API tools faq
paste
Advertisement
rs232

p2partisan 4.11

rs232
Oct 5th, 2014
318
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 26.68 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. #
  3. # p2partisan v4.11 (05/10/2014)
  4. #
  5. # <CONFIGURATION> ###########################################
  6. # Adjust location where the files are kept
  7. P2Partisandir=/cifs1/p2partisan
  8. #
  9. # Edit the file "blacklists" to customise if needed
  10. # Edit the "whitelist" to overwrite the blacklist if needed
  11. #
  12. # Enable logging? Use only for troubleshooting. 0=off 1=on
  13. syslogs=1
  14. # Maximum number of logs to be recorded in a given 60 min
  15. # Consider set this very low (like 3 or 6) once your are
  16. # happy with the installation. To troubleshoot blocked
  17. # connection close all the secondary traffic e.g. p2p
  18. # and try a connection to the blocked site/port you should
  19. # find a reference in the logs.
  20. maxloghour=1
  21. #
  22. # What do you want to block?
  23. # 1) Input (Router only, running transmission?)
  24. # 2) LAN (LAN clients only)
  25. # 3) Both *default
  26. protection=3
  27. #
  28. # ports to be whitelisted. Whitelisted ports will never be
  29. # blocked no matter what the source/destination IP is.
  30. # This is very important if you're running a service like
  31. # e.g. SMTP/HTTP/IMAP/else. Separate value in the list below
  32. # with commas - NOTE: Leave 80 and 443 untouched, add custom ports only
  33. # you might want to add remote admin and VPN ports here if any.
  34. # Standard iptables syntax, individual ports divided by "," and ":" to
  35. # define a range e.g. 80,443,2100:2130. Do not whitelist you P2P client!
  36. whiteports=53,80,123,443,1194:1197,1723
  37. #
  38. # Fastrouting will process the IP classes very quickly but use
  39. # Lot of resources. If you disable the effect is transparent
  40. # but the full process will take minutes rather than seconds
  41. # 0=disabled 1=enabled
  42. fastroutine=1
  43. #
  44. # Enable check on script availability to help autorun
  45. # E.g. wait for the file to be available in cifs before run it
  46. # instead of quit with a file missing error
  47. autorun_availability_check=1
  48. #
  49. # Schedule updates? (once a week is plenty). Custom syntax:
  50. # m = random minute picked up in the range[0-59]
  51. # h = random hour picked up in the range [1-5]am
  52. # d = random day of the week picked up in the range Sun to Sat [0-6]
  53. # if unwanted set your own specific time e.g.
  54. # "30 4 * * 1" 4:30 on a Monday
  55. # or use a combination e.g. random minute at 1am on a Tuesday:
  56. # "m 1 * * 3"
  57. # Specify this always in between "" please
  58. schedule="m h * * d"
  59. #
  60. # IP for testing Internet connectivity
  61. testip=8.8.8.8
  62. # </CONFIGURATION> ###########################################
  63.  
  64. # Wait until Internet is available
  65.     while :
  66.     do
  67.         ping -c 3 $testip >/dev/null 2>&1
  68.         if [ $? = 0 ]; then
  69.             break
  70.         fi
  71.         sleep 5
  72.     done
  73.  
  74. pidfile=/var/run/p2partisan.pid
  75. cd $P2Partisandir
  76. version=`head -3 ./p2partisan.sh | tail -1 | cut -f 3- -d " "`
  77.  
  78. alias ipset='/bin/nice -n19 /usr/sbin/ipset'
  79. alias sed='/bin/nice -n19 /bin/sed'
  80. alias iptables='/usr/sbin/iptables'
  81. alias service='/sbin/service'
  82. alias plog='logger -t P2PARTISAN -s'
  83. now=`date +%s`
  84. wanif=`nvram get wan_ifname`
  85. lanif=`nvram get lan_ifname`
  86.  
  87.  
  88. psoftstop() {
  89.     ./iptables-del 2> /dev/null
  90.     plog "Stopping P2Partisan"
  91.     [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
  92.     [ -f iptables-add ] && rm -f "iptables-add" 2> /dev/null
  93.     [ -f iptables-del ] && rm -f "iptables-del" 2> /dev/null
  94. }
  95.  
  96. pblock() {
  97.     plog "P2PArtisan: Applying paranoia block"
  98.     iptables -N PARANOIA-DROP 2> /dev/null
  99.    
  100.     whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
  101.         a=1
  102.         b=8
  103.         rounds=`echo $(( $whiteports_number / $b ))`
  104.         if [ $rounds -eq 0 ]; then rounds="1"; fi
  105.     while [ $rounds -gt 0 ]
  106.     do
  107.         w=`echo $whiteports | cut -d"," -f $a-$b`
  108.         a=`echo $(( $a + $b ))`
  109.         b=`echo $(( $b + $b ))`
  110. whitep="${whitep}iptables -A PARANOIA-DROP -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
  111. iptables -A PARANOIA-DROP -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
  112. iptables -A PARANOIA-DROP -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
  113. iptables -A PARANOIA-DROP -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
  114. "
  115.     rounds=`echo $(( $rounds - 1 ))`
  116.     done
  117.  
  118.     iptables -A PARANOIA-DROP -m limit --limit $maxloghour/hour --limit-burst 5 -j LOG --log-prefix "P2Partisan Rejected (paranoia): " --log-level 1 2> /dev/null
  119.     iptables -A PARANOIA-DROP -j DROP
  120.     iptables -I wanin 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  121.     iptables -I wanout 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  122.     iptables -I INPUT 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  123.     iptables -I OUTPUT 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  124. }
  125.  
  126. punblock() {
  127.     while iptables -L wanin 2> /dev/null | grep "PARANOIA-DROP"
  128.     do
  129.         iptables -D wanin -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  130.     done
  131.     while iptables -L wanout 2> /dev/null | grep "PARANOIA-DROP"
  132.     do
  133.         iptables -D wanout -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  134.     done
  135.     while iptables -L OUTPUT 2> /dev/null | grep "PARANOIA-DROP"
  136.     do
  137.         iptables -D OUTPUT -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  138.     done
  139.     while iptables -L INPUT 2> /dev/null | grep "PARANOIA-DROP"
  140.     do
  141.         iptables -D INPUT -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  142.     done
  143.     iptables -F PARANOIA-DROP 2> /dev/null && plog "P2PArtisan: Removing paranoia block"
  144.     iptables -X PARANOIA-DROP 2> /dev/null
  145. }
  146.  
  147. pforcestop() {
  148.     while iptables -L wanin 2> /dev/null | grep P2PARTISAN-IN
  149.     do
  150.         iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  151.     done
  152.     while iptables -L wanout 2> /dev/null | grep P2PARTISAN-OUT
  153.     do
  154.         iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  155.     done
  156.     while iptables -L INPUT | grep P2PARTISAN-IN
  157.     do
  158.         iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  159.     done
  160.     while iptables -L INPUT | grep P2PARTISAN-OUT
  161.     do
  162.         iptables -D INPUT -i $lanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  163.     done
  164.     while iptables -L OUTPUT | grep P2PARTISAN-OUT
  165.     do
  166.         iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  167.     done
  168.     iptables -F P2PARTISAN-DROP-IN 2> /dev/null
  169.     iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
  170.     iptables -F P2PARTISAN-IN 2> /dev/null
  171.     iptables -F P2PARTISAN-OUT 2> /dev/null
  172.     iptables -X P2PARTISAN-DROP-IN 2> /dev/null
  173.     iptables -X P2PARTISAN-DROP-OUT 2> /dev/null   
  174.     iptables -X P2PARTISAN-IN 2> /dev/null
  175.     iptables -X P2PARTISAN-OUT 2> /dev/null
  176.     ipset -F
  177.     for i in `ipset --list | grep Name | cut -f2 -d ":" `; do
  178.         ipset -X $i
  179.     done
  180.     chmod 777 ./*.gz
  181.     [ -f iptables-add ] && rm iptables-add
  182.     [ -f iptables-del ] && rm iptables-del
  183.     [ -f ipset-del ] && rm ipset-del
  184.     [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
  185.     [ -f runtime ] && rm -f "runtime" 2> /dev/null
  186. plog "Unloading ipset modules"
  187.     lsmod | grep "ipt_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ipt_set 2> /dev/null
  188.     lsmod | grep "ip_set_iptreemap" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set_iptreemap 2> /dev/null
  189.     lsmod | grep "ip_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set 2> /dev/null
  190. plog "Stopping P2Partisan"
  191. }
  192.  
  193. pstatus() {
  194.         running3=`iptables -L INPUT | grep P2PARTISAN-IN  2> /dev/null | wc -l`
  195.         running4=`[ -f $pidfile ] && echo 1 || echo 0`
  196.         running5=`nvram get script_fire | grep p2partisan >/dev/null && echo Yes || echo No`
  197.         running6=`cru l | grep P2Partisan-update >/dev/null && echo Yes || echo No`
  198.         running7=`tail -200 /var/log/messages | grep Dropped | tail -1`
  199.         running7a=`tail -200 /var/log/messages | grep Rejected | tail -1`
  200.         running9=`nvram get script_fire | grep "p2partisan.sh tutor" >/dev/null && echo Yes || echo No`
  201.         runningA=`cat /var/log/messages | grep "Applying paranoia" | wc -l`
  202.         runningB=`cat /var/log/messages | grep "Stuck on Loading" | wc -l`
  203.         runningC=`cat blacklists | grep -v "^#" | grep -v "^$" | wc -l`
  204.         runningD=`cat ./runtime`
  205.         from=`head -1 ./iptables-add 2> /dev/null | cut -c3-`
  206.         runtime=`echo $(( $now - $from ))`
  207.     d=`echo $(( $runtime / 86400 ))`
  208.         h=`echo $((( $runtime / 3600 ) %24 ))`
  209.     m=`echo $((( $runtime / 60 ) %60 ))`
  210.     s=`echo $(( $runtime %60 ))`
  211.         runtime=`printf "$d - %02d:%02d:%02d\n" $h $m $s`
  212.         drop_packet_count_in=`iptables -vL P2PARTISAN-DROP-IN 2> /dev/null| grep " DROP " | awk '{print $1}'`
  213.         drop_packet_count_out=`iptables -vL P2PARTISAN-DROP-OUT 2> /dev/null| grep " REJECT " | awk '{print $1}'`
  214.        
  215.        
  216.         if [[ $running3 -eq "0" ]] && [[ $running4 -eq "0" ]]; then
  217.                 running8=No
  218.         elif [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
  219.                 running8=Loading...
  220.         elif [[ $running3 -gt "0" ]] && [[ $running4 -eq "0" ]]; then
  221.                 running8=Not quite... try to run \"p2partisan.sh update\"
  222.         else
  223.                 running8=Yes
  224.         fi
  225.  
  226.        
  227.         echo "################### P2Partisan ##########################
  228. #       Release version: $version
  229. ################# P2Partisan status #####################
  230. # Running:      $running8
  231. # Autorun:      $running5
  232. # Scheduled:    $running6 / $runningA since boot
  233. # Tutor:        $running9 / $runningB since boot
  234. #########################################################
  235. # Uptime:       $runtime
  236. # Dropped in:   $drop_packet_count_in
  237. # Rejected out: $drop_packet_count_out
  238. #########################################################
  239. # Blacklists:   $runningC
  240. # Startup time: $runningD seconds"
  241.         whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
  242.                 a=1
  243.                 b=8
  244.                 rounds=`echo $(( $whiteports_number / $b ))`
  245.                 if [ $rounds -eq 0 ]; then rounds="1"; fi
  246.         while [ $rounds -gt 0 ]
  247.         do
  248.                 w=`echo $whiteports | cut -d"," -f $a-$b`
  249.                 a=`echo $(( $a + $b ))`
  250.                 b=`echo $(( $b + $b ))`
  251.         echo "# White ports:  $w"
  252.                 rounds=`echo $(( $rounds - 1 ))`
  253.         done
  254. echo "################# Last log recorded #####################
  255. # Remember your max logs per hour is set to: $maxloghour
  256. $running7
  257. $running7a
  258. #########################################################"
  259. }
  260.  
  261.  
  262. if [ $autorun_availability_check = 1 ]; then
  263. av="while true; do [ -f $P2Partisandir/p2partisan.sh ] && break || sleep 5; done ;"
  264. fi
  265.  
  266. pautorunset() {
  267.     p=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
  268.     if [ $p -eq "0" ] ; then
  269.         t=`nvram get script_fire`; t=`printf "$t\n$av$P2Partisandir/p2partisan.sh\n"` ; nvram set "script_fire=$t"
  270.     fi
  271.     plog "P2Partisan AUTO RUN is ON"
  272.     nvram commit
  273. }
  274.  
  275. pautorununset() {
  276.     p=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
  277.     if [ $p -eq "1" ]; then
  278.     t=`nvram get script_fire`; t=`printf "$t\n$P2Partisandir/p2partisan.sh\n" | grep -v p2partisan` ; nvram set "script_fire=$t"
  279.     fi
  280.     plog "P2Partisan AUTO RUN is OFF"
  281.     nvram commit
  282. }
  283.  
  284. pscheduleset() {
  285.     cru d P2Partisan-update
  286.     e=`tr -cd 0-5 </dev/urandom | head -c 1`
  287.     f=`tr -cd 0-9 </dev/urandom | head -c 1`
  288.     a=`echo $e$f`
  289.     b=`tr -cd 1-5 </dev/urandom | head -c 1`
  290.     c=`tr -cd 0-6 </dev/urandom | head -c 1`
  291.     scheduleme=`echo "$schedule" | tr "m" "$a"`
  292.     scheduleme=`echo "$scheduleme" | tr "h" "$b"`
  293.     scheduleme=`echo "$scheduleme" | tr "d" "$c"`
  294.     cru a P2Partisan-update "$scheduleme $P2Partisandir/p2partisan.sh paranoia-update"
  295.     pp=`nvram get script_fire | grep "p2partisan.sh paranoia-update" | grep -v cru | wc -l`
  296.     p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
  297.     if [ $p -eq "0" ] ; then
  298.         if [ $pp -eq "0" ]; then
  299.         t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
  300.         else
  301.         pautorununset
  302.         t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
  303.         pautorunset
  304.         fi
  305.     fi
  306.     plog "P2Partisan AUTO UPDATE is ON"
  307.     nvram commit
  308. }
  309.  
  310. pscheduleunset() {
  311.     cru d P2Partisan-update
  312.     p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
  313.     if [ $p -eq "1" ] ; then
  314.     t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n" | grep -v "cru a P2Partisan-update"` ; nvram set "script_fire=$t"
  315.     fi
  316.     plog "P2Partisan AUTO UPDATE is OFF"
  317.     nvram commit
  318. }
  319.  
  320. pupgrade() {
  321.     wget -q -O - http://pastebin.com/raw.php?i=jqHD3hfT | grep "p2partisan v" | grep -v grep> ./latest
  322.     latest=`cat ./latest | cut -c3-31`
  323.     current=`cat ./p2partisan.sh | grep "p2partisan v" | head -1 | cut -c3-32 `
  324.     if [ "$latest" == "$current" ]; then
  325.     echo "
  326. You're already running the latest version of P2Partisan
  327. "
  328.     else
  329.     echo "
  330. There's a new P2Partisan update available. Do you want to upgrade?
  331.    
  332.             current = $current
  333.    
  334.                     to
  335.            
  336.              latest = $latest
  337.  
  338. y/n"
  339.     read answer
  340.     # echo "You entered: $input_variable"
  341.         if [ $answer == "y" ]; then
  342.         echo "Upgrading, please wait:"
  343.         echo "1/6) Downloading the script"
  344.         wget -q -O ./p2partisan_new.sh http://pastebin.com/raw.php?i=jqHD3hfT
  345.         echo "2/6) Migrating the configuration"
  346.         sed '1,/P2Partisandir/{s@P2Partisandir=.*@'"P2Partisandir=$P2Partisandir"'@'} -i ./p2partisan_new.sh
  347.         sed '1,/syslogs/{s@syslogs=.*@'"syslogs=$syslogs"'@'} -i ./p2partisan_new.sh
  348.         sed '1,/maxloghour/{s@maxloghour=.*@'"maxloghour=$maxloghour"'@'} -i ./p2partisan_new.sh
  349.         sed '1,/protection/{s@protection=.*@'"protection=$protection"'@'} -i ./p2partisan_new.sh
  350.         sed '1,/whiteports/{s@whiteports=.*@'"whiteports=$whiteports"'@'} -i ./p2partisan_new.sh
  351.         sed '1,/fastroutine/{s@fastroutine=.*@'"fastroutine=$fastroutine"'@'} -i ./p2partisan_new.sh
  352.         sed '1,/autorun_availability_check/{s@autorun_availability_check=.*@'"autorun_availability_check=$autorun_availability_check"'@'} -i ./p2partisan_new.sh
  353.         sed '1,/schedule/{s@schedule=.*@'"schedule=\"$schedule\""'@'} -i ./p2partisan_new.sh
  354.         sed '1,/testip/{s@testip=.*@'"testip=$testip"'@'} -i ./p2partisan_new.sh       
  355.         tr -d "\r"< ./p2partisan_new.sh > ./.temp ; mv ./.temp ./p2partisan_new.sh
  356.         echo "3/6) Copying p2partisan.sh into p2partisan.sh.old"
  357.         cp ./p2partisan.sh ./p2partisan_old
  358.         echo "4/6) Installing new script into p2partisan.sh"
  359.         mv ./p2partisan_new.sh ./p2partisan.sh
  360.         echo "5/6) Setting up permissions"
  361.         chmod -R 777 ./p2partisan.sh
  362.         echo "6/6) all done, I'm now running the script for you.
  363. NOTE: autorun, autoupdate and tutor settings are left as they were found
  364. "
  365.         pforcestop
  366.         ./p2partisan.sh
  367.         else
  368.         echo "Upgrade skipped. Quitting..."
  369.         exit
  370.         fi
  371.    
  372.     fi
  373.  }
  374.  
  375. ptutor() {
  376.     running3=`iptables -L INPUT | grep P2PARTISAN-IN  2> /dev/null | wc -l`
  377.     running4=`[ -f $pidfile ] && echo 1 || echo 0`
  378.     if [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
  379.             plog "P2Partisan appears to be loading, I'll wait 5 minutes..."    
  380.             sleep 300
  381.         if [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
  382.             psoftstop
  383.             plog "P2Partisan tutor had to restart due to Stuck on Loading"
  384.             pstart
  385.         fi
  386.     else
  387.     echo "P2Partisan up and running. The tutor is happy"
  388.     fi
  389.  }
  390.  
  391. ptutorset() {
  392.     cru d P2Partisan-tutor
  393.     ab=`tr -cd 0-5 </dev/urandom | head -c 1`
  394.     a=`tr -cd 0-9 </dev/urandom | head -c 1`
  395.     a=`echo $ab$a`
  396.     scheduleme=`echo "$a * * * *"`
  397.     cru a P2Partisan-tutor "$scheduleme $P2Partisandir/p2partisan.sh tutor"
  398.     pp=`nvram get script_fire | grep "p2partisan.sh tutor" | grep -v cru | wc -l`
  399.     p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
  400.     if [ $p -eq "0" ] ; then
  401.         if [ $pp -eq "0" ]; then
  402.         t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
  403.         else
  404.         t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
  405.         fi
  406.     fi
  407.     plog "P2Partisan tutor is ON"
  408.     nvram commit
  409. }
  410.  
  411. ptutorunset() {
  412.     cru d P2Partisan-tutor
  413.     p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
  414.     if [ $p -eq "1" ] ; then
  415.     t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$schedule $P2Partisandir/p2partisan.sh tutor\"\n" | grep -v "cru a P2Partisan-tutor"` ; nvram set "script_fire=$t"
  416.     fi
  417.     plog "P2Partisan tutor is OFF"
  418.     nvram commit
  419.  }
  420.  
  421. pstart() {
  422.     running4=`[ -f $pidfile ] && echo 1 || echo 0`
  423.     if [ $running4 -eq "0" ] ; then
  424.  
  425.     /bin/ntpsync > /dev/null 2>&1
  426.     pre=`date +%s`
  427.     sleep 2
  428.  
  429.     echo $$ > $pidfile
  430.    
  431.     [ -f iptables-add ] && rm iptables-add
  432.     [ -f iptables-del ] && rm iptables-del
  433.     [ -f ipset-del ] && rm ipset-del
  434.      
  435.     echo "### PREPARATION ###"
  436.     echo "Loading the ipset modules"
  437.     lsmod | cut -c1-20 | grep "ip_set " > /dev/null 2>&1 || insmod ip_set
  438.     lsmod | cut -c1-20 | grep "ip_set_iptreemap" > /dev/null 2>&1 || insmod ip_set_iptreemap
  439.     lsmod | cut -c1-20 | grep "ipt_set" > /dev/null 2>&1 || insmod ipt_set
  440.  
  441. counter=0
  442. pos=1
  443. couscous=`cat blacklist-custom | grep -v "^#" | grep -v "^$" | wc -l`
  444.  
  445.         echo "### CUSTOM BLACKLIST ###
  446. blacklist-custom file -> $couscous entries found"
  447.  if [ $couscous -eq "0" ]; then
  448.         echo "No custom blacklist entries found: skipping"
  449.  else
  450.         echo "loading blacklist #$counter --> ***Custom IP blacklist***"
  451.         ipset --create blacklist-custom iptreemap
  452.         if [ -e blacklist-custom ]; then
  453.         for IP in `cat blacklist-custom | grep -v "^#" | grep -v "^$" | cut -d: -f2`
  454.             do
  455.                 ipset -A blacklist-custom $IP
  456.             done
  457.         fi
  458. fi
  459.    
  460. echo "### WHITELIST ###"
  461.        
  462.     whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
  463.         a=1
  464.         b=8
  465.         rounds=`echo $(( $whiteports_number / $b ))`
  466.         if [ $rounds -eq 0 ]; then rounds="1"; fi
  467.     while [ $rounds -gt 0 ]
  468.     do
  469.         w=`echo $whiteports | cut -d"," -f $a-$b`
  470.         a=`echo $(( $a + $b ))`
  471.         b=`echo $(( $b + $b ))`
  472.     echo "loading whitelisted ports $w exemption"
  473. whitep="${whitep}iptables -A P2PARTISAN-IN -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
  474. iptables -A P2PARTISAN-IN -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
  475. iptables -A P2PARTISAN-IN -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
  476. iptables -A P2PARTISAN-IN -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
  477. iptables -A P2PARTISAN-OUT -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
  478. iptables -A P2PARTISAN-OUT -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
  479. iptables -A P2PARTISAN-OUT -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
  480. iptables -A P2PARTISAN-OUT -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
  481. "
  482.     rounds=`echo $(( $rounds - 1 ))`
  483.     done
  484.  
  485.  
  486.         echo "# $now
  487. iptables -N P2PARTISAN-IN 2> /dev/null
  488. iptables -N P2PARTISAN-OUT 2> /dev/null
  489. iptables -N P2PARTISAN-DROP-IN 2> /dev/null
  490. iptables -N P2PARTISAN-DROP-OUT 2> /dev/null
  491. iptables -F P2PARTISAN-IN 2> /dev/null
  492. iptables -F P2PARTISAN-OUT 2> /dev/null
  493. iptables -F P2PARTISAN-DROP-IN 2> /dev/null
  494. iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
  495. iptables -A P2PARTISAN-IN -m set --set blacklist-custom src -j P2PARTISAN-DROP-IN 2> /dev/null
  496. iptables -A P2PARTISAN-OUT -m set --set blacklist-custom src -j P2PARTISAN-DROP-OUT 2> /dev/null
  497. $whitep" >> iptables-add
  498.  
  499.  
  500.         echo "# $now
  501. iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  502. iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  503. iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  504. iptables -D INPUT -i $lanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  505. iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  506. iptables -F P2PARTISAN-DROP-IN 2> /dev/null
  507. iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
  508. iptables -F P2PARTISAN-IN 2> /dev/null
  509. iptables -F P2PARTISAN-OUT 2> /dev/null
  510. iptables -X P2PARTISAN-IN 2> /dev/null
  511. iptables -X P2PARTISAN-OUT 2> /dev/null
  512. iptables -X P2PARTISAN-DROP-IN 2> /dev/null
  513. iptables -X P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-del
  514.  
  515.  
  516. echo "preparing the IP whitelist for the iptables"
  517. #Load the whitelist
  518. if [ "$(ipset --swap whitelist whitelist 2>&1 | grep 'Unknown set')" != "" ]
  519.     then
  520.     ipset --create whitelist iptreemap
  521.     cat whitelist | grep -v "^10." | grep -v "^172.16." | grep -v "^192.168." |
  522.     (
  523.     while read IP
  524.     do
  525.             echo "$IP" | grep "^#" >/dev/null 2>&1 && continue
  526.             echo "$IP" | grep "^$" >/dev/null 2>&1 && continue
  527.                     ipset -A whitelist $IP
  528.             done
  529.     )
  530. fi
  531.         echo "# $now
  532. ipset -F
  533. ipset -X blacklist-custom
  534. ipset -X whitelist" > ipset-del
  535.  
  536.             echo "loading the IP whitelist"
  537.             echo "iptables -A P2PARTISAN-IN -m set --set whitelist src -j ACCEPT 2> /dev/null
  538. iptables -A P2PARTISAN-OUT -m set --set whitelist dst -j ACCEPT 2> /dev/null" >> iptables-add
  539.  
  540.         if [ $syslogs -eq "1" ]; then        
  541.             echo "iptables -A P2PARTISAN-DROP-IN -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Dropped: \" --log-level 1 2> /dev/null" >> iptables-add
  542.             echo "iptables -A P2PARTISAN-DROP-OUT -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Rejected: \" --log-level 1 2> /dev/null" >> iptables-add
  543.        
  544.         fi
  545.         echo "iptables -A P2PARTISAN-DROP-IN -j DROP"  >> iptables-add
  546.         echo "iptables -A P2PARTISAN-DROP-OUT -j REJECT --reject-with icmp-admin-prohibited"  >> iptables-add
  547.  
  548.  
  549. echo "### BLACKLISTs ###"
  550.    
  551.     cat blacklists |
  552.    (
  553.     while read line
  554.     do
  555.             echo "$line" | grep "^#" >/dev/null 2>&1 && continue
  556.             echo "$line" | grep "^$" >/dev/null 2>&1 && continue
  557.             counter=`expr $counter + 1`
  558.             name=`echo $line |cut -d ' ' -f1`
  559.             url=`echo $line |cut -d ' ' -f2`
  560.             echo "loading blacklist #$counter --> ***$name***"
  561.      
  562.     if [ $fastroutine -eq "1" ]; then
  563.      
  564.      if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
  565.       then
  566.           [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
  567.           [ -e $name.gz ] || wget -q -O $name.gz "$url"
  568.           { echo "-N $name iptreemap"
  569.             gunzip -c  $name.gz | \
  570.             sed -e "/^[\t ]*#.*\|^[\t ]*$/d;s/^.*:/-A $name /"
  571.             echo COMMIT
  572.           } | ipset -R
  573.      fi
  574.     else
  575.      
  576.         if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
  577.             then
  578.             [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
  579.             ipset --create $name iptreemap
  580.             [ -e $name.lst ] || wget -q -O - "$url" | gunzip | cut -d: -f2 | grep -E "^[-0-9.]+$" > $name.lst
  581.             for IP in $(cat $name.lst)
  582.                     do
  583.                     ipset -A $name $IP
  584.                     done
  585.             fi
  586.              
  587.     fi
  588.  
  589.                 echo "ipset -X $name " >> ipset-del
  590.                 echo "iptables -A P2PARTISAN-IN -m set --set $name src -j P2PARTISAN-DROP-IN 2> /dev/null
  591. iptables -A P2PARTISAN-OUT -m set --set $name dst -j P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-add 
  592.             done
  593.     )
  594.  
  595.  
  596.         if [ $protection -eq "1" ]; then
  597.             echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  598. iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add
  599.         elif [ $protection -eq "2" ]; then
  600.             echo "iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  601. iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  602. iptables -I INPUT $pos -i $lanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null" >> iptables-add
  603.         elif [ $protection -eq "3" ]; then
  604.             echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  605. iptables -I INPUT $pos -i $lanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  606. iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  607. iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  608. iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add
  609.  
  610.         fi
  611.  
  612. chmod 777 ./iptables-*
  613. chmod 777 ./ipset-*
  614. ./iptables-add  #protecting
  615.  
  616. plog "... P2Partisan started."
  617.  
  618. p=`nvram get dnsmasq_custom | grep log-async | wc -l`
  619. if [ $p -eq "1" ]; then
  620.     plog "log-async found under dnsmasq -> OK"
  621. else
  622.     plog "
  623. It appears like you don't have a log-async parameter
  624. in your dnsmasq config. This is strongly suggested
  625. due to the amount of logs involved. please consider
  626. adding the following command under Advanced/DHCP/DNS
  627. /Dnsmasq Custom configuration
  628.  
  629. log-async=10
  630. "
  631. fi
  632.  
  633. punblock  #remove paranoia DROPs if any
  634.  
  635.     post=`date +%s`
  636.     runtime=`echo $(( $post - $pre ))`
  637.     [ -f ./runtime ] || echo $runtime > ./runtime
  638.     else
  639.         echo "
  640.     It appears like P2Partisan is already running. Skipping...
  641.            
  642.     If this is not what you expected? Try:
  643.     p2partisan.sh update
  644.         "
  645.     fi
  646. }
  647.  
  648.  
  649. for p in $1
  650. do
  651. case "$p" in
  652.         "start")
  653.                 pstart
  654.                 exit
  655.                 ;;     
  656.         "stop")
  657.                 pforcestop
  658.                 exit
  659.                 ;;
  660.         "restart")
  661.                 pscheduleunset
  662.                 psoftstop
  663.                 pscheduleset
  664.                 ;;
  665.         "status")
  666.                 pstatus
  667.                 exit               
  668.                 ;;
  669.         "pause")
  670.                 psoftstop
  671.                 exit
  672.                 ;;
  673.         "update")
  674.                 pforcestop
  675.                 exit
  676.                 ;;
  677.         "paranoia-update")
  678.                 pblock
  679.                 pforcestop
  680.                 ;;
  681.         "autorun-on")
  682.                 pautorunset
  683.                 exit
  684.                 ;;
  685.         "autorun-off")
  686.                 pautorununset
  687.                 exit
  688.                 ;;
  689.         "autoupdate-on")
  690.                 pscheduleset
  691.                 exit
  692.                 ;;
  693.         "autoupdate-off")
  694.                 pscheduleunset
  695.                 exit
  696.                 ;;
  697.         "tutor-on")
  698.                 ptutorset
  699.                 exit
  700.                 ;;
  701.         "tutor-off")
  702.                 ptutorunset
  703.                 exit
  704.                 ;;
  705.         "tutor")
  706.                 ptutor
  707.                 exit
  708.                 ;;
  709.         "upgrade")
  710.                 pupgrade
  711.                 ;;
  712.         "help")
  713.                 echo
  714.     P2Partisan parameters:
  715.        
  716.     help            Display this text      
  717.     start           Starts the process (this runs also if no option
  718.                 is provided)
  719.     stop            Stops P2Partisan
  720.     restart         Soft restart, quick, updates iptables only
  721.     pause           Soft stop P2Partisan allowing for quick start
  722.     update          Hard restart, slow removes p2partisan, updates
  723.                 the lists and does a fresh start
  724.     paranoia-update     Like update but blocks any new connection until
  725.                 P2Partisan is running again
  726.     status          Display P2Partisan running status + extra info
  727.     autorun-on      Sets P2Partisan to boot with the router
  728.     autorun-off     Sets P2Partisan not to boot with the router
  729.     autoupdate-on       Sets automatic weekly updates to on
  730.     autoupdate-off      Sets automatic weekly updates to off
  731.     tutor-on        Sets hourly running-status checks to on
  732.     tutor-off       Sets hourly running-status checks to off
  733.     upgrade         Download and install the latest P2Partisan
  734. "
  735.                 exit
  736.                 ;;
  737.         *)
  738.                 echo "parameter not valid. please run:
  739.                
  740.     p2partisan.sh help
  741.     "
  742.                 exit
  743.             ;;
  744.  
  745. esac
  746. done
  747.  
  748. pstart
  749.  
  750. exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!