
iptables -D P2PARTISAN-DROP-OUT -p tcp -m tcp --dport $greyports_tcp -j DROP
iptables -D P2PARTISAN-DROP-OUT -p udp -m udp --dport $greyports_udp -j DROP
iptables -D P2PARTISAN-DROP-IN -j LOG --log-prefix 'P2Partisan-DEBUG-IN->> ' --log-level 1
iptables -D P2PARTISAN-DROP-OUT -j LOG --log-prefix 'P2Partisan-DEBUG-OUT->> ' --log-level 1" > ./iptables-debug-del
chmod 777 ./iptables-debug-del 2> /dev/null
./iptables-debug-del 1>/dev/null &
else
echo "# $now
iptables -I P2PARTISAN-DROP-IN 1 -d $1 -j LOG --log-prefix \"P2Partisan-DEBUG-IN->> \" --log-level 1 > /dev/null 2>&1
iptables -I P2PARTISAN-DROP-OUT 1 -s $1 -j LOG --log-prefix \"P2Partisan-DEBUG-OUT->> \" --log-level 1 > /dev/null 2>&1" > ./iptables-debug
chmod 777 ./iptables-debug > /dev/null 2>&1
plog "Debug started for IP $1 for $minutes minute"
./iptables-debug 1>/dev/null &
echo -e "| Enabled full debug logging for LAN IP \033[1;32m$1\033[0;39m for \033[1;32m$minutes\033[0;39m minutes
| Use \033[1;33m./p2partisan.sh debug-display\033[0;39m to show the debug information
+---------------------------------------------------------------+"
echo "# $now
sleep $time
iptables -D P2PARTISAN-DROP-IN -d $1 -j LOG --log-prefix \"P2Partisan-DEBUG-IN->> \" --log-level 1 > /dev/null 2>&1
iptables -D P2PARTISAN-DROP-OUT -s $1 -j LOG --log-prefix \"P2Partisan-DEBUG-OUT->> \" --log-level 1 > /dev/null 2>&1" > ./iptables-debug-del
chmod 777 ./iptables-debug-del 2> /dev/null
./iptables-debug-del 1>/dev/null &
fi
}
pdebugdisplay() {
echo -e "
+------------------------- P2Partisan --------------------------+
_____ __ __ __ __
| \.-----.| |--.--.--.-----.______.--| |__|.-----.-----.| |.---.-.--.--.
| -- | -__|| _ | | | _ |______| _ | ||__ --| _ || || _ | | |
|_____/|_____||_____|_____|___ | |_____|__||_____| __||__||___._|___ |
|_____| |__| |_____|
+---------------------------------------------------------------+
| p2partisan.sh debug-display Displays in & outbound debug logs
| p2partisan.sh debug-display in Displays inbound debug logs only
| p2partisan.sh debug-display out Displays outbound debug logs only
+-------------------------- Drop Logs --------------------------+"
dfrom=`head -1 ./iptables-debug 2> /dev/null | awk '{print $2}'`
druntime=`echo $(( $now - $dfrom ))`
h=`echo $((( $druntime / 3600 ) %24 ))`
m=`echo $((( $druntime / 60 ) %60 ))`
s=`echo $(( $druntime %60 ))`
druntime=`printf "%02d:%02d:%02d\n" $h $m $s`
dendtime=`head -2 ./iptables-debug-del | tail -n 1 | awk '{print $2}'`
ttime=`echo $(( $dendtime / 60 ))`
ttime=`echo $(( $dfrom + $dendtime ))`
leftime=`echo $(( $ttime - $now ))`
m=`echo $((( $leftime / 60 ) %60 ))`
s=`echo $(( $leftime %60 ))`
leftime=`printf "%02d:%02d:%02d\n" $h $m $s`
zzztime=`echo $(( $dendtime / 60 ))`
c=0
rm ./debug.rev > /dev/null 2>&1
tail -800 $logfile | grep -i "P2Partisan" > ./debug.log
cat ./debug.log | sed '1!G;h;$!d' |
(
while read line
do
testo=`echo $line | grep "Debug started for IP" | wc -l`
if [[ $testo -ge 1 ]]; then
echo $line >> ./debug.rev
cat ./debug.rev | sed '1!G;h;$!d' > ./debug.log
rm ./debug.rev > /dev/null 2>&1
exit
else
echo $line >> ./debug.rev
fi
done
)
if [ -z $1 ]; then
echo -e "\033[48;5;89m+----------------------- INPUT & OUTPUT ------------------------+\033[0m"
head -1 ./debug.log
cat ./debug.log | grep "DEBUG-" | awk '{printf "%s %s %s ",$1,$2,$3;for (i=4;i<=NF;i++) if ($i~/(IN|OUT|SRC|DST|PROTO|SPT|DPT)=/) printf "%s ",$i;print ""}' | sed -e 's/PROTO=//g' -e 's/IN=/I=/g' -e 's/OUT=/O=/g' -e 's/SPT=/S=/g' -e 's/DPT=/D=/g' -e 's/SRC=/S=/g' -e 's/DST=/D=/g' | while read line; do
[ $(($c%2)) -eq 1 ] && printf "\e[100m"
printf "%s\033[0m\n" "$line"
c=$(($c+1))
done
fc=`iptables -L P2PARTISAN-DROP-IN | grep DEBUG | wc -l`
if [[ $fc -ge 1 ]]; then
echo -e "\e[93mNOTE: debugging is active for $druntime /$zzztime min ($leftime left). Run this command again to update the report\033[0m"
fi
echo -e "\033[48;5;89m+----------------------- INPUT & OUTPUT ------------------------+\033[0m"
elif [[ $1 = "in" ]]; then
echo -e "\033[48;5;89m+--------------------------- INPUT -----------------------------+\033[0m"
head -1 ./debug.log
cat ./debug.log | grep "DEBUG-IN" | awk '{printf "%s %s %s ",$1,$2,$3;for (i=4;i<=NF;i++) if ($i~/(IN|OUT|SRC|DST|PROTO|SPT|DPT)=/) printf "%s ",$i;print ""}' | sed -e 's/PROTO=//g' -e 's/IN=/I=/g' -e 's/OUT=/O=/g' -e 's/SPT=/S=/g' -e 's/DPT=/D=/g' -e 's/SRC=/S=/g' -e 's/DST=/D=/g' | while read line; do
[ $(($c%2)) -eq 1 ] && printf "\e[100m"
printf "%s\033[0m\n" "$line"
c=$(($c+1))
done
fc=`iptables -L P2PARTISAN-DROP-IN | grep DEBUG | wc -l`
if [[ $fc -ge 1 ]]; then
echo -e "\e[93mNOTE: debugging is active for $druntime /$zzztime min ($leftime left). Run this command again to update the report\033[0m"
fi
echo -e "\033[48;5;89m+--------------------------- INPUT -----------------------------+\033[0m"
elif [[ $1 = "out" ]]; then
echo -e "\033[48;5;89m+--------------------------- OUTPUT ----------------------------+\033[0m"
head -1 ./debug.log
cat ./debug.log | grep "DEBUG-OUT" | awk '{printf "%s %s %s ",$1,$2,$3;for (i=4;i<=NF;i++) if ($i~/(IN|OUT|SRC|DST|PROTO|SPT|DPT)=/) printf "%s ",$i;print ""}' | sed -e 's/PROTO=//g' -e 's/IN=/I=/g' -e 's/OUT=/O=/g' -e 's/SPT=/S=/g' -e 's/DPT=/D=/g' -e 's/SRC=/S=/g' -e 's/DST=/D=/g' | while read line; do
[ $(($c%2)) -eq 1 ] && printf "\e[100m"
printf "%s\033[0m\n" "$line"
c=$(($c+1))
done
fc=`iptables -L P2PARTISAN-DROP-IN | grep DEBUG | wc -l`
if [[ $fc -ge 1 ]]; then
echo -e "\e[93mNOTE: debugging is active for $druntime /$zzztime min ($leftime left). Run this command again to update the report\033[0m"
fi
echo -e "\033[48;5;89m+--------------------------- OUTPUT ----------------------------+\033[0m"
fi
echo -e "+---------------------------------------------------------------+"
}
pwhitelist() {
ipset -F whitelist
[ -f ./whitelist ] && cat ./whitelist | grep -Ev "^#|^$" | tr -d "\r" |
(
while read IP
do
q=100
echo "$IP" | grep -E "(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])" >/dev/null 2>&1 && q=1
echo "$IP" | grep -Eo "([2][5][0-5].|[2][0-4][0-9].|[1][0-9][0-9].|[0-9][0-9].|[0-9].)([2][0-5][0-5].|[2][0-4][0-9].|[1][0-9][0-9].|[0-9][0-9].|[0-9].)([2][0-5][0-5].|[2][0-4][0-9].|[1][0-9][0-9].|[0-9][0-9].|[0-9].)([2][0-5][0-5]|[2][0-4][0-9]|[1][0-9][0-9]|[0-9][0-9]|[0-9])" >/dev/null 2>&1 && q=0
echo "$IP" | grep -Eo "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$" >/dev/null 2>&1 && q=3
echo "$IP" | awk '{print $2}' | grep -E '^(http)' >/dev/null 2>&1 && q=4
if [[ $q -eq 0 ]]; then
ipset -A whitelist $IP 2> /dev/null
elif [[ $q -eq 1 ]]; then
nslookup $IP | grep "Address [0-9]*:" | grep -v 127.0.0.1 | grep -v "\:\:" | grep -Eo "([0-9\.]{7,15})" |
while read IPO
do
ipset -A whitelist $IPO 2> /dev/null
done
elif [[ $q -eq 3 ]]; then
ipset -A whitelist $IP 2> /dev/null
elif [[ $q -eq 4 ]]; then
name=`echo $IP | awk '{print $1}'`
url=`echo $IP | awk '{print $2}'`
[ -e $name.lst ] || wget -q -O - "$url" | \
gunzip | cut -d: -f2 > $name.lst
for IPO in $(cat $name.lst)
do
ipset -A whitelist $IPO 2> /dev/null
done
fi
done
)
}
pblacklistcustom() {
ipset -F blacklist-custom
[ -f ./blacklist-custom ] && cat ./blacklist-custom | grep -Ev "^#|^$" | tr -d "\r" |
(
while read IP
do
q=100
echo "$IP" | grep -E "(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])" >/dev/null 2>&1 && q=1
echo "$IP" | grep -Eo "([2][5][0-5].|[2][0-4][0-9].|[1][0-9][0-9].|[0-9][0-9].|[0-9].)([2][0-5][0-5].|[2][0-4][0-9].|[1][0-9][0-9].|[0-9][0-9].|[0-9].)([2][0-5][0-5].|[2][0-4][0-9].|[1][0-9][0-9].|[0-9][0-9].|[0-9].)([2][0-5][0-5]|[2][0-4][0-9]|[1][0-9][0-9]|[0-9][0-9]|[0-9])" >/dev/null 2>&1 && q=0
echo "$IP" | grep -Eo "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$" >/dev/null 2>&1 && q=3
if [[ $q -eq 0 ]]; then
ipset -A blacklist-custom $IP 2> /dev/null
elif [[ $q -eq 1 ]]; then
nslookup $IP | grep "Address [0-9]*:" | grep -v 127.0.0.1 | grep -v "\:\:" | grep -Eo "([0-9\.]{7,15})" |
while read IPO
do
ipset -A blacklist-custom $IPO 2> /dev/null
done
elif [[ $q -eq 3 ]]; then
ipset -A blacklist-custom $IP 2> /dev/null
fi
done
)
}
pstart() {
if [[ $paranoiastuck -gt 1 ]]; then
punblock
fi
running4=`[ -f $pidfile ] && echo 1 || echo 0`
if [ $running4 -eq "0" ] ; then
[ -f /tmp/p2partisan.loading ] && echo "P2Partisan is still loading. Exiting..." && exit
touch /tmp/p2partisan.loading
/bin/ntpsync > /dev/null 2>&1
pre=`date +%s`
sleep 1
echo $$ > $pidfile
[ -e iptables-add ] && rm iptables-add
[ -e iptables-del ] && rm iptables-del
[ -e ipset-del ] && rm ipset-del
echo -e "
+------------------------- P2Partisan --------------------------+
| _______ __ __
| | __| |_.---.-.----.| |_
| |__ | _| _ | _|| _|
| |_______|____|___._|__| |____|
|
+---------------------------------------------------------------+
+--------- PREPARATION --------"
echo "| Loading the ipset modules"
lsmod | awk '{print $1}' | grep "ip_set" > /dev/null 2>&1 || insmod ip_set
lsmod | awk '{print $1}' | grep "ip_set_iptreemap" > /dev/null 2>&1 || insmod ip_set_iptreemap
lsmod | awk '{print $1}' | grep "ipt_set" > /dev/null 2>&1 || insmod ipt_set
counter=0
pos=1
echo "+---- CUSTOM IP BLACKLIST -----
| preparing blacklist-custom ..."
echo "| Loading blacklist #$counter --> ***Custom IP blacklist***"
if [ "$(ipset --swap blacklist-custom blacklist-custom 2>&1 | grep 'Unknown set')" != "" ]
then
ipset --create blacklist-custom iptreemap > /dev/null 2>&1
fi
pblacklistcustom
[ -e /tmp/iptables-add.tmp ] && rm /tmp/iptables-add.tmp > /dev/null 2>&1
echo "+--------- GREYPORTs ----------"
echo $greyports_tcp | awk -v RS=',' -F : '{ gsub(/\n$/, "") } NF > 1 { r=(r ? r "," : "") $0; if (r ~ /([^,]*,){6}/) { print r; r=""; } next } { s=(s ? s "," : "") $0; if (s ~ /([^,]*,){14}/) { print s; s=""; } } END { if (r && s) { p = r "," s; if (p !~ /([^,:]*[:,]){15}/) { print p; r=s="" } } if (r) print r ; if (s) print s }' | while read w; do
echo "| Loading grey TCP ports $w"
echo "iptables -A P2PARTISAN-IN -i $wanif -p tcp --match multiport --dports $w -g P2PARTISAN-LISTS-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -o $wanif -p tcp --match multiport --sports $w -g P2PARTISAN-LISTS-OUT 2> /dev/null" >> /tmp/iptables-add.tmp
done
echo $greyports_udp | awk -v RS=',' -F : '{ gsub(/\n$/, "") } NF > 1 { r=(r ? r "," : "") $0; if (r ~ /([^,]*,){6}/) { print r; r=""; } next } { s=(s ? s "," : "") $0; if (s ~ /([^,]*,){14}/) { print s; s=""; } } END { if (r && s) { p = r "," s; if (p !~ /([^,:]*[:,]){15}/) { print p; r=s="" } } if (r) print r ; if (s) print s }' | while read w; do
echo "| Loading grey UDP ports $w"
echo "iptables -A P2PARTISAN-IN -i $wanif -p udp --match multiport --dports $w -g P2PARTISAN-LISTS-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -o $wanif -p udp --match multiport --sports $w -g P2PARTISAN-LISTS-OUT 2> /dev/null" >> /tmp/iptables-add.tmp
done
# Get transmission port for greylisting if enabled
transmissionenable=`nvram get bt_enable`
if [ -z $transmissionenable ]; then
echo "| TransmissionBT: Not available"
elif [ "$transmissionenable" = "0" ]; then
echo "| TransmissionBT: Off"
elif [ "$transmissionenable" = "1" ]; then
echo "| TransmissionBT: On"
transmissionport=`nvram get bt_port 2> /dev/null`
wanip=`nvram get wan_ipaddr`
p3=`echo $greyports_tcp | grep -Eo '$transmissionport' | wc -l`
p4=`echo $greyports_udp | grep -Eo '$transmissionport' | wc -l`
if [ $p3 -eq "0" ]; then
echo "iptables -A P2PARTISAN-IN -i $wanif -p tcp -d $wanip --dport $transmissionport -g P2PARTISAN-LISTS-IN
iptables -A P2PARTISAN-OUT -o $wanif -p tcp -s $wanip --sport $transmissionport -g P2PARTISAN-LISTS-OUT
iptables -A P2PARTISAN-OUT -o $wanif -p tcp -s $wanip --sport 49152:65535 -g P2PARTISAN-LISTS-OUT" >> /tmp/iptables-add.tmp
fi
if [ $p4 -eq "0" ]; then
echo "iptables -A P2PARTISAN-IN -i $wanif -p udp -d $wanip --dport $transmissionport -g P2PARTISAN-LISTS-IN
iptables -A P2PARTISAN-OUT -o $wanif -p udp -s $wanip --sport $transmissionport -g P2PARTISAN-LISTS-OUT
iptables -A P2PARTISAN-OUT -o $wanif -p udp -s $wanip --sport 49152:65535 -g P2PARTISAN-LISTS-OUT" >> /tmp/iptables-add.tmp
fi
fi
echo "+--------- WHITEPORTs ---------"
echo $whiteports_tcp | awk -v RS=',' -F : '{ gsub(/\n$/, "") } NF > 1 { r=(r ? r "," : "") $0; if (r ~ /([^,]*,){6}/) { print r; r=""; } next } { s=(s ? s "," : "") $0; if (s ~ /([^,]*,){14}/) { print s; s=""; } } END { if (r && s) { p = r "," s; if (p !~ /([^,:]*[:,]){15}/) { print p; r=s="" } } if (r) print r ; if (s) print s }' | while read w; do
echo "| Loading white TCP ports $w"
echo "iptables -A P2PARTISAN-IN -i $wanif -p tcp --match multiport --sports $w -j RETURN 2> /dev/null
iptables -A P2PARTISAN-IN -i $wanif -p tcp --match multiport --dports $w -j RETURN 2> /dev/null
iptables -A P2PARTISAN-OUT -o $wanif -p tcp --match multiport --sports $w -j RETURN 2> /dev/null
iptables -A P2PARTISAN-OUT -o $wanif -p tcp --match multiport --dports $w -j RETURN 2> /dev/null" >> /tmp/iptables-add.tmp
done
echo $whiteports_udp | awk -v RS=',' -F : '{ gsub(/\n$/, "") } NF > 1 { r=(r ? r "," : "") $0; if (r ~ /([^,]*,){6}/) { print r; r=""; } next } { s=(s ? s "," : "") $0; if (s ~ /([^,]*,){14}/) { print s; s=""; } } END { if (r && s) { p = r "," s; if (p !~ /([^,:]*[:,]){15}/) { print p; r=s="" } } if (r) print r ; if (s) print s }' | while read w; do
echo "| Loading white UDP ports $w"
echo "iptables -A P2PARTISAN-IN -i $wanif -p udp --match multiport --sports $w -j RETURN 2> /dev/null
iptables -A P2PARTISAN-IN -i $wanif -p udp --match multiport --dports $w -j RETURN 2> /dev/null
iptables -A P2PARTISAN-OUT -o $wanif -p udp --match multiport --sports $w -j RETURN 2> /dev/null
iptables -A P2PARTISAN-OUT -o $wanif -p udp --match multiport --dports $w -j RETURN 2> /dev/null" >> /tmp/iptables-add.tmp
done
echo "iptables -A P2PARTISAN-IN -j P2PARTISAN-LISTS-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -j P2PARTISAN-LISTS-OUT 2> /dev/null" >> /tmp/iptables-add.tmp
echo "# $now
iptables -N P2PARTISAN-IN 2> /dev/null
iptables -N P2PARTISAN-OUT 2> /dev/null
iptables -N P2PARTISAN-LISTS-IN 2> /dev/null
iptables -N P2PARTISAN-LISTS-OUT 2> /dev/null
iptables -N P2PARTISAN-DROP-IN 2> /dev/null
iptables -N P2PARTISAN-DROP-OUT 2> /dev/null
iptables -F P2PARTISAN-IN 2> /dev/null
iptables -F P2PARTISAN-OUT 2> /dev/null
iptables -F P2PARTISAN-LISTS-IN 2> /dev/null
iptables -F P2PARTISAN-LISTS-OUT 2> /dev/null
iptables -F P2PARTISAN-DROP-IN 2> /dev/null
iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
iptables -A P2PARTISAN-IN -m set --set blacklist-custom src -j P2PARTISAN-DROP-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set blacklist-custom dst -j P2PARTISAN-DROP-OUT 2> /dev/null" > iptables-add
#Add winin/wanout. For P2Partisan-RMerlin compatibility only
if [ $rm -eq 1 ]; then
echo "iptables -N wanin" >> ./iptabled-add
echo "iptables -I FORWARD 1 -i $wanif -j wanin 2> /dev/null" >> ./iptabled-add
echo "iptables -N wanout" >> ./iptabled-add
echo "iptables -I FORWARD 2 -o $wanif -j wanout 2> /dev/null" >> iptables-add
fi
#
echo "# $now" >> iptables-del
[ -f ./custom-script-del ] && cat ./custom-script-del >> iptables-del
echo "iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN
iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT
iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN
iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT
iptables -F P2PARTISAN-DROP-IN
iptables -F P2PARTISAN-DROP-OUT
iptables -F P2PARTISAN-LISTS-IN
iptables -F P2PARTISAN-LISTS-OUT
iptables -F P2PARTISAN-IN
iptables -F P2PARTISAN-OUT
iptables -X P2PARTISAN-IN
iptables -X P2PARTISAN-OUT
iptables -X P2PARTISAN-LISTS-IN
iptables -X P2PARTISAN-LISTS-OUT
iptables -X P2PARTISAN-DROP-IN
iptables -X P2PARTISAN-DROP-OUT" >> iptables-del
echo "+--------- WHITE IPs ---------"
echo "| preparing IP whitelist ..."
#Load the whitelist
if [ "$(ipset --swap whitelist whitelist 2>&1 | grep 'Unknown set')" != "" ]
then
ipset --create whitelist iptreemap > /dev/null 2>&1
fi
pwhitelist
echo "# $now
ipset -F
ipset -X blacklist-custom
ipset -X whitelist" > ipset-del
echo "| Loading IP whitelist"
echo "iptables -A P2PARTISAN-IN -m set --set whitelist src -j RETURN > /dev/null 2>&1
iptables -A P2PARTISAN-IN -m set --set whitelist dst -j RETURN > /dev/null 2>&1
iptables -A P2PARTISAN-OUT -m set --set whitelist src -j RETURN > /dev/null 2>&1
iptables -A P2PARTISAN-OUT -m set --set whitelist dst -j RETURN > /dev/null 2>&1" >> iptables-add
cat /tmp/iptables-add.tmp >> iptables-add
rm /tmp/iptables-add.tmp > /dev/null 2>&1
if [ $syslogs -eq "1" ]; then
echo "iptables -A P2PARTISAN-DROP-IN -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Dropped IN >> \" --log-level 1 2> /dev/null
iptables -A P2PARTISAN-DROP-OUT -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Rejected OUT >> \" --log-level 1 2> /dev/null" >> iptables-add
fi
echo "iptables -A P2PARTISAN-DROP-IN -j DROP
iptables -A P2PARTISAN-DROP-OUT -j REJECT --reject-with icmp-admin-prohibited" >> iptables-add
echo "+------- IP BLACKLISTs -------"
cat blacklists | grep -Ev "^#|^$" | tr -d "\r" |
(
while read line
do
counter=`expr $counter + 1`
name=`echo $line | awk '{print $1}'`
url=`echo $line | awk '{print $2}'`
echo "| loading blacklist #$counter --> ***$name***"
if [ $fastroutine -eq "1" ]; then
if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
then
[ -e ./runtime ] && rm -f ./runtime 2> /dev/null
[ -e $name.gz ] || wget -q -O $name.gz "$url"
{ echo "-N $name iptreemap"
gunzip -c $name.gz | \
sed -e "/^[\t ]*#.*\|^[\t ]*$/d;s/^.*:/-A $name /" | \
grep -Ev '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)'
echo COMMIT
} | ipset -R
fi
else
if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
then
[ -e ./runtime ] && rm -f ./runtime 2> /dev/null
ipset --create $name iptreemap
[ -e $name.lst ] || wget -q -O - "$url" | gunzip | cut -d: -f2 | grep -E "^[-0-9.]+$" | grep -Ev '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' > $name.lst
for IP in $(cat $name.lst)
do
ipset -A $name $IP 2> /dev/null
done
fi
fi
echo "ipset -X $name " >> ipset-del
echo "iptables -A P2PARTISAN-LISTS-IN -m set --set $name src -j P2PARTISAN-DROP-IN 2> /dev/null
iptables -A P2PARTISAN-LISTS-OUT -m set --set $name dst -j P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-add
done
echo "iptables -A P2PARTISAN-LISTS-IN -i $wanif -j RETURN 2> /dev/null
iptables -A P2PARTISAN-LISTS-OUT -o $wanif -j RETURN 2> /dev/null" >> iptables-add
)
echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add
#Remove wanin/wanout. For P2Partisan-RMerlin compatibility only
if [ $rm -eq 1 ]; then
echo "iptables -F wanin 2> /dev/null" >> ./iptabled-del
echo "iptables -X wanin 2> /dev/null" >> ./iptabled-del
echo "iptables -D FORWARD -i $wanif -j wanin 2> /dev/null" >> ./iptable-del
echo "iptables -F wanout 2> /dev/null" >> ./iptabled-del
echo "iptables -X wanout 2> /dev/null" >> ./iptabled-del
echo "iptables -D FORWARD -o $wanif -j wanout 2> /dev/null" >> iptables-del
fi
#
[ -f ./custom-script-add ] && cat ./custom-script-add >> iptables-add
chmod 777 ./iptables-*
chmod 777 ./ipset-*
./iptables-add #protecting
plog "... P2Partisan started"
echo "+------------------------- Controls ----------------------------+"
p=`nvram get dnsmasq_custom | grep log-async | wc -l`
if [ $p -eq "1" ]; then
plog "log-async found under dnsmasq -> OK"
echo "+---------------------------------------------------------------+"
else
plog "
| It appears like you don't have a log-async parameter in your dnsmasq
| config. This is strongly suggested due to the amount of logs involved,
| especially while debugging to consider adding the following command
| under Advanced/DHCP/DNS/Dnsmasq Custom configuration:
|
| log-async=20
|
+---------------------------------------------------------------+"
fi
p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
if [ $p -eq "0" ] ; then
ptutorset
fi
punblock #remove paranoia DROPs if any
post=`date +%s`
runtime=`echo $(( $post - $pre ))`
[ -f ./runtime ] || echo $runtime > ./runtime
[ -f /tmp/p2partisan.loading ] && rm -r "/tmp/p2partisan.loading" >/dev/null 2>&1
else
echo -e "
+------------------------- P2Partisan --------------------------+
| _______ __ __
| | __| |_.---.-.----.| |_
| |__ | _| _ | _|| _|
| already |_______|____|___._|__| |____| ed
|
+---------------------------------------------------------------+
| It appears like P2Partisan is already running. Skipping...
|
| Is this is not what you expected? Try:
| \033[1;33m./p2partisan.sh update\033[0;39m
+---------------------------------------------------------------+
"
fi
}
for p in $1
do
case "$p" in
"start")
pstart
exit
;;
"stop")
pforcestop
exit
;;
"restart")
psoftstop
;;
"status")
pstatus
exit
;;
"pause")
psoftstop
exit
;;
"detective")
pdetective
exit
;;
"test")
ptest $2
exit
;;
"debug")
pdebug $2 $3
exit
;;
"debug-display")
pdebugdisplay $2
exit
;;
"update")
pforcestop
echo "| Now updating..."
;;
"paranoia-update")
echo -e "
+------------------------- P2Partisan --------------------------+
| ______ __
| | __ \.---.-.----.---.-.-----.-----.|__|.---.-.
| | __/| _ | _| _ | | _ || || _ |
| |___| |___._|__| |___._|__|__|_____||__||___._| update
|
+---------------------------------------------------------------+"
pblock
pforcestop
;;
"autorun-on")
pautorunset
exit
;;
"autorun-off")
pautorununset
exit
;;
"autoupdate-on")
pscheduleset
exit
;;
"autoupdate-off")
pscheduleunset
exit
;;
"tutor-on")
ptutorset
exit
;;
"tutor-off")
ptutorunset
exit
;;
"tutor")
ptutor
exit
;;
"upgrade")
pupgrade
;;
"upgrade-beta")
pupgradebeta
;;
"help")
version=`head -3 ./p2partisan.sh | tail -1 | cut -f 3- -d " "`
echo -e "\033[48;5;60m
______ ______ ______ __ __
| __ \__ | __ \.---.-.----.| |_|__|.-----.---.-.-----.
| __/ __| __/| _ | _|| _| ||__ --| _ | |
|___| |______|___| |___._|__| |____|__||_____|___._|__|__| $version
\e[39m\e[49m
help Display this text
\e[97mstart Starts the process (this runs also if no option is provided)
stop Stops P2Partisan
restart Soft restart, updates whiteports & whitelist only
pause Soft stop P2Partisan allowing for quick start
update Hard restart, slow removes p2partisan, updates
the lists and does a fresh start
paranoia-update Like update but blocks any new connection until
P2Partisan is running again\e[39m
status Display P2Partisan running status + extra info
\e[93mtest Verify existence of the given IP against lists
debug Shows a guide on how to operate debug
debug-display Shows all the logs relevant to the last debug only
detective Determines highest impact IPs:ports (number of sessions)
\e[36mautorun-on Sets P2Partisan to boot with the router
autorun-off Sets P2Partisan not to boot with the router
autoupdate-on Sets automatic weekly updates to on
autoupdate-off Sets automatic weekly updates to off
tutor-on Sets hourly running-status checks to on
tutor-off Sets hourly running-status checks to off
upgrade Download and install the latest P2Partisan\e[39m
"
exit
;;
*)
echo "parameter not valid. please run:
p2partisan.sh help
"
exit
;;
esac
done
pstart
exit