p2partisan 4.00

#!/bin/sh
#
# p2partisan v4.00 (27/09/2014)
#
# <CONFIGURATION> ###########################################
# Adjust location where the files are kept
P2Partisandir=/cifs1/p2partisan
#
# Edit the file "blacklists" to customise if needed
# Edit the "whitelist" to overwrite the blacklist if needed
#
# Enable logging? Use only for troubleshooting. 0=off 1=on
syslogs=1
# Maximum number of logs to be recorded in a given 60 min
# Consider set this very low (like 3 or 6) once your are
# happy with the installation. To troubleshoot blocked
# connection close all the secondary traffic e.g. p2p
# and try a connection to the blocked site/port you should
# find a reference in the logs.
maxloghour=1
#
# What do you want to block?
# 1) Input (Router only, running transmission?)
# 2) LAN (LAN clients only)
# 3) Both *default
protection=3
#
# ports to be whitelisted. Whitelisted ports will never be
# blocked no matter what the source/destination IP is.
# This is very important if you're running a service like
# e.g. SMTP/HTTP/IMAP/else. Separate value in the list below
# with commas - NOTE: Leave 80 and 443 untouched, add custom ports only
# you might want to add remote admin and VPN ports here if any.
# Standard iptables syntax, individual ports divided by "," and ":" to
# define a range e.g. 80,443,2100:2130. Do not whitelist you P2P client!
whiteports=53,80,123,443,1194:1197,1723
#
# Fastrouting will process the IP classes very quickly but use
# Lot of resources. If you disable the effect is transparent
# but the full process will take minutes rather than seconds
# 0=disabled 1=enabled
fastroutine=1
#
# Enable check on script availability to help autorun
# E.g. wait for the file to be available in cifs before run it
# instead of quit with a file missing error
autorun_availability_check=1
#
# Schedule updates? (once a week is plenty). Custom syntax:
# m = random minute picked up in the range[0-59]
# h = random hour picked up in the range [1-5]am
# d = random day of the week picked up in the range Sun to Sat [0-6]
# if unwanted set your own specific time e.g.
# "30 4 * * 1" 4:30 on a Monday
# or use a combination e.g. random minute at 1am on a Tuesday:
# "m 1 * * 3"
# Specify this always in between "" please
schedule="m h * * d"
#
# IP for testing Internet connectivity
testip=8.8.8.8
# </CONFIGURATION> ###########################################

# Wait until Internet is available
    while :
    do
        ping -c 3 $testip >/dev/null 2>&1
        if [ $? = 0 ]; then
            break
        fi
        sleep 5
    done

pidfile=/var/run/p2partisan.pid
cd $P2Partisandir
version=`head -3 ./p2partisan.sh | tail -1 | cut -f 3- -d " "`

alias ipset='/bin/nice -n19 /usr/sbin/ipset'
alias sed='/bin/nice -n19 /bin/sed'
alias iptables='/usr/sbin/iptables'
alias service='/sbin/service'
alias plog='logger -t P2PARTISAN -s'
now=`date +"%H:%M:%S - %d/%m/%y"`
wanif=`nvram get wan_ifname`
lanif=`nvram get lan_ifname`


psoftstop() {
    ./iptables-del 2> /dev/null
    plog "Stopping P2Partisan"
    [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
}

pblock() {
    plog "P2PArtisan: Applying paranoia block"
    iptables -N PARANOIA-DROP 2> /dev/null

    whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
        a=1
        b=8
        rounds=`echo $(( $whiteports_number / $b ))`
        if [ $rounds -eq 0 ]; then rounds="1"; fi
    while [ $rounds -gt 0 ]
    do
        w=`echo $whiteports | cut -d"," -f $a-$b`
        a=`echo $(( $a + $b ))`
        b=`echo $(( $b + $b ))`
whitep="${whitep}iptables -A PARANOIA-DROP -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A PARANOIA-DROP -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
"
    rounds=`echo $(( $rounds - 1 ))`
    done

    iptables -A PARANOIA-DROP -m limit --limit $maxloghour/hour --limit-burst 5 -j LOG --log-prefix "P2Partisan Rejected (paranoia): " --log-level 1 2> /dev/null
    iptables -A PARANOIA-DROP -j DROP
    iptables -I wanin 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
    iptables -I wanout 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
    iptables -I INPUT 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
    iptables -I OUTPUT 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
}

punblock() {
    while iptables -L wanin 2> /dev/null | grep "PARANOIA-DROP"
    do
        iptables -D wanin -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
    done
    while iptables -L wanout 2> /dev/null | grep "PARANOIA-DROP"
    do
        iptables -D wanout -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
    done
    while iptables -L OUTPUT 2> /dev/null | grep "PARANOIA-DROP"
    do
        iptables -D OUTPUT -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
    done
    while iptables -L INPUT 2> /dev/null | grep "PARANOIA-DROP"
    do
        iptables -D INPUT -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
    done
    iptables -F PARANOIA-DROP 2> /dev/null && plog "P2PArtisan: Removing paranoia block"
    iptables -X PARANOIA-DROP 2> /dev/null
}

pforcestop() {
    while iptables -L wanin 2> /dev/null | grep P2PARTISAN-IN
    do
        iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
    done
    while iptables -L wanout 2> /dev/null | grep P2PARTISAN-OUT
    do
        iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
    done
    while iptables -L INPUT | grep P2PARTISAN-IN
    do
        iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
    done
    while iptables -L INPUT | grep P2PARTISAN-OUT
    do
        iptables -D INPUT -i $lanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
    done
    while iptables -L OUTPUT | grep P2PARTISAN-OUT
    do
        iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
    done
    iptables -F P2PARTISAN-DROP-IN 2> /dev/null
    iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
    iptables -F P2PARTISAN-IN 2> /dev/null
    iptables -F P2PARTISAN-OUT 2> /dev/null
    iptables -X P2PARTISAN-DROP-IN 2> /dev/null
    iptables -X P2PARTISAN-DROP-OUT 2> /dev/null
    iptables -X P2PARTISAN-IN 2> /dev/null
    iptables -X P2PARTISAN-OUT 2> /dev/null
    ipset -F
    for i in `ipset --list | grep Name | cut -f2 -d ":" `; do
        ipset -X $i
    done
    chmod 777 ./*.gz
    [ -f iptables-add ] && rm iptables-add
    [ -f iptables-del ] && rm iptables-del
    [ -f ipset-del ] && rm ipset-del
    [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
plog "Unloading ipset modules"
    lsmod | grep "ipt_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ipt_set 2> /dev/null
    lsmod | grep "ip_set_iptreemap" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set_iptreemap 2> /dev/null
    lsmod | grep "ip_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set 2> /dev/null
plog "Stopping P2Partisan"
}

pstatus() {
    running3=`iptables -L INPUT | grep P2PARTISAN-IN  2> /dev/null | wc -l`
    running4=`[ -f $pidfile ] && echo 1 || echo 0`
    running5=`nvram get script_fire | grep p2partisan >/dev/null && echo Yes || echo No`
    running6=`cru l | grep P2Partisan-update >/dev/null && echo Yes || echo No`
    running7=`tail -200 /var/log/messages | grep Rejected | tail -1`
    running9=`nvram get script_fire | grep "p2partisan.sh tutor" >/dev/null && echo Yes || echo No`
    runningA=`cat /var/log/messages | grep "Applying paranoia" | wc -l`
    runningB=`cat /var/log/messages | grep "Stuck on Loading" | wc -l`
    runningC=`cat blacklists | grep -v "^#" | grep -v "^$" | wc -l`
    runningD=`cat ./runtime`

    from=`head -1 ./iptables-add 2> /dev/null | cut -c3-`
    drop_packet_count_in=`iptables -vL P2PARTISAN-DROP-IN 2> /dev/null| grep " DROP " | awk '{print $1}'`
    drop_packet_count_out=`iptables -vL P2PARTISAN-DROP-OUT 2> /dev/null| grep " REJECT " | awk '{print $1}'`


    if [[ $running3 -eq "0" ]] && [[ $running4 -eq "0" ]]; then
        running8=No
    elif [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
        running8=Loading...
    elif [[ $running3 -gt "0" ]] && [[ $running4 -eq "0" ]]; then
        running8=Not quite... try to run \"p2partisan.sh update\"
    else
        running8=Yes
    fi

    echo "################### P2Partisan ##########################
#   Release version: $version
################# P2Partisan status #####################
#   P2Partisan running:   $running8
#   P2Partisan autorun:   $running5
#   P2Partisan scheduled: $running6 / $runningA since boot
#   P2Partisan tutor:     $running9 / $runningB since boot
#########################################################
#   Blacklists enabled:   $runningC
#   Startup time needed:  $runningD seconds
#########################################################
#   P2Partisan activity since: $from
#   Dropped connections inbound: $drop_packet_count_in
#   Rejected connections outbound: $drop_packet_count_out"
    whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
        a=1
        b=8
        rounds=`echo $(( $whiteports_number / $b ))`
        if [ $rounds -eq 0 ]; then rounds="1"; fi
    while [ $rounds -gt 0 ]
    do
        w=`echo $whiteports | cut -d"," -f $a-$b`
        a=`echo $(( $a + $b ))`
        b=`echo $(( $b + $b ))`
    echo "# Whitelisted ports: $w"
        rounds=`echo $(( $rounds - 1 ))`
    done
echo "################# Last log recorded #####################
#   Remember your max logs per hour is set to: $maxloghour
$running7
#########################################################"
}

if [ $autorun_availability_check = 1 ]; then
av="while true; do [ -f $P2Partisandir/p2partisan.sh ] && break || sleep 5; done ;"
fi

pautorunset() {
    p=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
    if [ $p -eq "0" ] ; then
        t=`nvram get script_fire`; t=`printf "$t\n$av$P2Partisandir/p2partisan.sh\n"` ; nvram set "script_fire=$t"
    fi
    plog "P2Partisan AUTO RUN is ON"
    nvram commit
}

pautorununset() {
    p=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
    if [ $p -eq "1" ]; then
    t=`nvram get script_fire`; t=`printf "$t\n$P2Partisandir/p2partisan.sh\n" | grep -v p2partisan` ; nvram set "script_fire=$t"
    fi
    plog "P2Partisan AUTO RUN is OFF"
    nvram commit
}

pscheduleset() {
    cru d P2Partisan-update
    ab=`tr -cd 0-5 </dev/urandom | head -c 1`
    a=`tr -cd 0-9 </dev/urandom | head -c 1`
    a=`echo $ab$a`
    b=`tr -cd 1-5 </dev/urandom | head -c 1`
    c=`tr -cd 0-6 </dev/urandom | head -c 1`
    scheduleme=`echo "$schedule" | tr "m" "$a"`
    scheduleme=`echo "$schedule" | tr "h" "$b"`
    scheduleme=`echo "$schedule" | tr "d" "$c"`
    cru a P2Partisan-update "$scheduleme $P2Partisandir/p2partisan.sh paranoia-update"
    pp=`nvram get script_fire | grep "p2partisan.sh paranoia-update" | grep -v cru | wc -l`
    p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
    if [ $p -eq "0" ] ; then
        if [ $pp -eq "0" ]; then
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
        else
        pautorununset
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
        pautorunset
        fi
    fi
    plog "P2Partisan AUTO UPDATE is ON"
    nvram commit
}

pscheduleunset() {
    cru d P2Partisan-update
    p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
    if [ $p -eq "1" ] ; then
    t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n" | grep -v "cru a P2Partisan-update"` ; nvram set "script_fire=$t"
    fi
    plog "P2Partisan AUTO UPDATE is OFF"
    nvram commit
}

pupgrade() {
    wget -q -O - http://pastebin.com/raw.php?i=jqHD3hfT | grep "p2partisan v" | grep -v grep> ./latest
    latest=`cat ./latest | cut -c3-31`
    current=`cat ./p2partisan.sh | grep "p2partisan v" | head -1 | cut -c3-32 `
    if [ "$latest" == "$current" ]; then
    echo "
You're already running the latest version of P2Partisan
"
    else
    echo "
There's a new P2Partisan update available. Do you want to upgrade?

            current = $current

                    to

             latest = $latest

y/n"
    read answer
    # echo "You entered: $input_variable"
        if [ $answer == "y" ]; then
        echo "Upgrading, please wait:"
        echo "1/6) Downloading the script"
        wget -q -O ./p2partisan_new.sh http://pastebin.com/raw.php?i=jqHD3hfT
        echo "2/6) Migrating the configuration"
        sed '1,/P2Partisandir/{s@P2Partisandir=.*@'"P2Partisandir=$P2Partisandir"'@'} -i ./p2partisan_new.sh
        sed '1,/syslogs/{s@syslogs=.*@'"syslogs=$syslogs"'@'} -i ./p2partisan_new.sh
        sed '1,/maxloghour/{s@maxloghour=.*@'"maxloghour=$maxloghour"'@'} -i ./p2partisan_new.sh
        sed '1,/protection/{s@protection=.*@'"protection=$protection"'@'} -i ./p2partisan_new.sh
        sed '1,/whiteports/{s@whiteports=.*@'"whiteports=$whiteports"'@'} -i ./p2partisan_new.sh
        sed '1,/fastroutine/{s@fastroutine=.*@'"fastroutine=$fastroutine"'@'} -i ./p2partisan_new.sh
        sed '1,/autorun_availability_check/{s@autorun_availability_check=.*@'"autorun_availability_check=$autorun_availability_check"'@'} -i ./p2partisan_new.sh
        sed '1,/schedule/{s@schedule=.*@'"schedule=\"$schedule\""'@'} -i ./p2partisan_new.sh
        sed '1,/testip/{s@testip=.*@'"testip=$testip"'@'} -i ./p2partisan_new.sh
        tr -d "\r"< ./p2partisan_new.sh > ./.temp ; mv ./.temp ./p2partisan_new.sh
        echo "3/6) Copying p2partisan.sh into p2partisan.sh.old"
        cp ./p2partisan.sh ./p2partisan_old
        echo "4/6) Installing new script into p2partisan.sh"
        mv ./p2partisan_new.sh ./p2partisan.sh
        echo "5/6) Setting up permissions"
        chmod -R 777 ./p2partisan.sh
        echo "6/6) all done, I'm now running the script for you.
NOTE: autorun, autoupdate and tutor settings are left as they were found
"
        pforcestop
        else
        echo "Upgrade skipped. Quitting..."
        exit
        fi

    fi
 }

ptutor() {
    running3=`iptables -L INPUT | grep P2PARTISAN-IN  2> /dev/null | wc -l`
    running4=`[ -f $pidfile ] && echo 1 || echo 0`
    if [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
            plog "P2Partisan appears to be loading, I'll wait 5 minutes..."
            sleep 300
        if [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
            psoftstop
            plog "P2Partisan tutor had to restart due to Stuck on Loading"
            pstart
        fi
    else
    echo "P2Partisan up and running. The tutor is happy"
    fi
 }

ptutorset() {
    cru d P2Partisan-tutor
    ab=`tr -cd 0-5 </dev/urandom | head -c 1`
    a=`tr -cd 0-9 </dev/urandom | head -c 1`
    a=`echo $ab$a`
    scheduleme=`echo "$a * * * *"`
    cru a P2Partisan-tutor "$scheduleme $P2Partisandir/p2partisan.sh tutor"
    pp=`nvram get script_fire | grep "p2partisan.sh tutor" | grep -v cru | wc -l`
    p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
    if [ $p -eq "0" ] ; then
        if [ $pp -eq "0" ]; then
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
        else
        t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
        fi
    fi
    plog "P2Partisan tutor is ON"
    nvram commit
}

ptutorunset() {
    cru d P2Partisan-tutor
    p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
    if [ $p -eq "1" ] ; then
    t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$schedule $P2Partisandir/p2partisan.sh tutor\"\n" | grep -v "cru a P2Partisan-tutor"` ; nvram set "script_fire=$t"
    fi
    plog "P2Partisan tutor is OFF"
    nvram commit
 }

pstart() {
    running4=`[ -f $pidfile ] && echo 1 || echo 0`
    if [ $running4 -eq "0" ] ; then

    /bin/ntpsync > /dev/null 2>&1
    pre=`date +%s`
    sleep 2

    echo $$ > $pidfile

    [ -f iptables-add ] && rm iptables-add
    [ -f iptables-del ] && rm iptables-del
    [ -f ipset-del ] && rm ipset-del

    echo "### PREPARATION ###"
    echo "Loading the ipset modules"
    lsmod | cut -c1-20 | grep "ip_set " > /dev/null 2>&1 || insmod ip_set
    lsmod | cut -c1-20 | grep "ip_set_iptreemap" > /dev/null 2>&1 || insmod ip_set_iptreemap
    lsmod | cut -c1-20 | grep "ipt_set" > /dev/null 2>&1 || insmod ipt_set

counter=0
pos=1
couscous=`cat blacklist-custom | grep -v "^#" | grep -v "^$" | wc -l`

        echo "### CUSTOM BLACKLIST ###
blacklist-custom file -> $couscous entries found"
 if [ $couscous -eq "0" ]; then
        echo "No custom blacklist entries found: skipping"
 else
        echo "loading blacklist #$counter --> ***Custom IP blacklist***"
        ipset --create blacklist-custom iptreemap
        if [ -e blacklist-custom ]; then
        for IP in `cat blacklist-custom | grep -v "^#" | grep -v "^$" | cut -d: -f2`
            do
                ipset -A blacklist-custom $IP
            done
        fi
fi

echo "### WHITELIST ###"

    whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
        a=1
        b=8
        rounds=`echo $(( $whiteports_number / $b ))`
        if [ $rounds -eq 0 ]; then rounds="1"; fi
    while [ $rounds -gt 0 ]
    do
        w=`echo $whiteports | cut -d"," -f $a-$b`
        a=`echo $(( $a + $b ))`
        b=`echo $(( $b + $b ))`
    echo "loading whitelisted ports $w exemption"
whitep="${whitep}iptables -A P2PARTISAN-IN -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-IN -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
"
    rounds=`echo $(( $rounds - 1 ))`
    done


        echo "# $now
iptables -N P2PARTISAN-IN 2> /dev/null
iptables -N P2PARTISAN-OUT 2> /dev/null
iptables -N P2PARTISAN-DROP-IN 2> /dev/null
iptables -N P2PARTISAN-DROP-OUT 2> /dev/null
iptables -F P2PARTISAN-IN 2> /dev/null
iptables -F P2PARTISAN-OUT 2> /dev/null
iptables -F P2PARTISAN-DROP-IN 2> /dev/null
iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
iptables -A P2PARTISAN-IN -m set --set blacklist-custom src -j P2PARTISAN-DROP-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set blacklist-custom src -j P2PARTISAN-DROP-OUT 2> /dev/null
$whitep" >> iptables-add


        echo "# $now
iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -D INPUT -i $lanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -F P2PARTISAN-DROP-IN 2> /dev/null
iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
iptables -F P2PARTISAN-IN 2> /dev/null
iptables -F P2PARTISAN-OUT 2> /dev/null
iptables -X P2PARTISAN-IN 2> /dev/null
iptables -X P2PARTISAN-OUT 2> /dev/null
iptables -X P2PARTISAN-DROP-IN 2> /dev/null
iptables -X P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-del


echo "preparing the IP whitelist for the iptables"
#Load the whitelist
if [ "$(ipset --swap whitelist whitelist 2>&1 | grep 'Unknown set')" != "" ]
    then
    ipset --create whitelist iptreemap
    cat whitelist | grep -v "^10." | grep -v "^172.16." | grep -v "^192.168." |
    (
    while read IP
    do
            echo "$IP" | grep "^#" >/dev/null 2>&1 && continue
            echo "$IP" | grep "^$" >/dev/null 2>&1 && continue
                    ipset -A whitelist $IP
            done
    )
fi
        echo "# $now
ipset -F
ipset -X blacklist-custom
ipset -X whitelist" > ipset-del

            echo "loading the IP whitelist"
            echo "iptables -A P2PARTISAN-IN -m set --set whitelist src -j ACCEPT 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set whitelist dst -j ACCEPT 2> /dev/null" >> iptables-add

        if [ $syslogs -eq "1" ]; then
            echo "iptables -A P2PARTISAN-DROP-IN -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Dropped: \" --log-level 1 2> /dev/null" >> iptables-add
            echo "iptables -A P2PARTISAN-DROP-OUT -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Rejected: \" --log-level 1 2> /dev/null" >> iptables-add

        fi
        echo "iptables -A P2PARTISAN-DROP-IN -j DROP"  >> iptables-add
        echo "iptables -A P2PARTISAN-DROP-OUT -j REJECT --reject-with icmp-admin-prohibited"  >> iptables-add


echo "### BLACKLISTs ###"

    cat blacklists |
   (
    while read line
    do
            echo "$line" | grep "^#" >/dev/null 2>&1 && continue
            echo "$line" | grep "^$" >/dev/null 2>&1 && continue
            counter=`expr $counter + 1`
            name=`echo $line |cut -d ' ' -f1`
            url=`echo $line |cut -d ' ' -f2`
            echo "loading blacklist #$counter --> ***$name***"

    if [ $fastroutine -eq "1" ]; then

     if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
      then
          [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
          [ -e $name.gz ] || wget -q -O $name.gz "$url"
          { echo "-N $name iptreemap"
            gunzip -c  $name.gz | \
            sed -e "/^[\t ]*#.*\|^[\t ]*$/d;s/^.*:/-A $name /"
            echo COMMIT
          } | ipset -R
     fi
    else

        if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
            then
            [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
            ipset --create $name iptreemap
            [ -e $name.lst ] || wget -q -O - "$url" | gunzip | cut -d: -f2 | grep -E "^[-0-9.]+$" > $name.lst
            for IP in $(cat $name.lst)
                    do
                    ipset -A $name $IP
                    done
            fi

    fi

                echo "ipset -X $name " >> ipset-del
                echo "iptables -A P2PARTISAN-IN -m set --set $name src -j P2PARTISAN-DROP-IN 2> /dev/null
iptables -A P2PARTISAN-OUT -m set --set $name dst -j P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-add
            done
    )


        if [ $protection -eq "1" ]; then
            echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add
        elif [ $protection -eq "2" ]; then
            echo "iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -I INPUT $pos -i $lanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null" >> iptables-add
        elif [ $protection -eq "3" ]; then
            echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -I INPUT $pos -i $lanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add

        fi

chmod 777 ./iptables-*
chmod 777 ./ipset-*
./iptables-add  #protecting

plog "... P2Partisan started."

p=`nvram get dnsmasq_custom | grep log-async | wc -l`
if [ $p -eq "1" ]; then
    plog "log-async found under dnsmasq -> OK"
else
    plog "
It appears like you don't have a log-async parameter
in your dnsmasq config. This is strongly suggested
due to the amount of logs involved. please consider
adding the following command under Advanced/DHCP/DNS
/Dnsmasq Custom configuration

log-async=10
"
fi

punblock  #remove paranoia DROPs if any

    post=`date +%s`
    runtime=`echo $(( $post - $pre ))`
    [ -f ./runtime ] || echo $runtime > ./runtime
    else
        echo "
    It appears like P2Partisan is already running. Skipping...

    If this is not what you expected? Try:
    p2partisan.sh update
        "
    fi
}


for p in $1
do
case "$p" in
        "start")
                pstart
                exit
                ;;
        "stop")
                pforcestop
                exit
                ;;
        "restart")
                pscheduleunset
                psoftstop
                pscheduleset
                ;;
        "status")
                pstatus
                exit
                ;;
        "update")
                pforcestop
                ;;
        "paranoia-update")
                pblock
                pforcestop
                ;;
        "autorun-on")
                pautorunset
                exit
                ;;
        "autorun-off")
                pautorununset
                exit
                ;;
        "autoupdate-on")
                pscheduleset
                exit
                ;;
        "autoupdate-off")
                pscheduleunset
                exit
                ;;
        "tutor-on")
                ptutorset
                exit
                ;;
        "tutor-off")
                ptutorunset
                exit
                ;;
        "tutor")
                ptutor
                exit
                ;;
        "upgrade")
                pupgrade
                ;;
        "help")
                echo "
    P2Partisan parameters:

    help            Display this text
    start           Starts the process (this runs also if no option
                is provided)
    stop            Stops P2Partisan
    restart         Soft restart, quick, updates iptables only
    update          Hard restart, slow removes p2partisan, updates
                the lists and does a fresh start
    paranoia-update     Like update but blocks any new connection until
                P2Partisan is running again
    status          Display P2Partisan running status + extra info
    autorun-on      Sets P2Partisan to boot with the router
    autorun-off     Sets P2Partisan not to boot with the router
    autoupdate-on       Sets automatic updates on
    autoupdate-off      Sets automatic updates off
    tutor-on        Schedule tutor check every hour
    tutor-off       Unset the tutor schedule
    upgrade         Download and install the latest P2Partisan
"
                exit
                ;;
        *)
                echo "parameter not valid. please run:

    p2partisan.sh help
    "
                exit
            ;;

esac
done

pstart

exit