Public Pastes
daily pastebin goal
13%
SHARE
TWEET

Untitled

a guest Jan 10th, 2016 43 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2.  
  3. TUNTAP=$(basename $DEV)
  4. UNDO_FILE=/var/run/chilli.$TUNTAP.sh
  5.  
  6. . /etc/chilli/functions
  7.  
  8. [ -e "$UNDO_FILE" ] && sh $UNDO_FILE 2>/dev/null
  9. rm -f $UNDO_FILE 2>/dev/null
  10.  
  11. ipt() {
  12.     opt=$1; shift
  13.     echo "iptables -D $*" >> $UNDO_FILE
  14.     iptables $opt $*
  15. }
  16.  
  17. ipt_in() {
  18.     ipt -I INPUT -i $TUNTAP $*
  19. }
  20.  
  21. if [ -n "$TUNTAP" ]
  22. then
  23.     # ifconfig $TUNTAP mtu $MTU
  24.     if [ "$KNAME" != "" ]
  25.     then
  26.         ipt -I FORWARD -i $DHCPIF -m coova --name $KNAME -j ACCEPT
  27.         ipt -I FORWARD -o $DHCPIF -m coova --name $KNAME --dest -j ACCEPT
  28.         ipt -I FORWARD -i $TUNTAP -j ACCEPT
  29.         ipt -I FORWARD -o $TUNTAP -j ACCEPT
  30.         [ -n "$DHCPLISTEN" ] && ifconfig $DHCPIF $DHCPLISTEN
  31.     else
  32.         if [ "$LAYER3" != "1" ]
  33.         then
  34.             [ -n "$UAMPORT" -a "$UAMPORT" != "0" ] && \
  35.                 ipt_in -p tcp -m tcp --dport $UAMPORT --dst $ADDR -j ACCEPT
  36.  
  37.             [ -n "$UAMUIPORT" -a "$UAMUIPORT" != "0" ] && \
  38.                 ipt_in -p tcp -m tcp --dport $UAMUIPORT --dst $ADDR -j ACCEPT
  39.  
  40.             [ -n "$HS_TCP_PORTS" ] && {
  41.                 for port in $HS_TCP_PORTS; do
  42.                     ipt_in -p tcp -m tcp --dport $port --dst $ADDR -j ACCEPT
  43.                 done
  44.             }
  45.  
  46.             ipt_in -p udp -d 255.255.255.255 --destination-port 67:68 -j ACCEPT
  47.             ipt_in -p udp -d $ADDR --destination-port 67:68 -j ACCEPT
  48.             ipt_in -p udp --dst $ADDR --dport 53 -j ACCEPT
  49.             ipt_in -p icmp --dst $ADDR -j ACCEPT
  50.  
  51.             ipt -A INPUT -i $TUNTAP --dst $ADDR -j DROP
  52.  
  53.             if [ "$ONLY8021Q" != "1" ]
  54.             then
  55.                 ipt -I INPUT -i $DHCPIF -j DROP
  56.             fi
  57.         fi
  58.  
  59.         if [ "$ONLY8021Q" != "1" ]
  60.         then
  61.             ipt -I FORWARD -i $DHCPIF -j DROP
  62.             ipt -I FORWARD -o $DHCPIF -j DROP
  63.         fi
  64.  
  65.         ipt -I FORWARD -i $TUNTAP -j ACCEPT
  66.         ipt -I FORWARD -o $TUNTAP -j ACCEPT
  67.  
  68.         # Help out conntrack to not get confused
  69.         # (stops masquerading from working)
  70.         #ipt -I PREROUTING -t raw -j NOTRACK -i $DHCPIF
  71.         #ipt -I OUTPUT -t raw -j NOTRACK -o $DHCPIF
  72.  
  73.         # Help out MTU issues with PPPoE or Mesh
  74.         ipt -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  75.         ipt -I FORWARD -t mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  76.  
  77.         [ "$HS_LAN_ACCESS" != "on" -a "$HS_LAN_ACCESS" != "allow" ] && \
  78.             ipt -I FORWARD -i $TUNTAP \! -o $HS_WANIF -j DROP
  79.  
  80.         ipt -I FORWARD -i $TUNTAP -o $HS_WANIF -j ACCEPT
  81.  
  82.         [ "$HS_LOCAL_DNS" = "on" ] && \
  83.             ipt -I PREROUTING -t nat -i $TUNTAP -p udp --dport 53 -j DNAT --to-destination $ADDR
  84.     fi
  85. fi
  86.  
  87. # site specific stuff optional
  88. [ -e /etc/chilli/ipup.sh ] && . /etc/chilli/ipup.sh
RAW Paste Data
Top