p2partisan beta-rmerlin

#!/bin/sh
#
# p2partisan v4.65 (10/11/2014)
#
# <CONFIGURATION> ###########################################
# Adjust location where the files are kept
P2Partisandir=/cifs1/p2partisan
#
# Edit the file "blacklists" to customise if needed
# Edit the "whitelist" to overwrite the blacklist if needed
#
# Enable logging? Use only for troubleshooting. 0=off 1=on
syslogs=1
# Maximum number of logs to be recorded in a given 60 min
# Consider set this very low (like 3 or 6) once your are
# happy with the installation. To troubleshoot blocked
# connection close all the secondary traffic e.g. p2p
# and try a connection to the blocked site/port you should
# find a reference in the logs.
maxloghour=1
#
# What do you want to block?
# 1) Input (Router only, running transmission?)
# 2) LAN (LAN clients only)
# 3) Both *default
protection=3
#
# ports to be whitelisted. Whitelisted ports will never be
# blocked no matter what the source/destination IP is.
# This is very important if you're running a service like
# e.g. SMTP/HTTP/IMAP/else. Separate value in the list below
# with commas - NOTE: Leave 80 and 443 untouched, add custom ports only
# you might want to add remote admin and VPN ports here if any.
# Standard iptables syntax, individual ports divided by "," and ":" to
# define a range e.g. 80,443,2100:2130. Do not whitelist you P2P client!
whiteports=21,25,44,53,80,123,443,1194:1197,1723,3658,4000:4200,5730:5739,6665:6670,8080,8800:8899,14020
#
# Fastrouting will process the IP classes very quickly but use
# Lot of resources. If you disable the effect is transparent
# but the full process will take minutes rather than seconds
# 0=disabled 1=enabled
fastroutine=1
#
# Enable check on script availability to help autorun
# E.g. wait for the file to be available in cifs before run it
# instead of quit with a file missing error
autorun_availability_check=1
#
# Schedule updates? (once a week is plenty). Custom syntax:
# m = random minute picked up in the range[0-59]
# h = random hour picked up in the range [1-5]am
# d = random day of the week picked up in the range Sun to Sat [0-6]
# if unwanted set your own specific time e.g.
# "30 4 * * 1" 4:30 on a Monday
# or use a combination e.g. random minute at 1am on a Tuesday:
# "m 1 * * 3"
# Specify this always in between "" please
schedule="m h * * d"
#
# IP for testing Internet connectivity
testip=8.8.8.8
# </CONFIGURATION> ###########################################

# Wait until Internet is available
    while :
    do
        ping -c 3 $testip >/dev/null 2>&1
        if [ $? = 0 ]; then
            break
        fi
        sleep 5
    done

pidfile=/var/run/p2partisan.pid
cd $P2Partisandir
version=`head -3 ./p2partisan.sh | tail -1 | cut -f 3- -d " "`

alias ipset='/bin/nice -n19 /usr/sbin/ipset'
alias sed='/bin/nice -n19 /bin/sed'
alias iptables='/usr/sbin/iptables'
alias service='/sbin/service'
alias plog='logger -t P2PARTISAN -s'
now=`date +%s`
if [ -f /var/log/messages ]; then logfile="/var/log/messages"; else logfile="/tmp/syslog.log"; fi
wanif=`nvram get wan_ifname`
if [ -f $wanif ]; then wanif=`nvram get wan_ifnames`; fi #RMerlin work around
lanif=`nvram get lan_ifname`


psoftstop() {
    ./iptables-del 2> /dev/null
    plog "Stopping P2Partisan"
    [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
    [ -f iptables-add ] && rm -f "iptables-add" 2> /dev/null
    [ -f iptables-del ] && rm -f "iptables-del" 2> /dev/null
}

pblock() {
    plog "P2PArtisan: Applying paranoia block"
    iptables -N PARANOIA-DROP 2> /dev/null
    iptables -A PARANOIA-DROP -m set --set blacklist-custom dst -j DROP 2> /dev/null
    iptables -A PARANOIA-DROP -m set --set whitelist dst -j ACCEPT 2> /dev/null
    whiteports_number=`echo $whiteports | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
        aa=1
        b=8
        bb=8
        rounds=`echo $(( $whiteports_number / $b ))`
        if [ $rounds -eq 0 ]; then rounds="1"; fi
    while [ $rounds -gt 0 ]
    do
        w=`echo $whiteports | cut -d"," -f $aa-$bb`
        aa=`echo $(( $bb + 1 ))`
        bb=`echo $(( $bb + $b ))`
whitep="${whitep}iptables -A PARANOIA-DROP -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
"
    rounds=`echo $(( $rounds - 1 ))`
    done
    iptables -A PARANOIA-DROP -m limit --limit $maxloghour/hour --limit-burst 100 -j LOG --log-prefix "P2Partisan Dropped (PARANOIA) >> " --log-level 1 2> /dev/null
    iptables -A PARANOIA-DROP -j DROP
    iptables -I FORWARD 1 -m state --state NEW -j PARANOIA-DROP 2> /dev/null
    iptables -I INPUT 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
    iptables -I OUTPUT 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
}

punblock() {
    while iptables -L FORWARD 2> /dev/null | grep "PARANOIA-DROP"
    do
        lin=`iptables -L FORWARD --line-numbers | grep "PARANOIA-DROP" | awk '{print $1}' | head -1`
        iptables -D FORWARD $lin
        done
    while iptables -L OUTPUT 2> /dev/null | grep "PARANOIA-DROP"
    do
        lin=`iptables -L OUTPUT --line-numbers | grep "PARANOIA-DROP" | awk '{print $1}' | head -1`
        iptables -D OUTPUT $lin
    done
    while iptables -L INPUT 2> /dev/null | grep "PARANOIA-DROP"
    do
        lin=`iptables -L INPUT --line-numbers | grep "PARANOIA-DROP" | awk '{print $1}' | head -1`
        iptables -D INPUT $lin
    done
    iptables -F PARANOIA-DROP 2> /dev/null && plog "P2PArtisan: Removing paranoia block"
    iptables -X PARANOIA-DROP 2> /dev/null
}

pforcestop() {
    while iptables -L FORWARD 2> /dev/null | grep "P2PARTISAN-FORWARD"
    do
    lin=`iptables -L FORWARD --line-numbers | grep P2PARTISAN-FORWARD | awk '{print $1}' | head -1`
    iptables -D FORWARD $lin
    done
    while iptables -L INPUT | grep "P2PARTISAN-IN"
    do
    lin=`iptables -L INPUT --line-numbers | grep P2PARTISAN-IN | awk '{print $1}' | head -1`
    iptables -D INPUT $lin
    done
    while iptables -L OUTPUT | grep "P2PARTISAN-OUT"
    do
    lin=`iptables -L OUTPUT --line-numbers | grep P2PARTISAN-OUT | awk '{print $1}' | head -1`
    iptables -D OUTPUT $lin
    done
    iptables -F P2PARTISAN-DROP-IN 2> /dev/null
    iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
    iptables -F P2PARTISAN-DROP-FORWARD 2> /dev/null
    iptables -F P2PARTISAN-IN 2> /dev/null
    iptables -F P2PARTISAN-OUT 2> /dev/null
    iptables -F P2PARTISAN-FORWARD 2> /dev/null
    iptables -X P2PARTISAN-DROP-IN 2> /dev/null
    iptables -X P2PARTISAN-DROP-OUT 2> /dev/null
    iptables -X P2PARTISAN-DROP-FORWARD 2> /dev/null
    iptables -X P2PARTISAN-IN 2> /dev/null
    iptables -X P2PARTISAN-OUT 2> /dev/null
    iptables -X P2PARTISAN-FORWARD 2> /dev/null
    ipset -F
    for i in `ipset --list | grep Name | cut -f2 -d ":" `; do
        ipset -X $i
    done
    chmod 777 ./*.gz 2> /dev/null
    [ -f iptables-add ] && rm iptables-add
    [ -f iptables-del ] && rm iptables-del
    [ -f ipset-del ] && rm ipset-del
    [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
    [ -f runtime ] && rm -f "runtime" 2> /dev/null
plog "Unloading ipset modules"
    lsmod | grep "ipt_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ipt_set 2> /dev/null
    lsmod | grep "ip_set_iptreemap" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set_iptreemap 2> /dev/null
    lsmod | grep "ip_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set 2> /dev/null
plog "Stopping P2Partisan"
}

pstatus() {
        running3=`iptables -L INPUT | grep P2PARTISAN-IN  2> /dev/null | wc -l`
        running3o=`iptables -L OUTPUT | grep P2PARTISAN-OUT  2> /dev/null | wc -l`
        running3f=`iptables -L FORWARD | grep P2PARTISAN-FORWARD  2> /dev/null | wc -l`
        running4=`[ -f $pidfile ] && echo 1 || echo 0`
        running5=`nvram get script_fire | grep "p2partisan.sh ]" >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
        running6=`cru l | grep P2Partisan-update >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
        running7=`tail -200 $logfile | grep Dropped | tail -1`
        running7a=`tail -200 $logfile | grep Rejected | tail -1`
        running9=`nvram get script_fire | grep "P2Partisan-tutor" >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
        runningA=`cat $logfile | grep "Applying paranoia" | wc -l`
        runningB=`cat $logfile | grep "Stuck on Loading" | wc -l`
        runningC=`cat blacklists | grep -v "^#" | grep -v "^$" | wc -l`
        runningD=`cat ./runtime`
        runningE=`cat /proc/net/ip_conntrack | wc -l`
        tot_fw=`iptables -vL FORWARD | grep P2PARTISAN- | awk '{print $1}'`
        tot_in=`iptables -vL INPUT | grep P2PARTISAN- | awk '{print $1}'`
        tot_out=`iptables -vL OUTPUT | grep P2PARTISAN- | awk '{print $1}'`
        from=`head -1 ./iptables-add 2> /dev/null | cut -c3-`
        runtime=`echo $(( $now - $from ))`
        d=`echo $(( $runtime / 86400 ))`
        h=`echo $((( $runtime / 3600 ) %24 ))`
        m=`echo $((( $runtime / 60 ) %60 ))`
        s=`echo $(( $runtime %60 ))`
        runtime=`printf "$d - %02d:%02d:%02d\n" $h $m $s`
        drop_packet_count_in=`iptables -vL P2PARTISAN-DROP-IN 2> /dev/null| grep " DROP " | awk '{print $1}'`
        drop_packet_count_out=`iptables -vL P2PARTISAN-DROP-OUT 2> /dev/null| grep " REJECT " | awk '{print $1}'`
        drop_packet_count_forward=`iptables -vL P2PARTISAN-DROP-FORWARD 2> /dev/null| grep " DROP " | awk '{print $1}'`

        if [[ $running3 -eq "0" ]] && [[ $running4 -eq "0" ]]; then
                running8="\033[1;31mNo\033[0;39m"
        elif [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
                running8="\033[1;35mLoading...\033[0;39m"
        elif [[ $running3 -gt "0" ]] && [[ $running4 -eq "0" ]]; then
                running8="\033[1;31mNot quite... try to run \"p2partisan.sh update\"\033[0;39m"
        else
                running8="\033[1;32mYes\033[0;39m"
        fi

whiteip=`ipset -L whitelist 2> /dev/null | grep -e "^[0-9].*" | wc -l `
whiteextra=`ipset -L whitelist 2> /dev/null | grep -E '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' | wc -l`
if [[ $whiteextra == "0" ]]; then
whiteextra=" "
else
whiteextra=`echo "/ $whiteextra" LAN IP reference defined`
fi
blackip=`ipset -L blacklist-custom 2> /dev/null | grep -e "^[0-9].*" | wc -l`
blackextra=`ipset -L blacklist-custom 2> /dev/null | grep -E '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' | wc -l`
if [[ $blackextra == "0" ]]; then
blackextra=" "
else
blackextra=`echo "/ $blackextra" LAN IP ref defined`
fi

echo -e "################### P2Partisan ##########################"
echo -e "#       Release version: $version
################# P2Partisan status #####################
# Running:      $running8
# Autorun:      $running5
# Scheduled:    $running6 / $runningA since device boot
# Tutor:        $running9 / $runningB since device boot
#########################################################
# Uptime:       $runtime
# Startup time: $runningD seconds
# Opened conn:  $runningE
##### Traffic - drop/tot ########
# Dropped in:   $drop_packet_count_in / $tot_in
# Rejected out: $drop_packet_count_out / $tot_out
# Dropped frw:  $drop_packet_count_forward / $tot_fw
#########################################################
# Custom black: $blackip $blackextra
# Custom white: $whiteip $whiteextra"
    whiteports_number=`echo $whiteports | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
        aa=1
        b=8
        bb=8
        rounds=`echo $(( $whiteports_number / $b ))`
        if [ $rounds -eq 0 ]; then rounds="1"; fi
    while [ $rounds -gt 0 ]
    do
        w=`echo $whiteports | cut -d"," -f $aa-$bb`
        aa=`echo $(( $bb + 1 ))`
        bb=`echo $(( $bb + $b ))`
                echo "# White ports:  $w"
                rounds=`echo $(( $rounds - 1 ))`
        done
echo "# Blacklists:   $runningC
################# Last logs recorded ####################
# Remember your max logs per hour is set to: $maxloghour
$running7
$running7a"
echo "#########################################################"
}


if [ $autorun_availability_check = 1 ]; then
av="while true; do [ -f $P2Partisandir/p2partisan.sh ] && break || sleep 5; done ;"
fi

pautorunset() {
    p=`nvram get script_fire | grep "p2partisan.sh ]" | grep -v cru | wc -l`
    if [ $p -eq "0" ] ; then
        t=`nvram get script_fire`; t=`printf "$t\n$av$P2Partisandir/p2partisan.sh\n"` ; nvram set "script_fire=$t"
    fi
    plog "P2Partisan AUTO RUN is ON"
    nvram commit
}

pautorununset() {
    p=`nvram get script_fire | grep "p2partisan.sh ]" | grep -v cru | wc -l`
    if [ $p -eq "1" ]; then
    t=`nvram get script_fire`; t=`printf "$t" | grep -v "p2partisan.sh ]"` ; nvram set "script_fire=$t"
    fi
    plog "P2Partisan AUTO RUN is OFF"
    nvram commit
}

pscheduleset() {
    cru d P2Partisan-update
    e=`tr -cd 0-5 </dev/urandom | head -c 1`
    f=`tr -cd 0-9 </dev/urandom | head -c 1`
    a=`echo $e$f`
    b=`tr -cd 1-5 </dev/urandom | head -c 1`
    c=`tr -cd 0-6 </dev/urandom | head -c 1`
    scheduleme=`echo "$schedule" | tr "m" "$a"`
    scheduleme=`echo "$scheduleme" | tr "h" "$b"`
    scheduleme=`echo "$scheduleme" | tr "d" "$c"`
    cru a P2Partisan-update "$scheduleme $P2Partisandir/p2partisan.sh paranoia-update"
    pp=`nvram get script_fire | grep "p2partisan.sh paranoia-update" | grep -v cru | wc -l`
    p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
    if [ $p -eq "0" ] ; then
        if [ $pp -eq "0" ]; then
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
        else
        pautorununset
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
        pautorunset
        fi
    fi
    plog "P2Partisan AUTO UPDATE is ON"
    nvram commit
}

pscheduleunset() {
    cru d P2Partisan-update
    p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
    if [ $p -eq "1" ] ; then
    t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n" | grep -v "cru a P2Partisan-update"` ; nvram set "script_fire=$t"
    fi
    plog "P2Partisan AUTO UPDATE is OFF"
    nvram commit
}

pupgrade() {
    wget -q -O - http://pastebin.com/raw.php?i=jqHD3hfT | grep "p2partisan v" | grep -v grep> ./latest
    latest=`cat ./latest | cut -c3-31`
    current=`cat ./p2partisan.sh | grep "p2partisan v" | head -1 | cut -c3-32 `
    if [[ "$latest" == "$current" ]]; then
    echo "
You're already running the latest version of P2Partisan
"
    else
    echo "
There's a new P2Partisan update available. Do you want to upgrade?

            current = $current

                    to

             latest = $latest

y/n"
    read answer
    # echo "You entered: $input_variable"
        if [[ $answer == "y" ]]; then
pupgraderoutine
        else
        echo "Upgrade skipped. Quitting..."
        exit
        fi

    fi
 }

pupgradebeta() {
    wget -q -O - http://pastebin.com/raw.php?i=Q8AnCaCy | grep "p2partisan v" | grep -v grep > ./latest
    echo "
Do you want to install to the current testing beta (not suggested)?

y/n"
    read answer
    # echo "You entered: $input_variable"
        if [[ $answer == "y" ]]; then
pupgraderoutine
        else
        echo "Beta upgrade skipped. Quitting..."
        exit
        fi
 }

 pupgradesilent() {
    wget -q -O - http://pastebin.com/raw.php?i=jqHD3hfT | grep "p2partisan v" | grep -v grep> ./latest
    latest=`cat ./latest | cut -c3-31`
    current=`cat ./p2partisan.sh | grep "p2partisan v" | head -1 | cut -c3-32 `
    if [[ "$latest" == "$current" ]]; then
    echo "
You're already running the latest version of P2Partisan
"
    else
pupgradroutine
    fi
 }

pupgraderoutine() {
        echo "Upgrading, please wait:"
        echo "1/6) Downloading the script"
        mv ./latest ./p2partisan_new.sh
        echo "2/6) Migrating the configuration"
        sed '1,/P2Partisandir/{s@P2Partisandir=.*@'"P2Partisandir=$P2Partisandir"'@'} -i ./p2partisan_new.sh
        sed '1,/syslogs/{s@syslogs=.*@'"syslogs=$syslogs"'@'} -i ./p2partisan_new.sh
        sed '1,/maxloghour/{s@maxloghour=.*@'"maxloghour=$maxloghour"'@'} -i ./p2partisan_new.sh
        sed '1,/protection/{s@protection=.*@'"protection=$protection"'@'} -i ./p2partisan_new.sh
        sed '1,/whiteports/{s@whiteports=.*@'"whiteports=$whiteports"'@'} -i ./p2partisan_new.sh
        sed '1,/fastroutine/{s@fastroutine=.*@'"fastroutine=$fastroutine"'@'} -i ./p2partisan_new.sh
        sed '1,/autorun_availability_check/{s@autorun_availability_check=.*@'"autorun_availability_check=$autorun_availability_check"'@'} -i ./p2partisan_new.sh
        sed '1,/schedule/{s@schedule=.*@'"schedule=\"$schedule\""'@'} -i ./p2partisan_new.sh
        sed '1,/testip/{s@testip=.*@'"testip=$testip"'@'} -i ./p2partisan_new.sh
        tr -d "\r"< ./p2partisan_new.sh > ./.temp ; mv ./.temp ./p2partisan_new.sh
        echo "3/6) Copying p2partisan.sh into p2partisan.sh.old"
        cp ./p2partisan.sh ./p2partisan_old
        echo "4/6) Installing new script into p2partisan.sh"
        mv ./p2partisan_new.sh ./p2partisan.sh
        echo "5/6) Setting up permissions"
        chmod -R 777 ./p2partisan.sh 2> /dev/null
        echo "6/6) all done, I'm now running the script for you.
NOTE: autorun, autoupdate and tutor settings are left as they were found
"
        pforcestop
}

ptutor() {
    running3=`iptables -L INPUT | grep P2PARTISAN-IN  2> /dev/null | wc -l`
# add additional controls here for output and forward
    running4=`[ -f $pidfile ] && echo 1 || echo 0`
    if [[ $running3 -ne "1" ]] && [[ $running4 -eq "1" ]]; then
            plog "P2Partisan appears to be loading, I'll wait 5 minutes..."
            sleep 300
        if [[ $running3 -ne "1" ]] && [[ $running4 -eq "1" ]]; then
            psoftstop
            plog "P2Partisan tutor had to restart due to Stuck on Loading"
            pstart
        fi
    else
    echo "P2Partisan up and running. The tutor is happy"
    fi
 }

ptutorset() {
    cru d P2Partisan-tutor
    ab=`tr -cd 0-5 </dev/urandom | head -c 1`
    a=`tr -cd 0-9 </dev/urandom | head -c 1`
    a=`echo $ab$a`
    scheduleme=`echo "$a * * * *"`
    cru a P2Partisan-tutor "$scheduleme $P2Partisandir/p2partisan.sh tutor"
    pp=`nvram get script_fire | grep "p2partisan.sh tutor" | grep -v cru | wc -l`
    p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
    if [ $p -eq "0" ] ; then
        if [ $pp -eq "0" ]; then
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
        else
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
        fi
    fi
    plog "P2Partisan tutor is ON"
    nvram commit
}

ptutorunset() {
    cru d P2Partisan-tutor
    p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
    if [ $p -eq "1" ] ; then
    t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$schedule $P2Partisandir/p2partisan.sh tutor\"\n" | grep -v "cru a P2Partisan-tutor"` ; nvram set "script_fire=$t"
    fi
    plog "P2Partisan tutor is OFF"
    nvram commit
 }

 ptest() {
checklist="blacklist-custom whitelist `cat blacklists | grep -v "^#" | grep -v "^$" | cut -d" " -f1`"
    echo $checklist | tr " " "\n" |

    (
        while read LIST
        do
        ipset -T $LIST $1 1>/dev/nul && echo -e "\033[1;32m$1   found in    $LIST\033[0;39m" || echo -e "$1 not found in    $LIST"
        done
    )
}


pstart() {
    running4=`[ -f $pidfile ] && echo 1 || echo 0`
    if [ $running4 -eq "0" ] ; then

    /bin/ntpsync > /dev/null 2>&1
    pre=`date +%s`
    sleep 1

    echo $$ > $pidfile

    [ -f iptables-add ] && rm iptables-add
    [ -f iptables-del ] && rm iptables-del
    [ -f ipset-del ] && rm ipset-del

    echo "### PREPARATION ###"
    echo "Loading the ipset modules"
    lsmod | cut -c1-20 | grep "ip_set " > /dev/null 2>&1 || insmod ip_set
    lsmod | cut -c1-20 | grep "ip_set_iptreemap" > /dev/null 2>&1 || insmod ip_set_iptreemap
    lsmod | cut -c1-20 | grep "ipt_set" > /dev/null 2>&1 || insmod ipt_set

counter=0
pos=1
couscous=`cat blacklist-custom | grep -v "^#" | grep -v "^$" | wc -l`

        echo "### CUSTOM BLACKLIST ###
blacklist-custom file -> $couscous entries found"
 if [ $couscous -eq "0" ]; then
        echo "No custom blacklist entries found: skipping"
 else
        echo "loading blacklist #$counter --> ***Custom IP blacklist***"
        ipset --create blacklist-custom iptreemap > /dev/null 2>&1
        if [ -e blacklist-custom ]; then
        for IP in `cat blacklist-custom | grep -v "^#" | grep -v "^$" | grep -Ev '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' | cut -d: -f2`
            do
                ipset -A blacklist-custom $IP
            done
        fi
fi

echo "### WHITELIST ###"

    whiteports_number=`echo $whiteports | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
        aa=1
        b=8
        bb=8
        rounds=`echo $(( $whiteports_number / $b ))`
        if [ $rounds -eq 0 ]; then rounds="1"; fi
    while [ $rounds -gt 0 ]
    do
        w=`echo $whiteports | cut -d"," -f $aa-$bb`
        aa=`echo $(( $bb + 1 ))`
        bb=`echo $(( $bb + $b ))`
    echo "loading whitelisted ports $w exemption"
whitep="${whitep}iptables -A P2PARTISAN-IN -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-FORWARD -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-FORWARD -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-FORWARD -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-FORWARD -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
"
    rounds=`echo $(( $rounds - 1 ))`
    done


        echo "# $now
iptables -N P2PARTISAN-IN 2> /dev/null
iptables -N P2PARTISAN-OUT 2> /dev/null
iptables -N P2PARTISAN-FORWARD 2> /dev/null
iptables -N P2PARTISAN-DROP-IN 2> /dev/null
iptables -N P2PARTISAN-DROP-OUT 2> /dev/null
iptables -N P2PARTISAN-DROP-FORWARD 2> /dev/null
iptables -F P2PARTISAN-IN 2> /dev/null
iptables -F P2PARTISAN-OUT 2> /dev/null
iptables -F P2PARTISAN-FORWARD 2> /dev/null
iptables -F P2PARTISAN-DROP-IN 2> /dev/null
iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
iptables -F P2PARTISAN-DROP-FORWARD 2> /dev/null
iptables -A P2PARTISAN-IN -m set --set blacklist-custom src -j P2PARTISAN-DROP-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set blacklist-custom src -j P2PARTISAN-DROP-OUT 2> /dev/null
iptables -A P2PARTISAN-FORWARD -m set --set blacklist-custom src -j P2PARTISAN-DROP-FORWARD 2> /dev/null" > iptables-add


        echo "# $now
iptables -D FORWARD -m state --state NEW -j P2PARTISAN-FORWARD 2> /dev/null
iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -F P2PARTISAN-DROP-IN 2> /dev/null
iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
iptables -F P2PARTISAN-DROP-FORWARD 2> /dev/null
iptables -F P2PARTISAN-IN 2> /dev/null
iptables -F P2PARTISAN-OUT 2> /dev/null
iptables -F P2PARTISAN-FORWARD 2> /dev/null
iptables -X P2PARTISAN-IN 2> /dev/null
iptables -X P2PARTISAN-OUT 2> /dev/null
iptables -X P2PARTISAN-FORWARD 2> /dev/null
iptables -X P2PARTISAN-DROP-IN 2> /dev/null
iptables -X P2PARTISAN-DROP-OUT 2> /dev/null
iptables -X P2PARTISAN-DROP-FORWARD 2> /dev/null" >> iptables-del


echo "preparing the IP whitelist for the iptables"
#Load the whitelist
if [ "$(ipset --swap whitelist whitelist 2>&1 | grep 'Unknown set')" != "" ]
    then
    ipset --create whitelist iptreemap > /dev/null 2>&1
    cat whitelist |
    (
    while read IP
    do
            echo "$IP" | grep "^#" >/dev/null 2>&1 && continue
            echo "$IP" | grep "^$" >/dev/null 2>&1 && continue
                    ipset -A whitelist $IP
            done
    )
fi
        echo "# $now
ipset -F
ipset -X blacklist-custom
ipset -X whitelist" > ipset-del

            echo "loading the IP whitelist"
            echo "iptables -A P2PARTISAN-IN -m set --set whitelist src -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set whitelist dst -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-FORWARD -m set --set whitelist dst -j ACCEPT 2> /dev/null
$whitep" >> iptables-add

        if [ $syslogs -eq "1" ]; then
            echo "iptables -A P2PARTISAN-DROP-IN -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Dropped INPUT >> \" --log-level 1 2> /dev/null" >> iptables-add
            echo "iptables -A P2PARTISAN-DROP-OUT -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Rejected OUTPUT >> \" --log-level 1 2> /dev/null" >> iptables-add
            echo "iptables -A P2PARTISAN-DROP-FORWARD -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Dropped FORWARD-IN >> \" --log-level 1 2> /dev/null" >> iptables-add

        fi
        echo "iptables -A P2PARTISAN-DROP-IN -j DROP
iptables -A P2PARTISAN-DROP-OUT -j REJECT --reject-with icmp-admin-prohibited
iptables -A P2PARTISAN-DROP-FORWARD -j DROP"  >> iptables-add


echo "### BLACKLISTs ###"

    cat blacklists |
   (
    while read line
    do
            echo "$line" | grep "^#" >/dev/null 2>&1 && continue
            echo "$line" | grep "^$" >/dev/null 2>&1 && continue
            counter=`expr $counter + 1`
            name=`echo $line |cut -d ' ' -f1`
            url=`echo $line |cut -d ' ' -f2`
            echo "loading blacklist #$counter --> ***$name***"

    if [ $fastroutine -eq "1" ]; then

     if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
      then
          [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
          [ -e $name.gz ] || wget -q -O $name.gz "$url"
          { echo "-N $name iptreemap"
            gunzip -c  $name.gz | \
            sed -e "/^[\t ]*#.*\|^[\t ]*$/d;s/^.*:/-A $name /" | \
            grep -Ev '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)'
            echo COMMIT
          } | ipset -R
     fi
    else

        if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
            then
            [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
            ipset --create $name iptreemap
            [ -e $name.lst ] || wget -q -O - "$url" | gunzip | cut -d: -f2 | grep -E "^[-0-9.]+$" | grep -Ev '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' > $name.lst
            for IP in $(cat $name.lst)
                    do
                    ipset -A $name $IP
                    done
            fi

    fi

                echo "ipset -X $name " >> ipset-del
                echo "iptables -A P2PARTISAN-IN -m set --set $name src -j P2PARTISAN-DROP-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set $name dst -j P2PARTISAN-DROP-OUT 2> /dev/null
# add double rule
iptables -A P2PARTISAN-FORWARD -m set --set $name dst -j P2PARTISAN-DROP-FORWARD 2> /dev/null" >> iptables-add
            done
    )


echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -I FORWARD $pos -m state --state NEW -j P2PARTISAN-FORWARD 2> /dev/null" >> iptables-add

chmod 777 ./iptables-* 2> /dev/null
chmod 777 ./ipset-* 2> /dev/null
./iptables-add  #protecting

plog "... P2Partisan started."

p=`nvram get dnsmasq_custom | grep log-async | wc -l`
if [ $p -eq "1" ]; then
    plog "log-async found under dnsmasq -> OK"
else
    plog "
It appears like you don't have a log-async parameter
in your dnsmasq config. This is strongly suggested
due to the amount of logs involved. please consider
adding the following command under Advanced/DHCP/DNS
/Dnsmasq Custom configuration

log-async=5
"
fi

punblock  #remove paranoia DROPs if any

    post=`date +%s`
    runtime=`echo $(( $post - $pre ))`
    [ -f ./runtime ] || echo $runtime > ./runtime
    else
        echo "
    It appears like P2Partisan is already running. Skipping...

    If this is not what you expected? Try:
    p2partisan.sh update
        "
    fi
}


for p in $1
do
case "$p" in
        "start")
                pstart
                exit
                ;;
        "stop")
                pforcestop
                exit
                ;;
        "restart")
                psoftstop
                ;;
        "status")
                pstatus
                exit
                ;;
        "pause")
                psoftstop
                exit
                ;;
        "test")
                ptest $2
                exit
                ;;
        "update")
                pforcestop
                ;;
        "paranoia-update")
                pblock
                pforcestop
                ;;
        "autorun-on")
                pautorunset
                exit
                ;;
        "autorun-off")
                pautorununset
                exit
                ;;
        "autoupdate-on")
                pscheduleset
                exit
                ;;
        "autoupdate-off")
                pscheduleunset
                exit
                ;;
        "tutor-on")
                ptutorset
                exit
                ;;
        "tutor-off")
                ptutorunset
                exit
                ;;
        "tutor")
                ptutor
                exit
                ;;
        "upgrade")
                pupgrade
                ;;
        "upgrade-silent")
                pupgradesilent
                ;;
        "upgrade-beta")
                pupgradebeta
                ;;
        "help")
                echo "
    P2Partisan parameters:

    help            Display this text
    start           Starts the process (this runs also if no option
                is provided)
    stop            Stops P2Partisan
    restart         Soft restart, quick, updates iptables only
    pause           Soft stop P2Partisan allowing for quick start
    update          Hard restart, slow removes p2partisan, updates
                the lists and does a fresh start
    paranoia-update     Like update but blocks any new connection until
                P2Partisan is running again
    status          Display P2Partisan running status + extra info
    test <IP>       Verify existence of the given IP against lists
    autorun-on      Sets P2Partisan to boot with the router
    autorun-off     Sets P2Partisan not to boot with the router
    autoupdate-on       Sets automatic weekly updates to on
    autoupdate-off      Sets automatic weekly updates to off
    tutor-on        Sets hourly running-status checks to on
    tutor-off       Sets hourly running-status checks to off
    upgrade         Download and install the latest P2Partisan
    upgrade-silent      Like upgrade but no question asked. Useful for scheduler
"
                exit
                ;;
        *)
                echo "parameter not valid. please run:

    p2partisan.sh help
    "
                exit
            ;;

esac
done

pstart

exit