eibgrad

merlin-ovpn-lan2wan-71993.sh

Oct 13th, 2021 (edited)
642
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2. # version: 2.4.2, 23-oct-2021, by eibgrad
  3. # href: https://tinyurl.com/yrarw2m9
  4.  
  5. unset DEBUG LOG_QUERIES SAVE_RESOLVED
  6. # ------------------------------ BEGIN OPTIONS ------------------------------- #
  7.  
  8. DEBUG= # uncomment/comment to enable/disable debug mode
  9.  
  10. # destination domains to be routed through wan
  11. DOMAINS='
  12. ipchicken.com
  13. netflix.com
  14. nflxext.com
  15. nflximg.net
  16. nflxso.net
  17. nflxvideo.net
  18. '
  19.  
  20. # source ip(s)/network(s) to be routed to destination domains
  21. SOURCES='
  22. 192.168.1.7
  23. 192.168.1.10
  24. 192.168.1.128/27
  25. '
  26. # uncomment/comment to route all/select sources to destination domains
  27. SOURCES='0.0.0.0/0'
  28.  
  29. #LOG_QUERIES= # uncomment/comment to enable/disable logging of dns queries
  30.  
  31. #SAVE_RESOLVED= # uncomment/comment to save/not-save resolved domains
  32.  
  33. # ------------------------------- END OPTIONS -------------------------------- #
  34.  
  35. # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
  36.  
  37. IPSET_HOSTS='lan2wan'
  38. IPSET_HOSTS_SAVE="/jffs/services-stop.$IPSET_HOSTS.ipset"
  39.  
  40. CONFIGS_DIR='/jffs/configs'; mkdir -p $CONFIGS_DIR
  41. SCRIPTS_DIR='/jffs/scripts'; mkdir -p $SCRIPTS_DIR
  42.  
  43. # ------------------------- begin dnsmasq.conf.add --------------------------- #
  44. CONFIG="$CONFIGS_DIR/dnsmasq.conf.add"
  45.  
  46. create_config() {
  47. local n dom str
  48. > $CONFIG
  49. [ ${LOG_QUERIES+x} ] && echo 'log-queries=extra' >> $CONFIG
  50. for dom in $DOMAINS; do
  51.     if [ $((n++ % 5)) -eq 0 ]; then
  52.         [ "$str" ] && echo "$str/$IPSET_HOSTS" >> $CONFIG
  53.         str='ipset='
  54.     fi
  55.     str="$str/$dom"
  56. done
  57. [ "$str" ] && echo "$str/$IPSET_HOSTS" >> $CONFIG
  58. }
  59.  
  60. if [ -f $CONFIG ]; then
  61.     echo "error: $CONFIG already exists; requires manual installation"
  62. else
  63.     create_config
  64.     echo "installed: $CONFIG"
  65. fi
  66. # -------------------------- end dnsmasq.conf.add ---------------------------- #
  67.  
  68. # -------------------------- begin firewall-start ---------------------------- #
  69. SCRIPT="$SCRIPTS_DIR/firewall-start"
  70.  
  71. create_script() {
  72. cat << "EOF" > $SCRIPT
  73. #!/bin/sh
  74. set -x # uncomment/comment to enable/disable debug mode
  75. {
  76. FW_MARK=0x10000/0x10000
  77. if ipset -N $IPSET_HOSTS iphash -q; then
  78.     if [ -f $IPSET_HOSTS_SAVE ]; then
  79.         ipset -X $IPSET_HOSTS
  80.         ipset restore -f $IPSET_HOSTS_SAVE
  81.     fi
  82. fi
  83. for src in $SOURCES; do
  84.     iptables -t mangle -I PREROUTING -s $src \
  85.         -m set --match-set $IPSET_HOSTS dst -j RETURN
  86.     iptables -t mangle -I PREROUTING -s $src \
  87.         -m set --match-set $IPSET_HOSTS dst -j MARK --set-mark $FW_MARK
  88. done
  89. ip rule del fwmark $FW_MARK prio 10 table main 2>/dev/null
  90. ip rule add fwmark $FW_MARK prio 10 table main
  91. ip route flush cache
  92. for i in 1 2 3 4 5; do $SCRIPTS_DIR/openvpn-event $i; done
  93. exit 0
  94. } 2>&1 | logger -t $(basename $0)[$$]
  95. EOF
  96. [ ${DEBUG+x} ] || sed -ri 's/^(set -x)/#\1/g' $SCRIPT
  97. sed -e "s:\$SCRIPTS_DIR:$SCRIPTS_DIR:g" \
  98.     -e "s:\$IPSET_HOSTS_SAVE:$IPSET_HOSTS_SAVE:g" \
  99.     -e "s:\$IPSET_HOSTS:$IPSET_HOSTS:g" \
  100.     -e "s:\$SOURCES:$(echo $SOURCES | sed 's/\n/ /g'):g" \
  101.     -i $SCRIPT
  102. chmod +x $SCRIPT
  103. }
  104.  
  105. if [ -f $SCRIPT ]; then
  106.     echo "error: $SCRIPT already exists; requires manual installation"
  107. else
  108.     create_script
  109.     echo "installed: $SCRIPT"
  110. fi
  111. # --------------------------- end firewall-start ----------------------------- #
  112.  
  113. # --------------------------- begin openvpn-event ---------------------------- #
  114. SCRIPT="$SCRIPTS_DIR/openvpn-event"
  115.  
  116. create_script() {
  117. cat << "EOF" > $SCRIPT
  118. #!/bin/sh
  119. set -x # uncomment/comment to enable/disable debug mode
  120. {
  121. [ $dev ] && { [[ ${dev:0:4} == 'tun1' && $script_type == 'route-up' ]] || exit 0; }
  122. [ $dev ] && CID=${dev:4:1} || CID=$1
  123. iptables -t nat -vnL | grep -q DNSVPN${CID} || exit 0
  124. iptables -t nat -vnL DNSVPN${CID} | grep -q 'WEBSTR' && exit 0
  125. while read line; do
  126.     for dom in $(echo $line | awk -F/ '/^ipset=/{$1=$(NF)=""; print $0}'); do
  127.         iptables -t nat -I DNSVPN${CID} -p tcp -m webstr --url "$dom" -j ACCEPT
  128.         str=''
  129.         for d in ${dom//./ }; do str="$str|$(printf '%.2x' ${#d})|$d"; done
  130.         iptables -t nat -I DNSVPN${CID} -p udp -m string --icase \
  131.             --hex-string "$str" --algo bm -j ACCEPT
  132.     done
  133. done < $CONFIGS_DIR/dnsmasq.conf.add
  134. exit 0
  135. } 2>&1 | logger -t $(basename $0)[$$]
  136. EOF
  137. [ ${DEBUG+x} ] || sed -ri 's/^(set -x)/#\1/g' $SCRIPT
  138. sed -i "s:\$CONFIGS_DIR:$CONFIGS_DIR:g" $SCRIPT
  139. chmod +x $SCRIPT
  140. }
  141.  
  142. if [ -f $SCRIPT ]; then
  143.     echo "error: $SCRIPT already exists; requires manual installation"
  144. else
  145.     create_script
  146.     echo "installed: $SCRIPT"
  147. fi
  148. # ---------------------------- end openvpn-event ----------------------------- #
  149.  
  150. # --------------------------- begin services-stop ---------------------------- #
  151. SCRIPT="$SCRIPTS_DIR/services-stop"
  152.  
  153. create_script() {
  154. cat << "EOF" > $SCRIPT
  155. #!/bin/sh
  156. set -x # uncomment/comment to enable/disable debug mode
  157. {
  158. tempf=/tmp/$(basename $IPSET_HOSTS_SAVE)
  159. ipset save $IPSET_HOSTS > $tempf 2>/dev/null || exit 0
  160. [ -f $IPSET_HOSTS_SAVE ] && \
  161.     [ $(wc -l < $tempf) -eq $(wc -l < $IPSET_HOSTS_SAVE) ] && exit 0
  162. cp $tempf $IPSET_HOSTS_SAVE
  163. exit 0
  164. } 2>&1 | logger -t $(basename $0)[$$]
  165. EOF
  166. [ ${DEBUG+x} ] || sed -ri 's/^(set -x)/#\1/g' $SCRIPT
  167. sed -e "s:\$IPSET_HOSTS_SAVE:$IPSET_HOSTS_SAVE:g" \
  168.     -e "s:\$IPSET_HOSTS:$IPSET_HOSTS:g" \
  169.     -i $SCRIPT
  170. chmod +x $SCRIPT
  171. }
  172.  
  173. if [ ${SAVE_RESOLVED+x} ]; then
  174.     if [ -f $SCRIPT ]; then
  175.         echo "error: $SCRIPT already exists; requires manual installation"
  176.     else
  177.         create_script
  178.         echo "installed: $SCRIPT"
  179.     fi
  180. fi
  181. # ---------------------------- end services-stop ----------------------------- #
RAW Paste Data