p2partisan 4.45

#!/bin/sh
#
# p2partisan v4.45 (14/01/2015)
#
# <CONFIGURATION> ###########################################
# Adjust location where the files are kept
P2Partisandir=/cifs1/p2partisan
#
# Edit the file "blacklists" to customise if needed
# Edit the "whitelist" to overwrite the blacklist if needed
#
# Enable logging? Use only for troubleshooting. 0=off 1=on
syslogs=1
# Maximum number of logs to be recorded in a given 60 min
# Consider set this very low (like 3 or 6) once your are
# happy with the installation. To troubleshoot blocked
# connection close all the secondary traffic e.g. p2p
# and try a connection to the blocked site/port you should
# find a reference in the logs.
maxloghour=1
#
# What do you want to block?
# 1) Input (Router only, running transmission?)
# 2) LAN (LAN clients only)
# 3) Both *default
protection=3
#
# ports to be whitelisted. Whitelisted ports will never be
# blocked no matter what the source/destination IP is.
# This is very important if you're running a service like
# e.g. SMTP/HTTP/IMAP/else. Separate value in the list below
# with commas - NOTE: Leave 80 and 443 untouched, add custom ports only
# you might want to add remote admin and VPN ports here if any.
# Standard iptables syntax, individual ports divided by "," and ":" to
# define a range e.g. 80,443,2100:2130. Do not whitelist you P2P client!
whiteports=21,25,44,53,80,123,443,1194:1197,1723
#
# Fastrouting will process the IP classes very quickly but use
# Lot of resources. If you disable the effect is transparent
# but the full process will take minutes rather than seconds
# 0=disabled 1=enabled
fastroutine=1
#
# Enable check on script availability to help autorun
# E.g. wait for the file to be available in cifs before run it
# instead of quit with a file missing error
autorun_availability_check=1
#
# Schedule updates? (once a week is plenty). Custom syntax:
# m = random minute picked up in the range[0-59]
# h = random hour picked up in the range [1-5]am
# d = random day of the week picked up in the range Sun to Sat [0-6]
# if unwanted set your own specific time e.g.
# "30 4 * * 1" 4:30 on a Monday
# or use a combination e.g. random minute at 1am on a Tuesday:
# "m 1 * * 3"
# Specify this always in between "" please
schedule="m h * * d"
#
# IP for testing Internet connectivity
testip=8.8.8.8
# </CONFIGURATION> ###########################################

# Wait until Internet is available
        while :
        do
                ping -c 3 $testip >/dev/null 2>&1
                if [ $? = 0 ]; then
                        break
                fi
                sleep 5
        done

pidfile=/var/run/p2partisan.pid
cd $P2Partisandir
version=`head -3 ./p2partisan.sh | tail -1 | cut -f 3- -d " "`

alias ipset='/bin/nice -n19 /usr/sbin/ipset'
alias sed='/bin/nice -n19 /bin/sed'
alias iptables='/usr/sbin/iptables'
alias service='/sbin/service'
alias plog='logger -t P2PARTISAN -s'
now=`date +%s`
wanif=`nvram get wan_ifname`
lanif=`nvram get lan_ifname`


psoftstop() {
        ./iptables-del 2> /dev/null
        plog "Stopping P2Partisan"
        [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
        [ -f iptables-add ] && rm -f "iptables-add" 2> /dev/null
        [ -f iptables-del ] && rm -f "iptables-del" 2> /dev/null
}

pblock() {
        plog "P2PArtisan: Applying paranoia block"
        iptables -N PARANOIA-DROP 2> /dev/null
        whiteports_number=`echo $whiteports | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
                aa=1
                b=8
                bb=8
                rounds=`echo $(( $whiteports_number / $b ))`
                if [ $rounds -eq 0 ]; then rounds="1"; fi
        while [ $rounds -gt 0 ]
        do
                w=`echo $whiteports | cut -d"," -f $aa-$bb`
                aa=`echo $(( $bb + 1 ))`
                bb=`echo $(( $bb + $b ))`
whitep="${whitep}iptables -A PARANOIA-DROP -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -m set --set whitelist dst -j ACCEPT 2> /dev/null"
        rounds=`echo $(( $rounds - 1 ))`
        done

        iptables -A PARANOIA-DROP -m limit --limit $maxloghour/hour --limit-burst 5 -j LOG --log-prefix "P2Partisan Rejected (PARANOIA) >> " --log-level 1 2> /dev/null
        iptables -A PARANOIA-DROP -j DROP
        iptables -I wanin 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        iptables -I wanout 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        iptables -I INPUT 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        iptables -I OUTPUT 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
}

punblock() {
        while iptables -L wanin 2> /dev/null | grep "PARANOIA-DROP"
        do
                iptables -D wanin -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        done
        while iptables -L wanout 2> /dev/null | grep "PARANOIA-DROP"
        do
                iptables -D wanout -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        done
        while iptables -L OUTPUT 2> /dev/null | grep "PARANOIA-DROP"
        do
                iptables -D OUTPUT -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        done
        while iptables -L INPUT 2> /dev/null | grep "PARANOIA-DROP"
        do
                iptables -D INPUT -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
        done
        iptables -F PARANOIA-DROP 2> /dev/null && plog "P2PArtisan: Removing paranoia block"
        iptables -X PARANOIA-DROP 2> /dev/null
}

pforcestop() {
        while iptables -L wanin 2> /dev/null | grep P2PARTISAN-IN
        do
                iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
        done
        while iptables -L wanout 2> /dev/null | grep P2PARTISAN-OUT
        do
                iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
        done
        while iptables -L INPUT | grep P2PARTISAN-IN
        do
                iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
        done
        while iptables -L OUTPUT | grep P2PARTISAN-OUT
        do
                iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
        done
        iptables -F P2PARTISAN-DROP-IN 2> /dev/null
        iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
        iptables -F P2PARTISAN-IN 2> /dev/null
        iptables -F P2PARTISAN-OUT 2> /dev/null
        iptables -X P2PARTISAN-DROP-IN 2> /dev/null
        iptables -X P2PARTISAN-DROP-OUT 2> /dev/null
        iptables -X P2PARTISAN-IN 2> /dev/null
        iptables -X P2PARTISAN-OUT 2> /dev/null
        ipset -F
        for i in `ipset --list | grep Name | cut -f2 -d ":" `; do
                ipset -X $i
        done
        chmod 777 ./*.gz
    [ -f iptables-add ] && rm iptables-add
    [ -f iptables-del ] && rm iptables-del
    [ -f ipset-del ] && rm ipset-del
        [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
        [ -f runtime ] && rm -f "runtime" 2> /dev/null
plog "Unloading ipset modules"
        lsmod | grep "ipt_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ipt_set 2> /dev/null
        lsmod | grep "ip_set_iptreemap" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set_iptreemap 2> /dev/null
        lsmod | grep "ip_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set 2> /dev/null
plog "Stopping P2Partisan"
}

pstatus() {
        running3=`iptables -L INPUT | grep P2PARTISAN-IN  2> /dev/null | wc -l`
        running4=`[ -f $pidfile ] && echo 1 || echo 0`
        running5=`nvram get script_fire | grep "p2partisan.sh ]" >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
        running6=`cru l | grep P2Partisan-update >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
        running7=`tail -200 /var/log/messages | grep Dropped | tail -1`
        running7a=`tail -200 /var/log/messages | grep Rejected | tail -1`
        running9=`nvram get script_fire | grep "P2Partisan-tutor" >/dev/null && echo "\033[1;32mYes\033[0;39m" || echo "\033[1;31mNo\033[0;39m"`
        runningA=`cat /var/log/messages | grep "Applying paranoia" | wc -l`
        runningB=`cat /var/log/messages | grep "Stuck on Loading" | wc -l`
        runningC=`cat blacklists | grep -v "^#" | grep -v "^$" | wc -l`
        runningD=`cat ./runtime`
        from=`head -1 ./iptables-add 2> /dev/null | cut -c3-`
        runtime=`echo $(( $now - $from ))`
                d=`echo $(( $runtime / 86400 ))`
        h=`echo $((( $runtime / 3600 ) %24 ))`
                m=`echo $((( $runtime / 60 ) %60 ))`
                s=`echo $(( $runtime %60 ))`
        runtime=`printf "$d - %02d:%02d:%02d\n" $h $m $s`
        drop_packet_count_in=`iptables -vL P2PARTISAN-DROP-IN 2> /dev/null| grep " DROP " | awk '{print $1}'`
        drop_packet_count_out=`iptables -vL P2PARTISAN-DROP-OUT 2> /dev/null| grep " REJECT " | awk '{print $1}'`

        if [[ $running3 -eq "0" ]] && [[ $running4 -eq "0" ]]; then
                running8="\033[1;31mNo\033[0;39m"
        elif [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
                running8="\033[1;35mLoading...\033[0;39m"
        elif [[ $running3 -gt "0" ]] && [[ $running4 -eq "0" ]]; then
                running8="\033[1;31mNot quite... try to run \"p2partisan.sh update\"\033[0;39m"
        else
                running8="\033[1;32mYes\033[0;39m"
        fi

whiteip=`ipset -L whitelist | grep -e "^[0-9].*" | wc -l`
whiteextra=`ipset -L whitelist | grep -E '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' | wc -l`
if [[ $whiteextra == "0" ]]; then
whiteextra=" "
else
whiteextra=`echo "/ $whiteextra" LAN IP ref defined`
fi
blackip=`ipset -L blacklist-custom | grep -e "^[0-9].*" | wc -l`
blackextra=`ipset -L blacklist-custom | grep -E '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' | wc -l`
if [[ $blackextra == "0" ]]; then
blackextra=" "
else
blackextra=`echo "/ $blackextra" LAN IP ref defined`
fi

echo -e "################### P2Partisan ##########################"
echo -e "#       Release version: $version
################# P2Partisan status #####################
# Running:      $running8
# Autorun:      $running5
# Scheduled:    $running6 / $runningA since device boot
# Tutor:        $running9 / $runningB since device boot
#########################################################
# Uptime:       $runtime
# Startup time: $runningD seconds
# Dropped in:   $drop_packet_count_in
# Rejected out: $drop_packet_count_out
#########################################################
# Custom black: $blackip $blackextra
# Custom white: $whiteip $whiteextra"
        whiteports_number=`echo $whiteports | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
                aa=1
                b=8
                bb=8
                rounds=`echo $(( $whiteports_number / $b ))`
                if [ $rounds -eq 0 ]; then rounds="1"; fi
        while [ $rounds -gt 0 ]
        do
                w=`echo $whiteports | cut -d"," -f $aa-$bb`
                aa=`echo $(( $bb + 1 ))`
                bb=`echo $(( $bb + $b ))`
                                echo "# White ports:  $w"
                rounds=`echo $(( $rounds - 1 ))`
        done
echo "# Blacklists:   $runningC
################# Last log recorded #####################
# Remember your max logs per hour is set to: $maxloghour
$running7
$running7a"
echo "#########################################################"
}


if [ $autorun_availability_check = 1 ]; then
av="while true; do [ -f $P2Partisandir/p2partisan.sh ] && break || sleep 5; done ;"
fi

pautorunset() {
        p=`nvram get script_fire | grep "p2partisan.sh ]" | grep -v cru | wc -l`
        if [ $p -eq "0" ] ; then
                t=`nvram get script_fire`; t=`printf "$t\n$av$P2Partisandir/p2partisan.sh\n"` ; nvram set "script_fire=$t"
        fi
        plog "P2Partisan AUTO RUN is ON"
        nvram commit
}

pautorununset() {
        p=`nvram get script_fire | grep "p2partisan.sh ]" | grep -v cru | wc -l`
        if [ $p -eq "1" ]; then
        t=`nvram get script_fire`; t=`printf "$t" | grep -v "p2partisan.sh ]"` ; nvram set "script_fire=$t"
        fi
        plog "P2Partisan AUTO RUN is OFF"
        nvram commit
}

pscheduleset() {
        cru d P2Partisan-update
        e=`tr -cd 0-5 </dev/urandom | head -c 1`
        f=`tr -cd 0-9 </dev/urandom | head -c 1`
        a=`echo $e$f`
        b=`tr -cd 1-5 </dev/urandom | head -c 1`
        c=`tr -cd 0-6 </dev/urandom | head -c 1`
        scheduleme=`echo "$schedule" | tr "m" "$a"`
        scheduleme=`echo "$scheduleme" | tr "h" "$b"`
        scheduleme=`echo "$scheduleme" | tr "d" "$c"`
        cru a P2Partisan-update "$scheduleme $P2Partisandir/p2partisan.sh paranoia-update"
        pp=`nvram get script_fire | grep "p2partisan.sh paranoia-update" | grep -v cru | wc -l`
        p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
        if [ $p -eq "0" ] ; then
                if [ $pp -eq "0" ]; then
                t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
                else
                pautorununset
                t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
                pautorunset
                fi
        fi
        plog "P2Partisan AUTO UPDATE is ON"
        nvram commit
}

pscheduleunset() {
        cru d P2Partisan-update
        p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
        if [ $p -eq "1" ] ; then
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n" | grep -v "cru a P2Partisan-update"` ; nvram set "script_fire=$t"
        fi
        plog "P2Partisan AUTO UPDATE is OFF"
        nvram commit
}

pupgrade() {
        wget -q -O - http://pastebin.com/raw.php?i=jqHD3hfT | grep "p2partisan v" | grep -v grep> ./latest
        latest=`cat ./latest | cut -c3-31`
        current=`cat ./p2partisan.sh | grep "p2partisan v" | head -1 | cut -c3-32 `
        if [[ "$latest" == "$current" ]]; then
        echo "
You're already running the latest version of P2Partisan
"
        else
        echo "
There's a new P2Partisan update available. Do you want to upgrade?

                        current = $current

                                        to

                         latest = $latest

y/n"
        read answer
        # echo "You entered: $input_variable"
                if [[ $answer == "y" ]]; then
pupgraderoutine
                else
                echo "Upgrade skipped. Quitting..."
                exit
                fi

        fi
 }

pupgradebeta() {
        wget -q -O - http://pastebin.com/raw.php?i=Q8AnCaCy | grep "p2partisan v" | grep -v grep > ./latest
        echo "
Do you want to install to the current testing beta (not suggested)?

y/n"
        read answer
        # echo "You entered: $input_variable"
                if [[ $answer == "y" ]]; then
pupgraderoutine
                else
                echo "Beta upgrade skipped. Quitting..."
                exit
                fi
 }

 pupgradesilent() {
        wget -q -O - http://pastebin.com/raw.php?i=jqHD3hfT | grep "p2partisan v" | grep -v grep> ./latest
        latest=`cat ./latest | cut -c3-31`
        current=`cat ./p2partisan.sh | grep "p2partisan v" | head -1 | cut -c3-32 `
        if [[ "$latest" == "$current" ]]; then
        echo "
You're already running the latest version of P2Partisan
"
        else
pupgradroutine
        fi
 }

pupgraderoutine() {
                echo "Upgrading, please wait:"
                echo "1/6) Stopping the script"
                pforcestop
                [ -f p2partisan_new.sh ] || plog "There's a problem with the p2partisan upgrade. Please try again"
                echo "2/6) Migrating the configuration"
                sed '1,/P2Partisandir/{s@P2Partisandir=.*@'"P2Partisandir=$P2Partisandir"'@'} -i ./p2partisan_new.sh
                sed '1,/syslogs/{s@syslogs=.*@'"syslogs=$syslogs"'@'} -i ./p2partisan_new.sh
                sed '1,/maxloghour/{s@maxloghour=.*@'"maxloghour=$maxloghour"'@'} -i ./p2partisan_new.sh
                sed '1,/protection/{s@protection=.*@'"protection=$protection"'@'} -i ./p2partisan_new.sh
                sed '1,/whiteports/{s@whiteports=.*@'"whiteports=$whiteports"'@'} -i ./p2partisan_new.sh
                sed '1,/fastroutine/{s@fastroutine=.*@'"fastroutine=$fastroutine"'@'} -i ./p2partisan_new.sh
                sed '1,/autorun_availability_check/{s@autorun_availability_check=.*@'"autorun_availability_check=$autorun_availability_check"'@'} -i ./p2partisan_new.sh
                sed '1,/schedule/{s@schedule=.*@'"schedule=\"$schedule\""'@'} -i ./p2partisan_new.sh
                sed '1,/testip/{s@testip=.*@'"testip=$testip"'@'} -i ./p2partisan_new.sh
                tr -d "\r"< ./p2partisan_new.sh > ./.temp ; mv ./.temp ./p2partisan_new.sh
                echo "3/6) Copying p2partisan.sh into p2partisan.sh.old"
                cp ./p2partisan.sh ./p2partisan_old
                echo "4/6) Installing new script into p2partisan.sh"
                mv ./p2partisan_new.sh ./p2partisan.sh
                echo "5/6) Setting up permissions"
                chmod -R 777 ./p2partisan.sh
                echo "6/6) all done, I'm now running the script for you.
NOTE: autorun, autoupdate and tutor settings are left as they were found
"
                pforcestop
}

ptutor() {
        running3=`iptables -L INPUT | grep P2PARTISAN-IN  2> /dev/null | wc -l`
        running4=`[ -f $pidfile ] && echo 1 || echo 0`
        runningE=`iptables -L wanin | grep P2PARTISAN-IN  2> /dev/null | wc -l`
        if [[ $runningE -gt "1" ]]; then
        pforcestop
        plog "P2Partisan tutor had to restart due to redundant rules found in the iptables"
        pstart
        exit
        fi
        if [[ $running3 -ne "1" ]] && [[ $running4 -eq "1" ]]; then
                        plog "P2Partisan appears to be loading, I'll wait 5 minutes..."
                        sleep 300
                if [[ $running3 -ne "1" ]] && [[ $running4 -eq "1" ]]; then
                        pforcestop
                        plog "P2Partisan tutor had to restart due to Stuck on Loading"
                        pstart
                fi
        else
        echo "P2Partisan up and running. The tutor is happy"
        fi
 }

ptutorset() {
        cru d P2Partisan-tutor
        ab=`tr -cd 0-5 </dev/urandom | head -c 1`
        a=`tr -cd 0-9 </dev/urandom | head -c 1`
        a=`echo $ab$a`
        scheduleme=`echo "$a * * * *"`
        cru a P2Partisan-tutor "$scheduleme $P2Partisandir/p2partisan.sh tutor"
        pp=`nvram get script_fire | grep "p2partisan.sh tutor" | grep -v cru | wc -l`
        p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
        if [ $p -eq "0" ] ; then
                if [ $pp -eq "0" ]; then
                t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
                else
                t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
                fi
        fi
        plog "P2Partisan tutor is ON"
        nvram commit
}

ptutorunset() {
        cru d P2Partisan-tutor
        p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
        if [ $p -eq "1" ] ; then
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$schedule $P2Partisandir/p2partisan.sh tutor\"\n" | grep -v "cru a P2Partisan-tutor"` ; nvram set "script_fire=$t"
        fi
        plog "P2Partisan tutor is OFF"
        nvram commit
 }

 ptest() {
checklist="blacklist-custom whitelist `cat blacklists | grep -v "^#" | grep -v "^$" | cut -d" " -f1`"
echo "###############################################
### Lists are sorted in order of precedence ###
###############################################"
        echo $checklist | tr " " "\n" |
    (
                while read LIST
                do
                ipset -T $LIST $1 1>/dev/nul && if [ $LIST = "whitelist" ]; then echo -e "\033[1;32m$1 found in        $LIST\033[0;39m"; else echo -e "\033[1;31m$1 found in        $LIST\033[0;39m"; fi || echo -e "$1 not found in    $LIST"
        done                                                                                                                                     #echo "\033[1;31mNo\033[0;39m"
    )
        echo "###############################################"
}


pstart() {
        running4=`[ -f $pidfile ] && echo 1 || echo 0`
        if [ $running4 -eq "0" ] ; then

        /bin/ntpsync > /dev/null 2>&1
        pre=`date +%s`
        sleep 1

        echo $$ > $pidfile

    [ -f iptables-add ] && rm iptables-add
    [ -f iptables-del ] && rm iptables-del
    [ -f ipset-del ] && rm ipset-del

        echo "### PREPARATION ###"
        echo "Loading the ipset modules"
        lsmod | cut -c1-20 | grep "ip_set " > /dev/null 2>&1 || insmod ip_set
        lsmod | cut -c1-20 | grep "ip_set_iptreemap" > /dev/null 2>&1 || insmod ip_set_iptreemap
        lsmod | cut -c1-20 | grep "ipt_set" > /dev/null 2>&1 || insmod ipt_set

counter=0
pos=1
couscous=`cat blacklist-custom | grep -v "^#" | grep -v "^$" | wc -l`

                echo "### CUSTOM BLACKLIST ###
blacklist-custom file -> $couscous entries found"
 if [ $couscous -eq "0" ]; then
                echo "No custom blacklist entries found: skipping"
 else
                echo "loading blacklist #$counter --> ***Custom IP blacklist***"
                ipset --create blacklist-custom iptreemap > /dev/null 2>&1
        if [ -e blacklist-custom ]; then
        for IP in `cat blacklist-custom | grep -v "^#" | grep -v "^$" | grep -Ev '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' | cut -d: -f2`
            do
                ipset -A blacklist-custom $IP
            done
                fi
fi

echo "### WHITELIST ###"

        whiteports_number=`echo $whiteports | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
                aa=1
                b=8
                bb=8
                rounds=`echo $(( $whiteports_number / $b ))`
                if [ $rounds -eq 0 ]; then rounds="1"; fi
        while [ $rounds -gt 0 ]
        do
                w=`echo $whiteports | cut -d"," -f $aa-$bb`
                aa=`echo $(( $bb + 1 ))`
                bb=`echo $(( $bb + $b ))`
        echo "loading whitelisted ports $w exemption"
whitep="${whitep}iptables -A P2PARTISAN-IN -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null"
        rounds=`echo $(( $rounds - 1 ))`
        done


                echo "# $now
iptables -N P2PARTISAN-IN 2> /dev/null
iptables -N P2PARTISAN-OUT 2> /dev/null
iptables -N P2PARTISAN-DROP-IN 2> /dev/null
iptables -N P2PARTISAN-DROP-OUT 2> /dev/null
iptables -F P2PARTISAN-IN 2> /dev/null
iptables -F P2PARTISAN-OUT 2> /dev/null
iptables -F P2PARTISAN-DROP-IN 2> /dev/null
iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
iptables -A P2PARTISAN-IN -m set --set blacklist-custom src -j P2PARTISAN-DROP-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set blacklist-custom src -j P2PARTISAN-DROP-OUT 2> /dev/null" > iptables-add


                echo "# $now
iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -F P2PARTISAN-DROP-IN 2> /dev/null
iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
iptables -F P2PARTISAN-IN 2> /dev/null
iptables -F P2PARTISAN-OUT 2> /dev/null
iptables -X P2PARTISAN-IN 2> /dev/null
iptables -X P2PARTISAN-OUT 2> /dev/null
iptables -X P2PARTISAN-DROP-IN 2> /dev/null
iptables -X P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-del


echo "preparing the IP whitelist for the iptables"
#Load the whitelist
if [ "$(ipset --swap whitelist whitelist 2>&1 | grep 'Unknown set')" != "" ]
    then
    ipset --create whitelist iptreemap > /dev/null 2>&1
    cat whitelist |
    (
    while read IP
    do
            echo "$IP" | grep "^#" >/dev/null 2>&1 && continue
            echo "$IP" | grep "^$" >/dev/null 2>&1 && continue
                    ipset -A whitelist $IP
            done
    )
fi
                echo "# $now
ipset -F
ipset -X blacklist-custom
ipset -X whitelist" > ipset-del

                        echo "loading the IP whitelist"
                        echo "iptables -A P2PARTISAN-IN -m set --set whitelist src -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set whitelist dst -j ACCEPT 2> /dev/null
$whitep" >> iptables-add

                if [ $syslogs -eq "1" ]; then
                        echo "iptables -A P2PARTISAN-DROP-IN -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Dropped IN >> \" --log-level 1 2> /dev/null" >> iptables-add
                        echo "iptables -A P2PARTISAN-DROP-OUT -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Rejected OUT >> \" --log-level 1 2> /dev/null" >> iptables-add

                fi
                echo "iptables -A P2PARTISAN-DROP-IN -j DROP
iptables -A P2PARTISAN-DROP-OUT -j REJECT --reject-with icmp-admin-prohibited"  >> iptables-add


echo "### BLACKLISTs ###"

        cat blacklists |
   (
    while read line
    do
            echo "$line" | grep "^#" >/dev/null 2>&1 && continue
            echo "$line" | grep "^$" >/dev/null 2>&1 && continue
            counter=`expr $counter + 1`
            name=`echo $line |cut -d ' ' -f1`
            url=`echo $line |cut -d ' ' -f2`
            echo "loading blacklist #$counter --> ***$name***"

    if [ $fastroutine -eq "1" ]; then

     if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
      then
                  [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
                  [ -e $name.gz ] || wget -q -O $name.gz "$url"
                  { echo "-N $name iptreemap"
                        gunzip -c  $name.gz | \
                        sed -e "/^[\t ]*#.*\|^[\t ]*$/d;s/^.*:/-A $name /" | \
                        grep -Ev '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)'
                        echo COMMIT
                  } | ipset -R
     fi
    else

                if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
            then
                        [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
            ipset --create $name iptreemap
            [ -e $name.lst ] || wget -q -O - "$url" | gunzip | cut -d: -f2 | grep -E "^[-0-9.]+$" | grep -Ev '(^10\.|(^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.)|^192\.168\.)' > $name.lst
            for IP in $(cat $name.lst)
                    do
                    ipset -A $name $IP
                    done
                        fi

        fi

                                echo "ipset -X $name " >> ipset-del
                                echo "iptables -A P2PARTISAN-IN -m set --set $name src -j P2PARTISAN-DROP-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set $name dst -j P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-add
                        done
    )


echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add

chmod 777 ./iptables-*
chmod 777 ./ipset-*
./iptables-add  #protecting

plog "... P2Partisan started."

p=`nvram get dnsmasq_custom | grep log-async | wc -l`
if [ $p -eq "1" ]; then
        plog "log-async found under dnsmasq -> OK"
else
        plog "
It appears like you don't have a log-async parameter
in your dnsmasq config. This is strongly suggested
due to the amount of logs involved. please consider
adding the following command under Advanced/DHCP/DNS
/Dnsmasq Custom configuration

log-async=5
"
fi

punblock  #remove paranoia DROPs if any

        post=`date +%s`
        runtime=`echo $(( $post - $pre ))`
        [ -f ./runtime ] || echo $runtime > ./runtime
        else
                echo "
        It appears like P2Partisan is already running. Skipping...

        If this is not what you expected? Try:
        p2partisan.sh update
                "
        fi
}


for p in $1
do
case "$p" in
        "start")
                                pstart
                                exit
                ;;
        "stop")
                                pforcestop
                                exit
                ;;
        "restart")
                psoftstop
                ;;
                "status")
                pstatus
                                exit
                ;;
        "pause")
                psoftstop
                                exit
                ;;
        "test")
                ptest $2
                                exit
                ;;
        "update")
                pforcestop
                ;;
        "paranoia-update")
                                pblock
                pforcestop
                ;;
        "autorun-on")
                                pautorunset
                                exit
                ;;
        "autorun-off")
                                pautorununset
                                exit
                ;;
                "autoupdate-on")
                                pscheduleset
                                exit
                                ;;
                "autoupdate-off")
                                pscheduleunset
                                exit
                                ;;
                "tutor-on")
                                ptutorset
                                exit
                                ;;
                "tutor-off")
                                ptutorunset
                                exit
                                ;;
                "tutor")
                                ptutor
                                exit
                                ;;
        "upgrade")
                                pupgrade
                ;;
        "upgrade-silent")
                                pupgradesilent
                ;;
        "upgrade-beta")
                                pupgradebeta
                ;;
                "help")
                                echo "
        P2Partisan parameters:

        help                    Display this text
        start                   Starts the process (this runs also if no option
                                is provided)
        stop                    Stops P2Partisan
        restart                 Soft restart, quick, updates iptables only
        pause                   Soft stop P2Partisan allowing for quick start
        update                  Hard restart, slow removes p2partisan, updates
                                the lists and does a fresh start
        paranoia-update         Like update but blocks any new connection until
                                P2Partisan is running again
        status                  Display P2Partisan running status + extra info
        test <IP>               Verify existence of the given IP against lists
        autorun-on              Sets P2Partisan to boot with the router
        autorun-off             Sets P2Partisan not to boot with the router
        autoupdate-on           Sets automatic weekly updates to on
        autoupdate-off          Sets automatic weekly updates to off
        tutor-on                Sets hourly running-status checks to on
        tutor-off               Sets hourly running-status checks to off
        upgrade                 Download and install the latest P2Partisan
        upgrade-silent          Like upgrade but no question asked. Useful for scheduler
"
                                exit
                ;;
        *)
                                echo "parameter not valid. please run:

        p2partisan.sh help
        "
                                exit
                        ;;

esac
done

pstart

exit