API tools faq
paste
Ubeavis

afterFW_script

Ubeavis
Aug 24th, 2017
558
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.88 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. # iptables -t raw -I PREROUTING -i ppp0 -m set --match-set BLACKLIST src -j DROP
  4.  
  5. iptables -t raw -N checkppp
  6. # this one is for HTTP/S RST and for HTTP "warning.rt.ru" - in RAW table
  7. # iptables -t raw -N checkflagrt
  8. # iptables -t raw -N checkflaghttp
  9. # iptables -t raw -N checkflagttl
  10. #ниже идут правила для RT
  11. # iptables -t raw -I checkflaghttp -m u32 --u32 "0x73=0x7761726e&&0x77=0x696e672e&&0x7B=0x72742e72" -j DROP
  12. # iptables -t raw -A checkflagttl -m ttl --ttl 58 -j DROP
  13. # iptables -t raw -A checkflagttl -m ttl --ttl 57 -j DROP
  14. # iptables -t raw -A checkflagrt -m u32 --u32 "0x1E&0xFFFF=0x5004" -j checkflagttl
  15. # iptables -t raw -A checkflagrt -m u32 --u32 "0x1E&0xFFFF=0x5010" -j checkflaghttp
  16. # iptables -t raw -I checkppp -m u32 --u32 "0x4=0x10000" -j checkflagrt
  17.  
  18.  
  19. # здесь правила для DOMRU пока только IPv4
  20. iptables -t raw -I checkppp -m u32 --u32 "0x4=0xd4310000" -j DROP
  21.  
  22. # ICMP filter rules
  23. iptables -t raw -N icmpcheck
  24. iptables -t raw -A icmpcheck -p icmp -m icmp --icmp-type 3/1 -j RETURN
  25. iptables -t raw -A icmpcheck -p icmp -m icmp --icmp-type 3/0 -j RETURN
  26. iptables -t raw -A icmpcheck -p icmp -m icmp --icmp-type 11/0 -j RETURN
  27. iptables -t raw -A icmpcheck -p icmp -m icmp --icmp-type 3/4 -j RETURN
  28. iptables -t raw -A icmpcheck -p icmp -m icmp --icmp-type 4/0 -j RETURN
  29. iptables -t raw -A icmpcheck -p icmp -m icmp --icmp-type 0 -j RETURN
  30. # iptables -t raw -A icmpcheck -p icmp -m icmp --icmp-type 8/0 -j RETURN
  31. iptables -t raw -A icmpcheck -p icmp -m icmp --icmp-type 12/0 -j RETURN
  32. iptables -t raw -A icmpcheck -j DROP
  33. iptables -t raw -I checkppp -p icmp -j icmpcheck
  34. iptables -t raw -I PREROUTING -i ppp0 -j checkppp
  35.  
  36. iptables -t nat -N fromlan
  37. iptables -t nat -N fromwan
  38. iptables -t nat -A PREROUTING -i ppp0 -j fromwan
  39. iptables -t nat -A PREROUTING -i br0 -j fromlan
  40. iptables -t nat -A fromwan -p tcp -m tcp --dport xx -j DNAT --to-destination 192.168.x
  41. iptables -t nat -A fromwan -p tcp -m tcp --dport xx -m set --match-set RT src -j DNAT --to-destination 192.168.x
  42. iptables -t nat -A fromwan -p tcp -m tcp --dport xx -m set --match-set GOOD src -j DNAT --to-destination 192.168.x
  43. iptables -t nat -A fromwan -p tcp -m tcp --dport xx -m set --match-set GOOD src -j DNAT --to-destination 192.168.x
  44. iptables -t nat -A fromwan -p tcp -m multiport --dports xx -m set --match-set GOOD src -j DNAT --to-destination 192.168.x
  45.  
  46. # DNS redirect to router
  47. iptables -t nat -A fromlan -p udp --dport 53 ! -d $(nvram get lan_ipaddr) -j DNAT --to $(nvram get lan_ipaddr)
  48.  
  49. # manual MSS clamp
  50. # iptables -t mangle -A FORWARD -o ppp0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
  51.  
  52. # this is prototype of BLACKLIST block
  53. iptables -N antibrut
  54. iptables -I INPUT 8 -m set --match-set BLACKLIST src -j DROP
  55. iptables -I INPUT 9 -s 80.234.104.158 -j DROP
  56. iptables -I INPUT 10 -p tcp -m multiport --dports 20,21,22,23,25,80,110,123,135,137,139,143,443,445,912 -j antibrut
  57. iptables -I INPUT 11 -p tcp -m multiport --dports 992,1080,3128,3389,4569,4786,5000,5357,5900,6588,8000,8080,8291,8443,8888 -j antibrut
  58. iptables -I INPUT 12 -p udp -m multiport --dports 53,69,111,123,135,137,139,161,162,389,500,2049,3133,4500,5060 -j antibrut
  59. iptables -I antibrut -j SET --add-set fuckup1 src --timeout 120
  60. iptables -I antibrut -m set --match-set fuckup1 src -j SET --add-set fuckup2 src --timeout 300
  61. iptables -I antibrut -m set --match-set fuckup2 src -j SET --add-set fuckup3 src --timeout 600
  62. iptables -I antibrut -m set --match-set fuckup3 src -j SET --add-set BLACKLIST src --timeout 864000
  63.  
  64. iptables -D INPUT 18
  65. iptables -D INPUT 17
  66. iptables -D INPUT 16
  67. iptables -D INPUT 15
  68. iptables -D INPUT 14
  69. iptables -D INPUT 13
  70.  
  71. iptables -D doslimit 6
  72. iptables -D doslimit 5
  73. iptables -D FORWARD 2
  74. iptables -D FORWARD 1
  75.  
  76. iptables -I FORWARD 3 -i br0 -j ACCEPT
  77. iptables -D FORWARD 6
  78.  
  79. # проброс портов из внутренней локалки провайдера - херим
  80. # iptables -t nat -D PREROUTING 3
  81. # проброс портов из морды роутера
  82. iptables -t nat -D PREROUTING 1
  83. # SNAT для внутренней сети провайдера - херим
  84. iptables -t nat -D POSTROUTING 2
  85.  
  86. # anti advertising script
  87. sleep 15
  88.  
  89. URLS=" \
  90. http://adaway.org/hosts.txt \
  91. https://hosts-file.net/.%5Cad_servers.txt \
  92. https://mirror.cedia.org.ec/malwaredomains/domains.hosts \
  93. http://winhelp2002.mvps.org/hosts.txt \
  94. https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext \
  95. https://www.malwaredomainlist.com/hostslist/hosts.txt \
  96. https://zeustracker.abuse.ch/blocklist.php?download=hostfile \
  97. https://zerodot1.gitlab.io/CoinBlockerLists/hosts \
  98. https://pastebin.com/raw/020v8jsu \
  99. /"
  100.  
  101. wget --user-agent="Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0" -T40 -q -O- $URLS | grep -v "^#" | cut -d "#" -f 1 | sed 's/127\.0\.0\.1/0\.0\.0\.0/' | grep "^0.0.0.0" | sed 's/ */ /g' | sed 's/\t/ /g' |sed 's/\r//' | cut -d " " -f 1,2 | tr A-Z a-z | sort | uniq > /tmp/hosts
  102. sed -i '/0.0.0.0 localhost/d' /tmp/hosts
  103. sed -i '/0.0.0.0 localhost.localdomain/d' /tmp/hosts
  104. sed -i '/0.0.0.0 s-ec.bstatic.com/d' /tmp/hosts
  105. sed -i '/0.0.0.0 t-ec.bstatic.com/d' /tmp/hosts
  106. sed -i '/0.0.0.0 cs715.wac.edgecastcdn.net/d' /tmp/hosts
  107. sed -i '/0.0.0.0 cs716.wac.edgecastcdn.net/d' /tmp/hosts
  108. sed -i '/0.0.0.0 tags.tiqcdn.com/d' /tmp/hosts
  109. sed -i '/0.0.0.0 ad.admitad.com/d' /tmp/hosts
  110. sed -i '/0.0.0.0 api.cc.skype.com/d' /tmp/hosts
  111. sed -i '/0.0.0.0 api.mcr.skype.com/d' /tmp/hosts
  112. sed -i '/0.0.0.0 api.skype.com/d' /tmp/hosts
  113. sed -i '/0.0.0.0 avatar.skype.com/d' /tmp/hosts
  114. sed -i '/0.0.0.0 b.config.skype.com/d' /tmp/hosts
  115. sed -i '/0.0.0.0 client-s.gateway.messenger.live.com/d' /tmp/hosts
  116. sed -i '/0.0.0.0 contacts.skype.com/d' /tmp/hosts
  117. sed -i '/0.0.0.0 dev.microsofttranslator.com/d' /tmp/hosts
  118. sed -i '/0.0.0.0 diagnostics.support.microsoft.akadns.net/d' /tmp/hosts
  119. sed -i '/0.0.0.0 diagnostics.support.microsoft.com/d' /tmp/hosts
  120. sed -i '/0.0.0.0 edge.skype.com/d' /tmp/hosts
  121. sed -i '/0.0.0.0 m.hotmail.com/d' /tmp/hosts
  122. sed -i '/0.0.0.0 mobile.pipe.aria.microsoft.com/d' /tmp/hosts
  123. sed -i '/0.0.0.0 msftncsi.com/d' /tmp/hosts
  124. sed -i '/0.0.0.0 msg.skype.com/d' /tmp/hosts
  125. sed -i '/0.0.0.0 next-services.apps.microsoft.com/d' /tmp/hosts
  126. sed -i '/0.0.0.0 nexus.officeapps.live.com/d' /tmp/hosts
  127. sed -i '/0.0.0.0 profile.skype.com/d' /tmp/hosts
  128. sed -i '/0.0.0.0 s.gateway.messenger.live.com/d' /tmp/hosts
  129. sed -i '/0.0.0.0 skype.net/d' /tmp/hosts
  130. sed -i '/0.0.0.0 ui.skype.com/d' /tmp/hosts
  131. sed -i '/0.0.0.0 visit.digidip.net/d' /tmp/hosts
  132. sed -i '/0.0.0.0 www.msftncsi.com/d' /tmp/hosts
  133. sed -i '/0.0.0.0 stat.online.sberbank.ru/d' /tmp/hosts
  134. sed -i '/0.0.0.0 s.click.aliexpress.com/d' /tmp/hosts
  135. sed -i '/0.0.0.0 star-mini.c10r.facebook.com/d' /tmp/hosts
  136. sed -i '/0.0.0.0 connect.facebook.net/d' /tmp/hosts
  137. sed -i '/0.0.0.0 graph.facebook.com/d' /tmp/hosts
  138. sed -i '/0.0.0.0 cdn.siftscience.com/d' /tmp/hosts
  139. sed -i '/0.0.0.0 ct.pinterest.com/d' /tmp/hosts
  140. sed -i '/0.0.0.0 api.pinterest.com/d' /tmp/hosts
  141. sed -i '/0.0.0.0 log.pinterest.com/d' /tmp/hosts
  142. sed -i '/0.0.0.0 widgets.pinterest.com/d' /tmp/hosts
  143. sed -i '/0.0.0.0 clck.yandex.ru/d' /tmp/hosts
  144. sed -i '/0.0.0.0 mc.yandex.ru/d' /tmp/hosts
  145. sed -i '/0.0.0.0 cdn.yandex.net/d' /tmp/hosts
  146. sed -i '/0.0.0.0 yandex.ru/d' /tmp/hosts
  147. sed -i '/0.0.0.0 money.yandex.ru/d' /tmp/hosts
  148. sed -i '/0.0.0.0 yastatic.net/d' /tmp/hosts
  149. sed -i '/0.0.0.0 analytics.mobile.yandex.net/d' /tmp/hosts
  150. sed -i '/0.0.0.0 informer.yandex.ru/d' /tmp/hosts
  151. sed -i '/0.0.0.0 r.mail.ru/d' /tmp/hosts
  152. sed -i '/0.0.0.0 c.fa.jd.com/d' /tmp/hosts
  153. sed -i '/0.0.0.0 whale.jd.com/d' /tmp/hosts
  154. sed -i '/0.0.0.0 saturn.jd.com/d' /tmp/hosts
  155. sed -i '/0.0.0.0 static.360buyimg.com/d' /tmp/hosts
  156. sed -i '/0.0.0.0 static.criteo.net/d' /tmp/hosts
  157. sed -i '/0.0.0.0 s.go-mpulse.net/d' /tmp/hosts
  158. sed -i '/0.0.0.0 ciuvo.com/d' /tmp/hosts
  159. sed -i '/0.0.0.0 gia.jd.com/d' /tmp/hosts
  160. sed -i '/0.0.0.0 t.paypal.com/d' /tmp/hosts
  161. sed -i '/0.0.0.0 b.stats.paypal.com/d' /tmp/hosts
  162. sed -i '/0.0.0.0 l.deals.ebay.com/d' /tmp/hosts
  163. sed -i '/0.0.0.0 stats.ebay.com/d' /tmp/hosts
  164. sed -i '/0.0.0.0 rover.ebay.com/d' /tmp/hosts
  165. sed -i '/0.0.0.0 ocsp.comodoca.com/d' /tmp/hosts
  166. sed -i '/0.0.0.0 ocsp.comodoca.com.edgesuite.net/d' /tmp/hosts
  167. sed -i '/0.0.0.0 a652.dscb.akamai.net/d' /tmp/hosts
  168. sed -i '/0.0.0.0 report-uri.cloudflare.com/d' /tmp/hosts
  169. sed -i '/0.0.0.0 www.ojrq.net/d' /tmp/hosts
  170. sed -i '/0.0.0.0 letyshops.com/d' /tmp/hosts
  171. sed -i '/0.0.0.0 rutracker.org/d' /tmp/hosts
  172. sed -i '/0.0.0.0 static.t-ru.org/d' /tmp/hosts
  173. sed -i '/0.0.0.0 rutrk.org/d' /tmp/hosts
  174. sed -i '/0.0.0.0 hdreactor.org/d' /tmp/hosts
  175. sed -i '/0.0.0.0 nnm-club.me/d' /tmp/hosts
  176. sed -i '/0.0.0.0 nnm-club.ws/d' /tmp/hosts
  177. sed -i '/0.0.0.0 nnmclub.to/d' /tmp/hosts
  178. sed -i '/0.0.0.0 nnm-club.lib/d' /tmp/hosts
  179. sed -i '/0.0.0.0 pochta.ru/d' /tmp/hosts
  180. sed -i '/0.0.0.0 www.pochta.ru/d' /tmp/hosts
  181. sed -i '/0.0.0.0 youtube.com/d' /tmp/hosts
  182. sed -i '/0.0.0.0 www.youtube.com/d' /tmp/hosts
  183. sed -i '/0.0.0.0 youtube-ui.l.google.com/d' /tmp/hosts
  184. sed -i '/0.0.0.0 www.google-analytics.com/d' /tmp/hosts
  185. sed -i '/0.0.0.0 www-google-analytics.l.google.com/d' /tmp/hosts
  186. sed -i '/0.0.0.0 ytstatic.l.google.com/d' /tmp/hosts
  187. sed -i '/0.0.0.0 google-analytics.com/d' /tmp/hosts
  188. sed -i '/0.0.0.0 ssl.google-analytics.com/d' /tmp/hosts
  189. sed -i '/0.0.0.0 ssl-google-analytics.l.google.com/d' /tmp/hosts
  190. sed -i '/0.0.0.0 connectivitycheck.gstatic.com/d' /tmp/hosts
  191. sed -i '/0.0.0.0 gstaticadssl.l.google.com/d' /tmp/hosts
  192. sed -i '/0.0.0.0 googleadapis.l.google.com/d' /tmp/hosts
  193. sed -i '/0.0.0.0 googlehosted.l.googleusercontent.com/d' /tmp/hosts
  194. sed -i '/0.0.0.0 photos-ugc.l.googleusercontent.com/d' /tmp/hosts
  195. sed -i '/0.0.0.0 redirector.gvt1.com/d' /tmp/hosts
  196. sed -i '/0.0.0.0 platform-lookaside.fbsbx.com/d' /tmp/hosts
  197. sed -i '/0.0.0.0 dualstack.com.imgix.map.fastly.net/d' /tmp/hosts
  198. sed -i '/0.0.0.0 massdrop-s3.imgix.net/d' /tmp/hosts
  199. sed -i '/0.0.0.0 badges.instagram.com/d' /tmp/hosts
  200. sed -i '/0.0.0.0 graph.instagram.com/d' /tmp/hosts
  201. sed -i '/0.0.0.0 ocsp.apple.com/d' /tmp/hosts
  202. sed -i '/0.0.0.0 world-gen.g.aaplimg.com/d' /tmp/hosts
  203. sed -i '/0.0.0.0 www.lightinthebox.com/d' /tmp/hosts
  204. sed -i '/0.0.0.0 c.media-amazon.com/d' /tmp/hosts
  205. sed -i '/0.0.0.0 m.media-amazon.com/d' /tmp/hosts
  206. sed -i '/0.0.0.0 autolinkmaker.itunes.apple.com/d' /tmp/hosts
  207. sed -i '/0.0.0.0 littlebuddy.apple.com/d' /tmp/hosts
  208. sed -i '/0.0.0.0 images-na.ssl-images-amazon.com/d' /tmp/hosts
  209. sed -i '/0.0.0.0 a.lmcdn.ru/d' /tmp/hosts
  210. sed -i '/0.0.0.0 d.gcdn.co/d' /tmp/hosts
  211. sed -i '/0.0.0.0 iam.gcdn.co/d' /tmp/hosts
  212. sed -i '/0.0.0.0 js-agent.newrelic.com/d' /tmp/hosts
  213. sed -i '/0.0.0.0 cdn.livechatinc.com/d' /tmp/hosts
  214. sed -i '/0.0.0.0 lu.api.mega.co.nz/d' /tmp/hosts
  215. sed -i '/0.0.0.0 www.ant.com/d' /tmp/hosts
  216. sed -i '/0.0.0.0 fresnel.vimeocdn.com/d' /tmp/hosts
  217. sed -i '/0.0.0.0 ocsp.digicert.com/d' /tmp/hosts
  218. sed -i '/0.0.0.0 cs9.wac.phicdn.net/d' /tmp/hosts
  219. sed -i '/0.0.0.0 secure.livechatinc.com/d' /tmp/hosts
  220. sed -i '/0.0.0.0 bitpay.com/d' /tmp/hosts
  221. sed -i '/0.0.0.0 cds.j3z9t3p6.hwcdn.net/d' /tmp/hosts
  222. sed -i '/0.0.0.0 app.getresponse.com/d' /tmp/hosts
  223. sed -i '/0.0.0.0 api.account.xiaomi.com/d' /tmp/hosts
  224. sed -i '/0.0.0.0 api.chat.xiaomi.net/d' /tmp/hosts
  225. sed -i '/0.0.0.0 api.d.xiaomi.com/d' /tmp/hosts
  226. sed -i '/0.0.0.0 api.device.xiaomi.net/d' /tmp/hosts
  227. sed -i '/0.0.0.0 api.hybrid.intl.xiaomi.com/d' /tmp/hosts
  228. sed -i '/0.0.0.0 api.micloud.xiaomi.net/d' /tmp/hosts
  229. sed -i '/0.0.0.0 api.miui.security.xiaomi.com/d' /tmp/hosts
  230. sed -i '/0.0.0.0 api.xmpush.xiaomi.com/d' /tmp/hosts
  231. sed -i '/0.0.0.0 app.chat.global.xiaomi.net/d' /tmp/hosts
  232. sed -i '/0.0.0.0 app.chat.xiaomi.net/d' /tmp/hosts
  233. sed -i '/0.0.0.0 app.market.xiaomi.com/d' /tmp/hosts
  234. sed -i '/0.0.0.0 app.migc.xiaomi.com/d' /tmp/hosts
  235. sed -i '/0.0.0.0 appstore.cdn.pandora.xiaomi.com/d' /tmp/hosts
  236. sed -i '/0.0.0.0 appstore.pandora.xiaomi.com/d' /tmp/hosts
  237. sed -i '/0.0.0.0 assistant.pandora.xiaomi.com/d' /tmp/hosts
  238. sed -i '/0.0.0.0 awssgp0-files.fds.api.xiaomi.com/d' /tmp/hosts
  239. sed -i '/0.0.0.0 bss.pandora.xiaomi.com/d' /tmp/hosts
  240. sed -i '/0.0.0.0 cc.sys.intl.xiaomi.com/d' /tmp/hosts
  241. sed -i '/0.0.0.0 cc2.sys.intl.xiaomi.com/d' /tmp/hosts
  242. sed -i '/0.0.0.0 ccc.sys.intl.xiaomi.com/d' /tmp/hosts
  243. sed -i '/0.0.0.0 cdn.fds.api.xiaomi.com/d' /tmp/hosts
  244. sed -i '/0.0.0.0 de.pandora.xiaomi.com/d' /tmp/hosts
  245. sed -i '/0.0.0.0 dvb.pandora.xiaomi.com/d' /tmp/hosts
  246. sed -i '/0.0.0.0 file.market.xiaomi.com/d' /tmp/hosts
  247. sed -i '/0.0.0.0 file.xmpush.xiaomi.com/d' /tmp/hosts
  248. sed -i '/0.0.0.0 find.api.micloud.xiaomi.net/d' /tmp/hosts
  249. sed -i '/0.0.0.0 galleryapi.micloud.xiaomi.net/d' /tmp/hosts
  250. sed -i '/0.0.0.0 global.search.xiaomi.net/d' /tmp/hosts
  251. sed -i '/0.0.0.0 hao.xiaomi.com/d' /tmp/hosts
  252. sed -i '/0.0.0.0 image.box.xiaomi.com/d' /tmp/hosts
  253. sed -i '/0.0.0.0 jellyfish.pandora.xiaomi.com/d' /tmp/hosts
  254. sed -i '/0.0.0.0 lbs.pandora.xiaomi.com/d' /tmp/hosts
  255. sed -i '/0.0.0.0 market.xiaomi.com/d' /tmp/hosts
  256. sed -i '/0.0.0.0 milink.pandora.xiaomi.com/d' /tmp/hosts
  257. sed -i '/0.0.0.0 mis.migc.xiaomi.com/d' /tmp/hosts
  258. sed -i '/0.0.0.0 mishop.cdn.pandora.xiaomi.com/d' /tmp/hosts
  259. sed -i '/0.0.0.0 mishop.pandora.xiaomi.com/d' /tmp/hosts
  260. sed -i '/0.0.0.0 mlog.search.xiaomi.net/d' /tmp/hosts
  261. sed -i '/0.0.0.0 o2o.api.xiaomi.com/d' /tmp/hosts
  262. sed -i '/0.0.0.0 pdc.micloud.xiaomi.net/d' /tmp/hosts
  263. sed -i '/0.0.0.0 register.xmpush.xiaomi.com/d' /tmp/hosts
  264. sed -i '/0.0.0.0 resolver.msg.xiaomi.net/d' /tmp/hosts
  265. sed -i '/0.0.0.0 sec-cdn.static.xiaomi.net/d' /tmp/hosts
  266. sed -i '/0.0.0.0 sec.resource.xiaomi.net/d' /tmp/hosts
  267. sed -i '/0.0.0.0 sfsapi.micloud.xiaomi.net/d' /tmp/hosts
  268. sed -i '/0.0.0.0 sgp.o2o.api.xiaomi.com/d' /tmp/hosts
  269. sed -i '/0.0.0.0 sgpac.account.xiaomi.com/d' /tmp/hosts
  270. sed -i '/0.0.0.0 shenghuo.xiaomi.com/d' /tmp/hosts
  271. sed -i '/0.0.0.0 starfish.pandora.xiaomi.com/d' /tmp/hosts
  272. sed -i '/0.0.0.0 thm.market.xiaomi.com/d' /tmp/hosts
  273. sed -i '/0.0.0.0 upgrade.mishop.pandora.xiaomi.com/d' /tmp/hosts
  274. sed -i '/0.0.0.0 userid.xiaomi.com/d' /tmp/hosts
  275. sed -i '/0.0.0.0 wallpaper.cdn.pandora.xiaomi.co/d' /tmp/hostsm
  276. sed -i '/0.0.0.0 wallpaper.pandora.xiaomi.com/d' /tmp/hosts
  277. sed -i '/0.0.0.0 wtradv.market.xiaomi.com/d' /tmp/hosts
  278. sed -i '/0.0.0.0 kssm.kuaipandata.com/d' /tmp/hosts
  279. sed -i '/0.0.0.0 a.app.qq.com/d' /tmp/hosts
  280. sed -i '/0.0.0.0 3gimg.qq.com/d' /tmp/hosts
  281. sed -i '/0.0.0.0 www.turkishạirlines.com/d' /tmp/hosts
  282. sed -i '/0.0.0.0 ɢoogle.com/d' /tmp/hosts
  283. sed -i '/0.0.0.0 secret.ɢoogle.com/d' /tmp/hosts
  284. sed -i '/0.0.0.0 myètherwället.com/d' /tmp/hosts
  285. sed -i '/0.0.0.0 mÿethèrwallét.com/d' /tmp/hosts
  286. sed -i '/0.0.0.0 a.radikal.ru/d' /tmp/hosts
  287. sed -i '/0.0.0.0 cstatic.weborama.fr/d' /tmp/hosts
  288. sed -i '/0.0.0.0 microsoftwindowsupdate.net/d' /tmp/hosts
  289. sed -i '/0.0.0.0 mediation.adnxs.com/d' /tmp/hosts
  290. sed -i '/0.0.0.0 pagead2.googlesyndication.com/d' /tmp/hosts
  291.  
  292. killall -SIGHUP dnsmasq
  293.  
  294.  
  295. # change HW_NAT UDP timings
  296. #hw_nat -T 1
  297. #hw_nat -U 5 1 5
  298.  
  299. #tc qdisc del dev ppp0 root
  300. #tc qdisc add dev ppp0 root fq_codel quantum 1506
  301.  
  302.  
  303. # HW QoS script v1.00
  304. #SVC_NAME="HW_QoS"
  305.  
  306. # IP's for prioritesation
  307. # Express - highest priority
  308. #IP_EXPR="192.168.1.215 192.168.1.100 192.168.1.221 192.168.1.173 192.168.1.74 192.168.1.101 192.168.1.169"
  309.  
  310. # Priority - high priority
  311. #IP_PRIO="192.168.1.123 192.168.1.212 192.168.1.127 192.168.1.238 192.168.1.203 192.168.1.83 192.168.1.28 192.168.1.74"
  312.  
  313. # Bulk - lower than normal
  314. #IP_BULK="192.168.1.34"
  315.  
  316. #logger -t "$SVC_NAME" "HW_QoS script started."
  317. #logger -t "$SVC_NAME" "Setting priorities:"
  318.  
  319. #qdma sch_rate 0 1 102400
  320.  
  321. # Pipe #8 - Priority Bulk
  322. #qdma sch 8 0
  323. #qdma rate 8 0 0 0 0
  324. #qdma m2q 4 8
  325. #logger -t "$SVC_NAME" "Priority Bulk(8) - firewall mark 4"
  326.  
  327. ## Pipe #9 - Priority Normal
  328. #qdma sch 9 0
  329. #qdma rate 9 0 0 0 0
  330. #qdma m2q 3 9
  331. #logger -t "$SVC_NAME" "Priority Normal(9) - firewall mark 3"
  332.  
  333. ## Pipe #10 - Priority Prio
  334. #qdma sch 10 0
  335. #qdma rate 10 0 0 0 0
  336. #qdma m2q 2 10
  337. #logger -t "$SVC_NAME" "Priority Prio(10) - firewall mark 2"
  338.  
  339. ## Pipe #11 - Priority Express
  340. #qdma sch 11 0
  341. #qdma rate 11 0 0 0 0
  342. #qdma m2q 1 11
  343. #logger -t "$SVC_NAME" "Priority Express(11) - firewall mark 1"
  344.  
  345. #logger -t "$SVC_NAME" "Creating iptables rules for marking packets"
  346.  
  347. # Create iptables chains
  348. #iptables -t mangle -F
  349. #iptables -t mangle -X
  350. #iptables -t mangle -N egress_chain
  351.  
  352. # Set up egress marking chain
  353. #iptables -t mangle -I PREROUTING -i br0 -j egress_chain
  354.  
  355. #mark_addr_out()
  356. # {
  357. # for ADDR in $1; do
  358. # iptables -t mangle -A egress_chain -s $ADDR -j MARK --set-mark $2
  359. # done
  360. # }
  361.  
  362. # Mark bulk packets based on source LAN ip address and port number
  363. # mark_addr_out "$IP_BULK" 4
  364.  
  365. # Mark prio packets based on source LAN ip address and port number
  366. # mark_addr_out "$IP_PRIO" 2
  367.  
  368. # Mark expr packets based on source LAN ip address and port number
  369. # mark_addr_out "$IP_EXPR" 1
  370.  
  371. #iptables -t mangle -A egress_chain -m mark --mark 0 -j CONNMARK --restore-mark
  372. #iptables -t mangle -A egress_chain -m mark --mark 0 -j MARK --set-mark 3
  373. #iptables -t mangle -A egress_chain -j CONNMARK --save-mark
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!