p2partisan 4.60

#!/bin/sh
#
# p2partisan v4.60 (06/03/2015)
#
# <CONFIGURATION> ###########################################
# Adjust location where the files are kept
P2Partisandir=/cifs1/p2partisan
#
# Edit the file "blacklists" to customise if needed
# Edit the "whitelist" to overwrite the blacklist if needed
#
# Enable logging? Use only for troubleshooting. 0=off 1=on
syslogs=1
# Maximum number of logs to be recorded in a given 60 min
# Consider set this very low (like 3 or 6) once your are
# happy with the installation. To troubleshoot blocked
# connection close all the secondary traffic e.g. p2p
# and try a connection to the blocked site/port you should
# find a reference in the logs.
maxloghour=1
#
# What do you want to block?
# 1) Input (Router only, running transmission?)
# 2) LAN (LAN clients only)
# 3) Both *default
protection=3
#
# ports to be whitelisted. Whitelisted ports will never be
# blocked no matter what the source/destination IP is.
# This is very important if you're running a service like
# e.g. SMTP/HTTP/IMAP/else. Separate value in the list below
# with commas - NOTE: Leave 80 and 443 untouched, add custom ports only
# you might want to add remote admin and VPN ports here if any.
# Standard iptables syntax, individual ports divided by "," and ":" to
# define a range e.g. 80,443,2100:2130. Do not whitelist you P2P client!
whiteports=21,25,44,53,80,123,443,993,1194:1197,1723
#
# Fastrouting will process the IP classes very quickly but use
# Lot of resources. If you disable the effect is transparent
# but the full process will take minutes rather than seconds
# 0=disabled 1=enabled
fastroutine=1
#
# Enable check on script availability to help autorun
# E.g. wait for the file to be available in cifs before run it
# instead of quit with a file missing error
autorun_availability_check=1
#
# Schedule updates? (once a week is plenty). Custom syntax:
# m = random minute picked up in the range[0-59]
# h = random hour picked up in the range [1-5]am
# d = random day of the week picked up in the range Sun to Sat [0-6]
# if unwanted set your own specific time e.g.
# "30 4 * * 1" 4:30 on a Monday
# or use a combination e.g. random minute at 1am on a Tuesday:
# "m 1 * * 3"
# Specify this always in between "" please
schedule="m h * * d"
#
# IP for testing Internet connectivity
testip=8.8.8.8
# </CONFIGURATION> ###########################################

# Wait until Internet is available
        while :
        do
                ping -c 3 $testip >/dev/null 2>&1
                if [ $? = 0 ]; then
                        break
                fi
                sleep 5
        done

pidfile="/var/run/p2partisan.pid"
cd $P2Partisandir
version=`head -3 ./p2partisan.sh | tail -1 | cut -f 3- -d " "`

alias ipset='/bin/nice -n19 /usr/sbin/ipset'
alias sed='/bin/nice -n19 /bin/sed'
alias iptables='/usr/sbin/iptables'
alias service='/sbin/service'
alias plog='logger -t P2PARTISAN -s'
now=`date +%s`
wanif=`nvram get wan_ifname`
lanif=`nvram get lan_ifname`


psoftstop() {
        ./iptables-del 2> /dev/null
        plog "Stopping P2Partisan"
        [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
        [ -f iptables-add ] && rm -f "iptables-add" 2> /dev/null
        [ -f iptables-del ] && rm -f "iptables-del" 2> /dev/null
        }

pblock() {
        plog "P2PArtisan: Applying paranoia block"
        iptables -N PARANOIA-DROP 2> /dev/null
        whiteports_number=`echo $whiteports | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
                aa=1
                b=8
                bb=8
                rounds=`echo $(( $whiteports_number / $b ))`
                if [ $rounds -eq 0 ]; then rounds="1"; fi
        while [ $rounds -gt 0 ]
        do
                w=`echo $whiteports | cut -d"," -f $aa-$bb`
                aa=`echo $(( $bb + 1 ))`
                bb=`echo $(( $bb + $b ))`
                    iptables -A PARANOIA-DROP -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
                    iptables -A PARANOIA-DROP -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
                    iptables -A PARANOIA-DROP -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
                    iptables -A PARANOIA-DROP -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
        rounds=`echo $(( $rounds - 1 ))`
        done
        iptables -A PARANOIA-DROP -m set --set whitelist dst -j ACCEPT 2> /dev/null
        iptables -A PARANOIA-DROP -m limit --limit $maxloghour/hour --limit-burst 5 -j LOG --log-prefix "P2Partisan Rejected (PARANOIA) >> " --log-level 1 2> /dev/null
        iptables -A PARANOIA-DROP -j DROP
        iptables -I wanin 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        iptables -I wanout 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        iptables -I INPUT 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        iptables -I OUTPUT 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
}

punblock() {
        while iptables -L wanin 2> /dev/null | grep "PARANOIA-DROP"
        do
                iptables -D wanin -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        done
        while iptables -L wanout 2> /dev/null | grep "PARANOIA-DROP"
        do
                iptables -D wanout -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        done
        while iptables -L OUTPUT 2> /dev/null | grep "PARANOIA-DROP"
        do
                iptables -D OUTPUT -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        done
        while iptables -L INPUT 2> /dev/null | grep "PARANOIA-DROP"
        do
                iptables -D INPUT -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        done
        iptables -F PARANOIA-DROP 2> /dev/null && plog "P2PArtisan: Removing paranoia block"
        iptables -X PARANOIA-DROP 2> /dev/null
}

pforcestop() {
counter=0
        while iptables -L wanin 2> /dev/null | grep P2PARTISAN-IN
        do
                iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
        done
        while iptables -L wanout 2> /dev/null | grep P2PARTISAN-OUT
        do
                iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
        done
        while iptables -L INPUT | grep P2PARTISAN-IN
        do
                iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
        done
        while iptables -L OUTPUT | grep P2PARTISAN-OUT
        do
                iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
        done
        iptables -F P2PARTISAN-DROP-IN 2> /dev/null
        iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
        iptables -F P2PARTISAN-IN 2> /dev/null
        iptables -F P2PARTISAN-OUT 2> /dev/null
        iptables -X P2PARTISAN-DROP-IN 2> /dev/null
        iptables -X P2PARTISAN-DROP-OUT 2> /dev/null
        iptables -X P2PARTISAN-IN 2> /dev/null
        iptables -X P2PARTISAN-OUT 2> /dev/null
        ipset -F
        for i in `ipset --list | grep Name | cut -f2 -d ":" `; do
                ipset -X $i
        done
        chmod 777 ./*.gz  2> /dev/null
    [ -f iptables-add ] && rm iptables-add
    [ -f iptables-del ] && rm iptables-del
    [ -f ipset-del ] && rm ipset-del
        [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
        [ -f runtime ] && rm -f "runtime" 2> /dev/null
plog "Unloading ipset modules"
        lsmod | grep "ipt_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ipt_set 2> /dev/null
        lsmod | grep "ip_set_iptreemap" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set_iptreemap 2> /dev/null
        lsmod | grep "ip_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set 2> /dev/null
plog "Removing the list files"
        cat blacklists |
   (
    while read line
    do
            echo "$line" | grep "^#" >/dev/null 2>&1 && continue
            echo "$line" | grep "^$" >/dev/null 2>&1 && continue
            counter=`expr $counter + 1`
            name=`echo $line |cut -d ' ' -f1`
            echo "Removing blacklist #$counter --> ***$name***"
                  [ -f ./$name.gz ] && rm -f ./$name.gz
                        done
    )
plog "Stopping P2Partisan"
}

pstatus() {
        running3=`iptables -L INPUT | grep P2PARTISAN-IN  2> /dev/null | wc -l`
        running4=`[ -f $pidfile ] && echo 1 || echo 0`
        running5=`nvram get script_fire | grep "p2partisan.sh ]" >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
        running6=`cru l | grep P2Partisan-update >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
        running7=`tail -200 /var/log/messages | grep Dropped | tail -1`
        running7a=`tail -200 /var/log/messages | grep Rejected | tail -1`
        running9=`nvram get script_fire | grep "P2Partisan-tutor" >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
        runningA=`cat /var/log/messages | grep "Applying paranoia" | wc -l`
        runningB=`cat /var/log/messages | grep "Stuck on Loading" | wc -l`
        runningC=`cat blacklists | grep -v "^#" | grep -v "^$" | wc -l`
        runningD=`cat ./runtime`
        runningE=`cat /var/log/messages | grep "P2Partisan tutor" | tail -1`
        from=`head -1 ./iptables-add 2> /dev/null | cut -c3-`
        runtime=`echo $(( $now - $from ))`
                d=`echo $(( $runtime / 86400 ))`
        h=`echo $((( $runtime / 3600 ) %24 ))`
                m=`echo $((( $runtime / 60 ) %60 ))`
                s=`echo $(( $runtime %60 ))`
        runtime=`printf "$d - %02d:%02d:%02d\n" $h $m $s`
        drop_packet_count_in=`iptables -vL P2PARTISAN-DROP-IN 2> /dev/null| grep " DROP " | awk '{print $1}'`
        drop_packet_count_out=`iptables -vL P2PARTISAN-DROP-OUT 2> /dev/null| grep " REJECT " | awk '{print $1}'`

        if [[ $running3 -eq "0" ]] && [[ $running4 -eq "0" ]]; then
                running8="\033[1;31mNo\033[0;39m"
        elif [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
                running8="\033[1;35mLoading...\033[0;39m"
        elif [[ $running3 -gt "0" ]] && [[ $running4 -eq "0" ]]; then
                running8="\033[1;31mNot quite... try to run \"p2partisan.sh update\"\033[0;39m"
        else
                running8="\033[1;32mYes\033[0;39m"
        fi

whiteip=`ipset -L whitelist | grep -e "^[0-9].*" | wc -l`
whiteextra=`ipset -L whitelist | grep -E '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' | wc -l`
if [[ $whiteextra == "0" ]]; then
whiteextra=" "
else
whiteextra=`echo "/ $whiteextra" LAN IP ref defined`
fi
blackip=`ipset -L blacklist-custom | grep -e "^[0-9].*" | wc -l`
blackextra=`ipset -L blacklist-custom | grep -E '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' | wc -l`
if [[ $blackextra == "0" ]]; then
blackextra=" "
else
blackextra=`echo "/ $blackextra" LAN IP ref defined`
fi

echo -e "################### P2Partisan ##########################"
echo -e "#       Release version: $version
################# P2Partisan status #####################
# Running:      $running8
# Autorun:      $running5
# Scheduled:    $running6 / $runningA since device boot
# Tutor:        $running9 / $runningB since device boot
#########################################################
# Uptime:       $runtime
# Startup time: $runningD seconds
# Dropped in:   $drop_packet_count_in
# Rejected out: $drop_packet_count_out
#########################################################
# Black IPs:    $blackip $blackextra
# White IPs:    $whiteip $whiteextra"
        whiteports_number=`echo $whiteports | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
                aa=1
                b=8
                bb=8
                rounds=`echo $(( $whiteports_number / $b ))`
                if [ $rounds -eq 0 ]; then rounds="1"; fi
        while [ $rounds -gt 0 ]
        do
                w=`echo $whiteports | cut -d"," -f $aa-$bb`
                aa=`echo $(( $bb + 1 ))`
                bb=`echo $(( $bb + $b ))`
                                echo "# White ports:  $w"
                rounds=`echo $(( $rounds - 1 ))`
        done

echo "# Blacklists:   $runningC
################# Last log recorded #####################
# Remember your max logs per hour is set to: $maxloghour
$running7
$running7a
$runningE
#########################################################"
}


if [ $autorun_availability_check = 1 ]; then
av="while true; do [ -f $P2Partisandir/p2partisan.sh ] && break || sleep 5; done ;"
fi

pautorunset() {
        p=`nvram get script_fire | grep "p2partisan.sh ]" | grep -v cru | wc -l`
        if [ $p -eq "0" ] ; then
                t=`nvram get script_fire`; t=`printf "$t\n$av$P2Partisandir/p2partisan.sh\n"` ; nvram set "script_fire=$t"
        fi
        plog "P2Partisan AUTO RUN is ON"
        nvram commit
}

pautorununset() {
        p=`nvram get script_fire | grep "p2partisan.sh ]" | grep -v cru | wc -l`
        if [ $p -eq "1" ]; then
        t=`nvram get script_fire`; t=`printf "$t" | grep -v "p2partisan.sh ]"` ; nvram set "script_fire=$t"
        fi
        plog "P2Partisan AUTO RUN is OFF"
        nvram commit
}

pscheduleset() {
        cru d P2Partisan-update
        e=`tr -cd 0-5 </dev/urandom | head -c 1`
        f=`tr -cd 0-9 </dev/urandom | head -c 1`
        a=`echo $e$f`
        b=`tr -cd 1-5 </dev/urandom | head -c 1`
        c=`tr -cd 0-6 </dev/urandom | head -c 1`
        scheduleme=`echo "$schedule" | tr "m" "$a"`
        scheduleme=`echo "$scheduleme" | tr "h" "$b"`
        scheduleme=`echo "$scheduleme" | tr "d" "$c"`
        cru a P2Partisan-update "$scheduleme $P2Partisandir/p2partisan.sh paranoia-update"
        pp=`nvram get script_fire | grep "p2partisan.sh paranoia-update" | grep -v cru | wc -l`
        p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
        if [ $p -eq "0" ] ; then
                if [ $pp -eq "0" ]; then
                t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
                else
                pautorununset
                t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
                pautorunset
                fi
        fi
        plog "P2Partisan AUTO UPDATE is ON"
        nvram commit
}

pscheduleunset() {
        cru d P2Partisan-update
        p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
        if [ $p -eq "1" ] ; then
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n" | grep -v "cru a P2Partisan-update"` ; nvram set "script_fire=$t"
        fi
        plog "P2Partisan AUTO UPDATE is OFF"
        nvram commit
}

pupgrade() {
        [ -f p2partisan_new.sh ] && rm -f "p2partisan_new.sh" 2> /dev/null
        wget -q -O - http://pastebin.com/raw.php?i=jqHD3hfT | grep "p2partisan v" | grep -v grep> ./latest
        latest=`cat ./latest | cut -c3-31`
        current=`cat ./p2partisan.sh | grep "p2partisan v" | head -1 | cut -c3-32 `
        if [[ "$latest" == "$current" ]]; then
        echo "
You're already running the latest version of P2Partisan
"
        else
        echo "
There's a new P2Partisan update available. Do you want to upgrade?

                        current = $current

                                        to

                         latest = $latest

y/n"
        read answer
        # echo "You entered: $input_variable"
                if [[ $answer == "y" ]]; then
wget -q -O ./p2partisan_new.sh http://pastebin.com/raw.php?i=jqHD3hfT
pupgraderoutine
                else
                echo "Upgrade skipped. Quitting..."
                exit
                fi

        fi
 }

pupgradebeta() {
        [ -f p2partisan_new.sh ] && rm -f "p2partisan_new.sh" 2> /dev/null
        wget -q -O - http://pastebin.com/raw.php?i=Q8AnCaCy | grep "p2partisan v" | grep -v grep > ./latest
        echo "
Do you want to install the latest testing beta (not suggested)?

y/n"
        read answer
        # echo "You entered: $input_variable"
                if [[ $answer == "y" ]]; then
wget -q -O ./p2partisan_new.sh http://pastebin.com/raw.php?i=Q8AnCaCy
pupgraderoutine
                else
                echo "Beta upgrade skipped. Quitting..."
                exit
                fi
 }

 pupgradesilent() {
        [ -f p2partisan_new.sh ] && rm -f "p2partisan_new.sh" 2> /dev/null
        wget -q -O - http://pastebin.com/raw.php?i=jqHD3hfT | grep "p2partisan v" | grep -v grep> ./latest
        latest=`cat ./latest | cut -c3-31`
        current=`cat ./p2partisan.sh | grep "p2partisan v" | head -1 | cut -c3-32 `
        if [[ "$latest" == "$current" ]]; then
        echo "
You're already running the latest version of P2Partisan
"
        else
wget -q -O ./p2partisan_new.sh http://pastebin.com/raw.php?i=jqHD3hfT
pupgradroutine
        fi
 }

pupgraderoutine() {
                echo "Upgrading, please wait:"
                echo "1/6) Stopping the script"
                pforcestop
                [ -f p2partisan_new.sh ] || plog "There's a problem with the p2partisan upgrade. Please try again"
                echo "2/6) Migrating the configuration"
                sed '1,/P2Partisandir/{s@P2Partisandir=.*@'"P2Partisandir=$P2Partisandir"'@'} -i ./p2partisan_new.sh
                sed '1,/syslogs/{s@syslogs=.*@'"syslogs=$syslogs"'@'} -i ./p2partisan_new.sh
                sed '1,/maxloghour/{s@maxloghour=.*@'"maxloghour=$maxloghour"'@'} -i ./p2partisan_new.sh
                sed '1,/protection/{s@protection=.*@'"protection=$protection"'@'} -i ./p2partisan_new.sh
                sed '1,/whiteports/{s@whiteports=.*@'"whiteports=$whiteports"'@'} -i ./p2partisan_new.sh
                sed '1,/fastroutine/{s@fastroutine=.*@'"fastroutine=$fastroutine"'@'} -i ./p2partisan_new.sh
                sed '1,/autorun_availability_check/{s@autorun_availability_check=.*@'"autorun_availability_check=$autorun_availability_check"'@'} -i ./p2partisan_new.sh
                sed '1,/schedule/{s@schedule=.*@'"schedule=\"$schedule\""'@'} -i ./p2partisan_new.sh
                sed '1,/testip/{s@testip=.*@'"testip=$testip"'@'} -i ./p2partisan_new.sh
                tr -d "\r"< ./p2partisan_new.sh > ./.temp ; mv ./.temp ./p2partisan_new.sh
                echo "3/6) Copying p2partisan.sh into p2partisan.sh.old"
                cp ./p2partisan.sh ./p2partisan_old
                echo "4/6) Installing new script into p2partisan.sh"
                mv ./p2partisan_new.sh ./p2partisan.sh
                echo "5/6) Setting up permissions"
                chmod -R 777 ./p2partisan.sh
                echo "6/6) all done, I'm now running the script for you.
NOTE: autorun, autoupdate and tutor settings are left as they were found
"
}

ptutor() {
        pwhitelist
        running3=`iptables -L INPUT | grep P2PARTISAN-IN  2> /dev/null | wc -l`
        running4=`[ -f $pidfile ] && echo 1 || echo 0`
        runningE=`iptables -L wanin | grep P2PARTISAN-IN  2> /dev/null | wc -l`
        if [[ $runningE -gt "1" ]]; then
                        pforcestop
                        plog "P2Partisan tutor had to restart due to: iptables redundant rules found"
                        pstart
        elif [[ $running3 -eq "1" ]] && [[ $running4 -eq "0" ]]; then
                        plog "P2Partisan tutor had to restart due to: pid file missing"
                        pforcestop
                        pstart
        elif [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
                        plog "P2Partisan tutor had to restart due to: iptables instructions missing"
                        pforcestop
                        pstart
        elif [[ $running3 -ne "1" ]] && [[ $running4 -eq "1" ]]; then
                        plog "P2Partisan appears to be loading, I'll wait 5 minutes..."
                        sleep 300
                if [[ $running3 -ne "1" ]] && [[ $running4 -eq "1" ]]; then
                        plog "P2Partisan tutor had to restart due to Stuck on Loading"
                        pforcestop
                        pstart
                fi
        else
        echo "P2Partisan up and running. The tutor is happy"
        fi
 }

ptutorset() {
        cru d P2Partisan-tutor
        ab=`tr -cd 0-5 </dev/urandom | head -c 1`
        a=`tr -cd 0-9 </dev/urandom | head -c 1`
        a=`echo $ab$a`
        scheduleme=`echo "$a * * * *"`
        cru a P2Partisan-tutor "$scheduleme $P2Partisandir/p2partisan.sh tutor"
        pp=`nvram get script_fire | grep "p2partisan.sh tutor" | grep -v cru | wc -l`
        p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
        if [ $p -eq "0" ] ; then
                if [ $pp -eq "0" ]; then
                t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
                else
                t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
                fi
        fi
        plog "P2Partisan tutor is ON"
        nvram commit
}

ptutorunset() {
        cru d P2Partisan-tutor
        p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
        if [ $p -eq "1" ] ; then
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$schedule $P2Partisandir/p2partisan.sh tutor\"\n" | grep -v "cru a P2Partisan-tutor"` ; nvram set "script_fire=$t"
        fi
        plog "P2Partisan tutor is OFF"
        nvram commit
 }

 ptest() {
checklist="blacklist-custom whitelist `cat blacklists | grep -v "^#" | grep -v "^$" | cut -d" " -f1`"
echo "###############################################
### Lists are sorted in order of precedence ###
###############################################"
        echo $checklist | tr " " "\n" |
    (
                while read LIST
                do
                ipset -T $LIST $1 1>/dev/nul && if [ $LIST = "whitelist" ]; then echo -e "\033[1;32m$1 found in        $LIST\033[0;39m"; else echo -e "\033[1;31m$1 found in        $LIST\033[0;39m"; fi || echo -e "$1 not found in    $LIST"
        done                                                                                                                                     #echo "\033[1;31mNo\033[0;39m"
    )
        echo "###############################################"
}

pwhitelist() {
    ipset -F whitelist
    cat ./whitelist |
    (
    while read IP
    do
        echo "$IP" | grep -E "^#" >/dev/null 2>&1 && continue
        echo "$IP" | grep -E "^$" >/dev/null 2>&1 && continue
        echo "$IP" | grep -E "(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])" >/dev/null 2>&1 && q=1
        echo "$IP" | grep -E "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" >/dev/null 2>&1 && q=0

    if [[ $q -eq 0 ]]; then
                ipset -A whitelist $IP
    elif [[ $q -eq 1 ]]; then
        nslookup $IP |
            (
            while read IPR
            do
        echo "$IPR" | grep -E "^#" >/dev/null 2>&1 && continue
        echo "$IPR" | grep -E "^$" >/dev/null 2>&1 && continue
        echo "$IPR" | grep 127.0.0.1 >/dev/null 2>&1 && continue
        echo "$IPR" | grep -vE "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" >/dev/null 2>&1 && continue
        IP=`echo "$IPR" | grep -E "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" | cut -f3 -d" "`
                ipset -A whitelist $IP
            done
            )
    fi
    done
    )
}

pstart() {
        running4=`[ -f $pidfile ] && echo 1 || echo 0`
        if [ $running4 -eq "0" ] ; then

        /bin/ntpsync > /dev/null 2>&1
        pre=`date +%s`
        sleep 1

        echo $$ > $pidfile

    [ -f iptables-add ] && rm iptables-add
    [ -f iptables-del ] && rm iptables-del
    [ -f ipset-del ] && rm ipset-del

        echo "### PREPARATION ###"
        echo "Loading the ipset modules"
        lsmod | cut -c1-20 | grep "ip_set " > /dev/null 2>&1 || insmod ip_set
        lsmod | cut -c1-20 | grep "ip_set_iptreemap" > /dev/null 2>&1 || insmod ip_set_iptreemap
        lsmod | cut -c1-20 | grep "ipt_set" > /dev/null 2>&1 || insmod ipt_set

counter=0
pos=1
couscous=`cat blacklist-custom | grep -v "^#" | grep -v "^$" | wc -l`

                echo "### CUSTOM BLACKLIST ###
blacklist-custom file -> $couscous entries found"
 if [ $couscous -eq "0" ]; then
                echo "No custom blacklist entries found: skipping"
 else
                echo "loading blacklist #$counter --> ***Custom IP blacklist***"
                ipset --create blacklist-custom iptreemap > /dev/null 2>&1
        if [ -e blacklist-custom ]; then
        for IP in `cat blacklist-custom | grep -v "^#" | grep -v "^$" | grep -Ev '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' | cut -d: -f2`
            do
                ipset -A blacklist-custom $IP
            done
                fi
fi

echo "### WHITELIST ###"

        whiteports_number=`echo $whiteports | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
                aa=1
                b=8
                bb=8
                rounds=`echo $(( $whiteports_number / $b ))`
                if [ $rounds -eq 0 ]; then rounds="1"; fi
        while [ $rounds -gt 0 ]
        do
                w=`echo $whiteports | cut -d"," -f $aa-$bb`
                aa=`echo $(( $bb + 1 ))`
                bb=`echo $(( $bb + $b ))`
        echo "loading whitelisted ports $w exemption"
whitep="${whitep}iptables -A P2PARTISAN-IN -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
"
        rounds=`echo $(( $rounds - 1 ))`
        done


                echo "# $now
iptables -N P2PARTISAN-IN 2> /dev/null
iptables -N P2PARTISAN-OUT 2> /dev/null
iptables -N P2PARTISAN-DROP-IN 2> /dev/null
iptables -N P2PARTISAN-DROP-OUT 2> /dev/null
iptables -F P2PARTISAN-IN 2> /dev/null
iptables -F P2PARTISAN-OUT 2> /dev/null
iptables -F P2PARTISAN-DROP-IN 2> /dev/null
iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
iptables -A P2PARTISAN-IN -m set --set blacklist-custom src -j P2PARTISAN-DROP-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set blacklist-custom src -j P2PARTISAN-DROP-OUT 2> /dev/null" > iptables-add


                echo "# $now
iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -F P2PARTISAN-DROP-IN 2> /dev/null
iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
iptables -F P2PARTISAN-IN 2> /dev/null
iptables -F P2PARTISAN-OUT 2> /dev/null
iptables -X P2PARTISAN-IN 2> /dev/null
iptables -X P2PARTISAN-OUT 2> /dev/null
iptables -X P2PARTISAN-DROP-IN 2> /dev/null
iptables -X P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-del


echo "preparing IP whitelist for the iptables"
#Load the whitelist
if [ "$(ipset --swap whitelist whitelist 2>&1 | grep 'Unknown set')" != "" ]
    then
    ipset --create whitelist iptreemap > /dev/null 2>&1
    pwhitelist
    fi
                echo "# $now
ipset -F
ipset -X blacklist-custom
ipset -X whitelist" > ipset-del

                        echo "loading the IP whitelist"
                        echo "iptables -A P2PARTISAN-IN -m set --set whitelist src -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set whitelist dst -j ACCEPT 2> /dev/null
$whitep" >> iptables-add

                if [ $syslogs -eq "1" ]; then
                        echo "iptables -A P2PARTISAN-DROP-IN -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Dropped IN >> \" --log-level 1 2> /dev/null" >> iptables-add
                        echo "iptables -A P2PARTISAN-DROP-OUT -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Rejected OUT >> \" --log-level 1 2> /dev/null" >> iptables-add

                fi
                echo "iptables -A P2PARTISAN-DROP-IN -j DROP
iptables -A P2PARTISAN-DROP-OUT -j REJECT --reject-with icmp-admin-prohibited"  >> iptables-add


echo "### BLACKLISTs ###"

        cat blacklists |
   (
    while read line
    do
            echo "$line" | grep "^#" >/dev/null 2>&1 && continue
            echo "$line" | grep "^$" >/dev/null 2>&1 && continue
            counter=`expr $counter + 1`
            name=`echo $line |cut -d ' ' -f1`
            url=`echo $line |cut -d ' ' -f2`
            echo "loading blacklist #$counter --> ***$name***"

    if [ $fastroutine -eq "1" ]; then

     if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
      then
                  [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
                  [ -e $name.gz ] || wget -q -O $name.gz "$url"
                  { echo "-N $name iptreemap"
                        gunzip -c  $name.gz | \
                        sed -e "/^[\t ]*#.*\|^[\t ]*$/d;s/^.*:/-A $name /" | \
                        grep -Ev '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)'
                        echo COMMIT
                  } | ipset -R
     fi
    else

                if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
            then
                        [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
            ipset --create $name iptreemap
            [ -e $name.lst ] || wget -q -O - "$url" | gunzip | cut -d: -f2 | grep -E "^[-0-9.]+$" | grep -Ev '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' > $name.lst
            for IP in $(cat $name.lst)
                    do
                    ipset -A $name $IP
                    done
                        fi

        fi

                                echo "ipset -X $name " >> ipset-del
                                echo "iptables -A P2PARTISAN-IN -m set --set $name src -j P2PARTISAN-DROP-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set $name dst -j P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-add
                        done
    )


echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add

chmod 777 ./iptables-*
chmod 777 ./ipset-*
./iptables-add  #protecting

plog "... P2Partisan started."

p=`nvram get dnsmasq_custom | grep log-async | wc -l`
if [ $p -eq "1" ]; then
        plog "log-async found under dnsmasq -> OK"
else
        plog "
It appears like you don't have a log-async parameter
in your dnsmasq config. This is strongly suggested
due to the amount of logs involved. please consider
adding the following command under Advanced/DHCP/DNS
/Dnsmasq Custom configuration

log-async=5
"
fi

punblock  #remove paranoia DROPs if any

        post=`date +%s`
        runtime=`echo $(( $post - $pre ))`
        [ -f ./runtime ] || echo $runtime > ./runtime
        else
                echo "
        It appears like P2Partisan is already running. Skipping...

        If this is not what you expected? Try:
        p2partisan.sh update
                "
        fi
}


for p in $1
do
case "$p" in
        "start")
                pstart
                exit
                ;;
        "stop")
                pforcestop
                exit
                ;;
        "restart")
                psoftstop
                ;;
        "status")
                pstatus
                exit
                ;;
        "pause")
                psoftstop
                exit
                ;;
        "test")
                ptest $2
                exit
                ;;
        "update")
                pforcestop
                ;;
        "paranoia-update")
                pblock
                pforcestop
                ;;
        "autorun-on")
                pautorunset
                exit
                ;;
        "autorun-off")
                pautorununset
                exit
                ;;
        "autoupdate-on")
                pscheduleset
                exit
                ;;
        "autoupdate-off")
                pscheduleunset
                exit
                ;;
        "tutor-on")
                ptutorset
                exit
                ;;
        "tutor-off")
                ptutorunset
                exit
                ;;
        "tutor")
                ptutor
                exit
                ;;
        "upgrade")
                pupgrade
                ;;
        "upgrade-silent")
                pupgradesilent
                ;;
        "upgrade-beta")
                pupgradebeta
                ;;
        "help")
                echo "
        P2Partisan parameters:

        help                    Display this text
        start                   Starts the process (this runs also if no option
                                is provided)
        stop                    Stops P2Partisan
        restart                 Soft restart, updates whiteports & whitelist only
        pause                   Soft stop P2Partisan allowing for quick start
        update                  Hard restart, slow removes p2partisan, updates
                                the lists and does a fresh start
        paranoia-update         Like update but blocks any new connection until
                                P2Partisan is running again
        status                  Display P2Partisan running status + extra info
        test <IP>               Verify existence of the given IP against lists
        autorun-on              Sets P2Partisan to boot with the router
        autorun-off             Sets P2Partisan not to boot with the router
        autoupdate-on           Sets automatic weekly updates to on
        autoupdate-off          Sets automatic weekly updates to off
        tutor-on                Sets hourly running-status checks to on
        tutor-off               Sets hourly running-status checks to off
        upgrade                 Download and install the latest P2Partisan
        upgrade-silent          Like upgrade but no question asked. Useful for scheduler
"
                                exit
                ;;
        *)
                echo "parameter not valid. please run:

        p2partisan.sh help
        "
                                exit
                ;;

esac
done

pstart

exit