Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #
- # p2partisan v4.00 (27/09/2014)
- #
- # <CONFIGURATION> ###########################################
- # Adjust location where the files are kept
- P2Partisandir=/cifs1/p2partisan
- #
- # Edit the file "blacklists" to customise if needed
- # Edit the "whitelist" to overwrite the blacklist if needed
- #
- # Enable logging? Use only for troubleshooting. 0=off 1=on
- syslogs=1
- # Maximum number of logs to be recorded in a given 60 min
- # Consider set this very low (like 3 or 6) once your are
- # happy with the installation. To troubleshoot blocked
- # connection close all the secondary traffic e.g. p2p
- # and try a connection to the blocked site/port you should
- # find a reference in the logs.
- maxloghour=1
- #
- # What do you want to block?
- # 1) Input (Router only, running transmission?)
- # 2) LAN (LAN clients only)
- # 3) Both *default
- protection=3
- #
- # ports to be whitelisted. Whitelisted ports will never be
- # blocked no matter what the source/destination IP is.
- # This is very important if you're running a service like
- # e.g. SMTP/HTTP/IMAP/else. Separate value in the list below
- # with commas - NOTE: Leave 80 and 443 untouched, add custom ports only
- # you might want to add remote admin and VPN ports here if any.
- # Standard iptables syntax, individual ports divided by "," and ":" to
- # define a range e.g. 80,443,2100:2130. Do not whitelist you P2P client!
- whiteports=53,80,123,443,1194:1197,1723
- #
- # Fastrouting will process the IP classes very quickly but use
- # Lot of resources. If you disable the effect is transparent
- # but the full process will take minutes rather than seconds
- # 0=disabled 1=enabled
- fastroutine=1
- #
- # Enable check on script availability to help autorun
- # E.g. wait for the file to be available in cifs before run it
- # instead of quit with a file missing error
- autorun_availability_check=1
- #
- # Schedule updates? (once a week is plenty). Custom syntax:
- # m = random minute picked up in the range[0-59]
- # h = random hour picked up in the range [1-5]am
- # d = random day of the week picked up in the range Sun to Sat [0-6]
- # if unwanted set your own specific time e.g.
- # "30 4 * * 1" 4:30 on a Monday
- # or use a combination e.g. random minute at 1am on a Tuesday:
- # "m 1 * * 3"
- # Specify this always in between "" please
- schedule="m h * * d"
- #
- # IP for testing Internet connectivity
- testip=8.8.8.8
- # </CONFIGURATION> ###########################################
- # Wait until Internet is available
- while :
- do
- ping -c 3 $testip >/dev/null 2>&1
- if [ $? = 0 ]; then
- break
- fi
- sleep 5
- done
- pidfile=/var/run/p2partisan.pid
- cd $P2Partisandir
- version=`head -3 ./p2partisan.sh | tail -1 | cut -f 3- -d " "`
- alias ipset='/bin/nice -n19 /usr/sbin/ipset'
- alias sed='/bin/nice -n19 /bin/sed'
- alias iptables='/usr/sbin/iptables'
- alias service='/sbin/service'
- alias plog='logger -t P2PARTISAN -s'
- now=`date +"%H:%M:%S - %d/%m/%y"`
- wanif=`nvram get wan_ifname`
- lanif=`nvram get lan_ifname`
- psoftstop() {
- ./iptables-del 2> /dev/null
- plog "Stopping P2Partisan"
- [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
- }
- pblock() {
- plog "P2PArtisan: Applying paranoia block"
- iptables -N PARANOIA-DROP 2> /dev/null
- whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
- a=1
- b=8
- rounds=`echo $(( $whiteports_number / $b ))`
- if [ $rounds -eq 0 ]; then rounds="1"; fi
- while [ $rounds -gt 0 ]
- do
- w=`echo $whiteports | cut -d"," -f $a-$b`
- a=`echo $(( $a + $b ))`
- b=`echo $(( $b + $b ))`
- whitep="${whitep}iptables -A PARANOIA-DROP -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
- iptables -A PARANOIA-DROP -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
- iptables -A PARANOIA-DROP -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
- iptables -A PARANOIA-DROP -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
- "
- rounds=`echo $(( $rounds - 1 ))`
- done
- iptables -A PARANOIA-DROP -m limit --limit $maxloghour/hour --limit-burst 5 -j LOG --log-prefix "P2Partisan Rejected (paranoia): " --log-level 1 2> /dev/null
- iptables -A PARANOIA-DROP -j DROP
- iptables -I wanin 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
- iptables -I wanout 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
- iptables -I INPUT 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
- iptables -I OUTPUT 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
- }
- punblock() {
- while iptables -L wanin 2> /dev/null | grep "PARANOIA-DROP"
- do
- iptables -D wanin -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
- done
- while iptables -L wanout 2> /dev/null | grep "PARANOIA-DROP"
- do
- iptables -D wanout -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
- done
- while iptables -L OUTPUT 2> /dev/null | grep "PARANOIA-DROP"
- do
- iptables -D OUTPUT -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
- done
- while iptables -L INPUT 2> /dev/null | grep "PARANOIA-DROP"
- do
- iptables -D INPUT -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
- done
- iptables -F PARANOIA-DROP 2> /dev/null && plog "P2PArtisan: Removing paranoia block"
- iptables -X PARANOIA-DROP 2> /dev/null
- }
- pforcestop() {
- while iptables -L wanin 2> /dev/null | grep P2PARTISAN-IN
- do
- iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
- done
- while iptables -L wanout 2> /dev/null | grep P2PARTISAN-OUT
- do
- iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
- done
- while iptables -L INPUT | grep P2PARTISAN-IN
- do
- iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
- done
- while iptables -L INPUT | grep P2PARTISAN-OUT
- do
- iptables -D INPUT -i $lanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
- done
- while iptables -L OUTPUT | grep P2PARTISAN-OUT
- do
- iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
- done
- iptables -F P2PARTISAN-DROP-IN 2> /dev/null
- iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
- iptables -F P2PARTISAN-IN 2> /dev/null
- iptables -F P2PARTISAN-OUT 2> /dev/null
- iptables -X P2PARTISAN-DROP-IN 2> /dev/null
- iptables -X P2PARTISAN-DROP-OUT 2> /dev/null
- iptables -X P2PARTISAN-IN 2> /dev/null
- iptables -X P2PARTISAN-OUT 2> /dev/null
- ipset -F
- for i in `ipset --list | grep Name | cut -f2 -d ":" `; do
- ipset -X $i
- done
- chmod 777 ./*.gz
- [ -f iptables-add ] && rm iptables-add
- [ -f iptables-del ] && rm iptables-del
- [ -f ipset-del ] && rm ipset-del
- [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
- plog "Unloading ipset modules"
- lsmod | grep "ipt_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ipt_set 2> /dev/null
- lsmod | grep "ip_set_iptreemap" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set_iptreemap 2> /dev/null
- lsmod | grep "ip_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set 2> /dev/null
- plog "Stopping P2Partisan"
- }
- pstatus() {
- running3=`iptables -L INPUT | grep P2PARTISAN-IN 2> /dev/null | wc -l`
- running4=`[ -f $pidfile ] && echo 1 || echo 0`
- running5=`nvram get script_fire | grep p2partisan >/dev/null && echo Yes || echo No`
- running6=`cru l | grep P2Partisan-update >/dev/null && echo Yes || echo No`
- running7=`tail -200 /var/log/messages | grep Rejected | tail -1`
- running9=`nvram get script_fire | grep "p2partisan.sh tutor" >/dev/null && echo Yes || echo No`
- runningA=`cat /var/log/messages | grep "Applying paranoia" | wc -l`
- runningB=`cat /var/log/messages | grep "Stuck on Loading" | wc -l`
- runningC=`cat blacklists | grep -v "^#" | grep -v "^$" | wc -l`
- runningD=`cat ./runtime`
- from=`head -1 ./iptables-add 2> /dev/null | cut -c3-`
- drop_packet_count_in=`iptables -vL P2PARTISAN-DROP-IN 2> /dev/null| grep " DROP " | awk '{print $1}'`
- drop_packet_count_out=`iptables -vL P2PARTISAN-DROP-OUT 2> /dev/null| grep " REJECT " | awk '{print $1}'`
- if [[ $running3 -eq "0" ]] && [[ $running4 -eq "0" ]]; then
- running8=No
- elif [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
- running8=Loading...
- elif [[ $running3 -gt "0" ]] && [[ $running4 -eq "0" ]]; then
- running8=Not quite... try to run \"p2partisan.sh update\"
- else
- running8=Yes
- fi
- echo "################### P2Partisan ##########################
- # Release version: $version
- ################# P2Partisan status #####################
- # P2Partisan running: $running8
- # P2Partisan autorun: $running5
- # P2Partisan scheduled: $running6 / $runningA since boot
- # P2Partisan tutor: $running9 / $runningB since boot
- #########################################################
- # Blacklists enabled: $runningC
- # Startup time needed: $runningD seconds
- #########################################################
- # P2Partisan activity since: $from
- # Dropped connections inbound: $drop_packet_count_in
- # Rejected connections outbound: $drop_packet_count_out"
- whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
- a=1
- b=8
- rounds=`echo $(( $whiteports_number / $b ))`
- if [ $rounds -eq 0 ]; then rounds="1"; fi
- while [ $rounds -gt 0 ]
- do
- w=`echo $whiteports | cut -d"," -f $a-$b`
- a=`echo $(( $a + $b ))`
- b=`echo $(( $b + $b ))`
- echo "# Whitelisted ports: $w"
- rounds=`echo $(( $rounds - 1 ))`
- done
- echo "################# Last log recorded #####################
- # Remember your max logs per hour is set to: $maxloghour
- $running7
- #########################################################"
- }
- if [ $autorun_availability_check = 1 ]; then
- av="while true; do [ -f $P2Partisandir/p2partisan.sh ] && break || sleep 5; done ;"
- fi
- pautorunset() {
- p=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
- if [ $p -eq "0" ] ; then
- t=`nvram get script_fire`; t=`printf "$t\n$av$P2Partisandir/p2partisan.sh\n"` ; nvram set "script_fire=$t"
- fi
- plog "P2Partisan AUTO RUN is ON"
- nvram commit
- }
- pautorununset() {
- p=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
- if [ $p -eq "1" ]; then
- t=`nvram get script_fire`; t=`printf "$t\n$P2Partisandir/p2partisan.sh\n" | grep -v p2partisan` ; nvram set "script_fire=$t"
- fi
- plog "P2Partisan AUTO RUN is OFF"
- nvram commit
- }
- pscheduleset() {
- cru d P2Partisan-update
- ab=`tr -cd 0-5 </dev/urandom | head -c 1`
- a=`tr -cd 0-9 </dev/urandom | head -c 1`
- a=`echo $ab$a`
- b=`tr -cd 1-5 </dev/urandom | head -c 1`
- c=`tr -cd 0-6 </dev/urandom | head -c 1`
- scheduleme=`echo "$schedule" | tr "m" "$a"`
- scheduleme=`echo "$schedule" | tr "h" "$b"`
- scheduleme=`echo "$schedule" | tr "d" "$c"`
- cru a P2Partisan-update "$scheduleme $P2Partisandir/p2partisan.sh paranoia-update"
- pp=`nvram get script_fire | grep "p2partisan.sh paranoia-update" | grep -v cru | wc -l`
- p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
- if [ $p -eq "0" ] ; then
- if [ $pp -eq "0" ]; then
- t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
- else
- pautorununset
- t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$scheduleme $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
- pautorunset
- fi
- fi
- plog "P2Partisan AUTO UPDATE is ON"
- nvram commit
- }
- pscheduleunset() {
- cru d P2Partisan-update
- p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
- if [ $p -eq "1" ] ; then
- t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n" | grep -v "cru a P2Partisan-update"` ; nvram set "script_fire=$t"
- fi
- plog "P2Partisan AUTO UPDATE is OFF"
- nvram commit
- }
- pupgrade() {
- wget -q -O - http://pastebin.com/raw.php?i=jqHD3hfT | grep "p2partisan v" | grep -v grep> ./latest
- latest=`cat ./latest | cut -c3-31`
- current=`cat ./p2partisan.sh | grep "p2partisan v" | head -1 | cut -c3-32 `
- if [ "$latest" == "$current" ]; then
- echo "
- You're already running the latest version of P2Partisan
- "
- else
- echo "
- There's a new P2Partisan update available. Do you want to upgrade?
- current = $current
- to
- latest = $latest
- y/n"
- read answer
- # echo "You entered: $input_variable"
- if [ $answer == "y" ]; then
- echo "Upgrading, please wait:"
- echo "1/6) Downloading the script"
- wget -q -O ./p2partisan_new.sh http://pastebin.com/raw.php?i=jqHD3hfT
- echo "2/6) Migrating the configuration"
- sed '1,/P2Partisandir/{s@P2Partisandir=.*@'"P2Partisandir=$P2Partisandir"'@'} -i ./p2partisan_new.sh
- sed '1,/syslogs/{s@syslogs=.*@'"syslogs=$syslogs"'@'} -i ./p2partisan_new.sh
- sed '1,/maxloghour/{s@maxloghour=.*@'"maxloghour=$maxloghour"'@'} -i ./p2partisan_new.sh
- sed '1,/protection/{s@protection=.*@'"protection=$protection"'@'} -i ./p2partisan_new.sh
- sed '1,/whiteports/{s@whiteports=.*@'"whiteports=$whiteports"'@'} -i ./p2partisan_new.sh
- sed '1,/fastroutine/{s@fastroutine=.*@'"fastroutine=$fastroutine"'@'} -i ./p2partisan_new.sh
- sed '1,/autorun_availability_check/{s@autorun_availability_check=.*@'"autorun_availability_check=$autorun_availability_check"'@'} -i ./p2partisan_new.sh
- sed '1,/schedule/{s@schedule=.*@'"schedule=\"$schedule\""'@'} -i ./p2partisan_new.sh
- sed '1,/testip/{s@testip=.*@'"testip=$testip"'@'} -i ./p2partisan_new.sh
- tr -d "\r"< ./p2partisan_new.sh > ./.temp ; mv ./.temp ./p2partisan_new.sh
- echo "3/6) Copying p2partisan.sh into p2partisan.sh.old"
- cp ./p2partisan.sh ./p2partisan_old
- echo "4/6) Installing new script into p2partisan.sh"
- mv ./p2partisan_new.sh ./p2partisan.sh
- echo "5/6) Setting up permissions"
- chmod -R 777 ./p2partisan.sh
- echo "6/6) all done, I'm now running the script for you.
- NOTE: autorun, autoupdate and tutor settings are left as they were found
- "
- pforcestop
- else
- echo "Upgrade skipped. Quitting..."
- exit
- fi
- fi
- }
- ptutor() {
- running3=`iptables -L INPUT | grep P2PARTISAN-IN 2> /dev/null | wc -l`
- running4=`[ -f $pidfile ] && echo 1 || echo 0`
- if [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
- plog "P2Partisan appears to be loading, I'll wait 5 minutes..."
- sleep 300
- if [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
- psoftstop
- plog "P2Partisan tutor had to restart due to Stuck on Loading"
- pstart
- fi
- else
- echo "P2Partisan up and running. The tutor is happy"
- fi
- }
- ptutorset() {
- cru d P2Partisan-tutor
- ab=`tr -cd 0-5 </dev/urandom | head -c 1`
- a=`tr -cd 0-9 </dev/urandom | head -c 1`
- a=`echo $ab$a`
- scheduleme=`echo "$a * * * *"`
- cru a P2Partisan-tutor "$scheduleme $P2Partisandir/p2partisan.sh tutor"
- pp=`nvram get script_fire | grep "p2partisan.sh tutor" | grep -v cru | wc -l`
- p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
- if [ $p -eq "0" ] ; then
- if [ $pp -eq "0" ]; then
- t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
- else
- t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$scheduleme $P2Partisandir/p2partisan.sh tutor\"\n"` ; nvram set "script_fire=$t"
- fi
- fi
- plog "P2Partisan tutor is ON"
- nvram commit
- }
- ptutorunset() {
- cru d P2Partisan-tutor
- p=`nvram get script_fire | grep "cru a P2Partisan-tutor" | wc -l`
- if [ $p -eq "1" ] ; then
- t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-tutor \"$schedule $P2Partisandir/p2partisan.sh tutor\"\n" | grep -v "cru a P2Partisan-tutor"` ; nvram set "script_fire=$t"
- fi
- plog "P2Partisan tutor is OFF"
- nvram commit
- }
- pstart() {
- running4=`[ -f $pidfile ] && echo 1 || echo 0`
- if [ $running4 -eq "0" ] ; then
- /bin/ntpsync > /dev/null 2>&1
- pre=`date +%s`
- sleep 2
- echo $$ > $pidfile
- [ -f iptables-add ] && rm iptables-add
- [ -f iptables-del ] && rm iptables-del
- [ -f ipset-del ] && rm ipset-del
- echo "### PREPARATION ###"
- echo "Loading the ipset modules"
- lsmod | cut -c1-20 | grep "ip_set " > /dev/null 2>&1 || insmod ip_set
- lsmod | cut -c1-20 | grep "ip_set_iptreemap" > /dev/null 2>&1 || insmod ip_set_iptreemap
- lsmod | cut -c1-20 | grep "ipt_set" > /dev/null 2>&1 || insmod ipt_set
- counter=0
- pos=1
- couscous=`cat blacklist-custom | grep -v "^#" | grep -v "^$" | wc -l`
- echo "### CUSTOM BLACKLIST ###
- blacklist-custom file -> $couscous entries found"
- if [ $couscous -eq "0" ]; then
- echo "No custom blacklist entries found: skipping"
- else
- echo "loading blacklist #$counter --> ***Custom IP blacklist***"
- ipset --create blacklist-custom iptreemap
- if [ -e blacklist-custom ]; then
- for IP in `cat blacklist-custom | grep -v "^#" | grep -v "^$" | cut -d: -f2`
- do
- ipset -A blacklist-custom $IP
- done
- fi
- fi
- echo "### WHITELIST ###"
- whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
- a=1
- b=8
- rounds=`echo $(( $whiteports_number / $b ))`
- if [ $rounds -eq 0 ]; then rounds="1"; fi
- while [ $rounds -gt 0 ]
- do
- w=`echo $whiteports | cut -d"," -f $a-$b`
- a=`echo $(( $a + $b ))`
- b=`echo $(( $b + $b ))`
- echo "loading whitelisted ports $w exemption"
- whitep="${whitep}iptables -A P2PARTISAN-IN -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
- iptables -A P2PARTISAN-IN -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
- iptables -A P2PARTISAN-IN -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
- iptables -A P2PARTISAN-IN -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
- iptables -A P2PARTISAN-OUT -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
- iptables -A P2PARTISAN-OUT -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
- iptables -A P2PARTISAN-OUT -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
- iptables -A P2PARTISAN-OUT -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
- "
- rounds=`echo $(( $rounds - 1 ))`
- done
- echo "# $now
- iptables -N P2PARTISAN-IN 2> /dev/null
- iptables -N P2PARTISAN-OUT 2> /dev/null
- iptables -N P2PARTISAN-DROP-IN 2> /dev/null
- iptables -N P2PARTISAN-DROP-OUT 2> /dev/null
- iptables -F P2PARTISAN-IN 2> /dev/null
- iptables -F P2PARTISAN-OUT 2> /dev/null
- iptables -F P2PARTISAN-DROP-IN 2> /dev/null
- iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
- iptables -A P2PARTISAN-IN -m set --set blacklist-custom src -j P2PARTISAN-DROP-IN 2> /dev/null
- iptables -A P2PARTISAN-OUT -m set --set blacklist-custom src -j P2PARTISAN-DROP-OUT 2> /dev/null
- $whitep" >> iptables-add
- echo "# $now
- iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
- iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
- iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
- iptables -D INPUT -i $lanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
- iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
- iptables -F P2PARTISAN-DROP-IN 2> /dev/null
- iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
- iptables -F P2PARTISAN-IN 2> /dev/null
- iptables -F P2PARTISAN-OUT 2> /dev/null
- iptables -X P2PARTISAN-IN 2> /dev/null
- iptables -X P2PARTISAN-OUT 2> /dev/null
- iptables -X P2PARTISAN-DROP-IN 2> /dev/null
- iptables -X P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-del
- echo "preparing the IP whitelist for the iptables"
- #Load the whitelist
- if [ "$(ipset --swap whitelist whitelist 2>&1 | grep 'Unknown set')" != "" ]
- then
- ipset --create whitelist iptreemap
- cat whitelist | grep -v "^10." | grep -v "^172.16." | grep -v "^192.168." |
- (
- while read IP
- do
- echo "$IP" | grep "^#" >/dev/null 2>&1 && continue
- echo "$IP" | grep "^$" >/dev/null 2>&1 && continue
- ipset -A whitelist $IP
- done
- )
- fi
- echo "# $now
- ipset -F
- ipset -X blacklist-custom
- ipset -X whitelist" > ipset-del
- echo "loading the IP whitelist"
- echo "iptables -A P2PARTISAN-IN -m set --set whitelist src -j ACCEPT 2> /dev/null
- iptables -A P2PARTISAN-OUT -m set --set whitelist dst -j ACCEPT 2> /dev/null" >> iptables-add
- if [ $syslogs -eq "1" ]; then
- echo "iptables -A P2PARTISAN-DROP-IN -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Dropped: \" --log-level 1 2> /dev/null" >> iptables-add
- echo "iptables -A P2PARTISAN-DROP-OUT -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Rejected: \" --log-level 1 2> /dev/null" >> iptables-add
- fi
- echo "iptables -A P2PARTISAN-DROP-IN -j DROP" >> iptables-add
- echo "iptables -A P2PARTISAN-DROP-OUT -j REJECT --reject-with icmp-admin-prohibited" >> iptables-add
- echo "### BLACKLISTs ###"
- cat blacklists |
- (
- while read line
- do
- echo "$line" | grep "^#" >/dev/null 2>&1 && continue
- echo "$line" | grep "^$" >/dev/null 2>&1 && continue
- counter=`expr $counter + 1`
- name=`echo $line |cut -d ' ' -f1`
- url=`echo $line |cut -d ' ' -f2`
- echo "loading blacklist #$counter --> ***$name***"
- if [ $fastroutine -eq "1" ]; then
- if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
- then
- [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
- [ -e $name.gz ] || wget -q -O $name.gz "$url"
- { echo "-N $name iptreemap"
- gunzip -c $name.gz | \
- sed -e "/^[\t ]*#.*\|^[\t ]*$/d;s/^.*:/-A $name /"
- echo COMMIT
- } | ipset -R
- fi
- else
- if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
- then
- [ -f ./runtime ] && rm -f ./runtime 2> /dev/null
- ipset --create $name iptreemap
- [ -e $name.lst ] || wget -q -O - "$url" | gunzip | cut -d: -f2 | grep -E "^[-0-9.]+$" > $name.lst
- for IP in $(cat $name.lst)
- do
- ipset -A $name $IP
- done
- fi
- fi
- echo "ipset -X $name " >> ipset-del
- echo "iptables -A P2PARTISAN-IN -m set --set $name src -j P2PARTISAN-DROP-IN 2> /dev/null
- iptables -A P2PARTISAN-OUT -m set --set $name dst -j P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-add
- done
- )
- if [ $protection -eq "1" ]; then
- echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
- iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add
- elif [ $protection -eq "2" ]; then
- echo "iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
- iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
- iptables -I INPUT $pos -i $lanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null" >> iptables-add
- elif [ $protection -eq "3" ]; then
- echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
- iptables -I INPUT $pos -i $lanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
- iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
- iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
- iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add
- fi
- chmod 777 ./iptables-*
- chmod 777 ./ipset-*
- ./iptables-add #protecting
- plog "... P2Partisan started."
- p=`nvram get dnsmasq_custom | grep log-async | wc -l`
- if [ $p -eq "1" ]; then
- plog "log-async found under dnsmasq -> OK"
- else
- plog "
- It appears like you don't have a log-async parameter
- in your dnsmasq config. This is strongly suggested
- due to the amount of logs involved. please consider
- adding the following command under Advanced/DHCP/DNS
- /Dnsmasq Custom configuration
- log-async=10
- "
- fi
- punblock #remove paranoia DROPs if any
- post=`date +%s`
- runtime=`echo $(( $post - $pre ))`
- [ -f ./runtime ] || echo $runtime > ./runtime
- else
- echo "
- It appears like P2Partisan is already running. Skipping...
- If this is not what you expected? Try:
- p2partisan.sh update
- "
- fi
- }
- for p in $1
- do
- case "$p" in
- "start")
- pstart
- exit
- ;;
- "stop")
- pforcestop
- exit
- ;;
- "restart")
- pscheduleunset
- psoftstop
- pscheduleset
- ;;
- "status")
- pstatus
- exit
- ;;
- "update")
- pforcestop
- ;;
- "paranoia-update")
- pblock
- pforcestop
- ;;
- "autorun-on")
- pautorunset
- exit
- ;;
- "autorun-off")
- pautorununset
- exit
- ;;
- "autoupdate-on")
- pscheduleset
- exit
- ;;
- "autoupdate-off")
- pscheduleunset
- exit
- ;;
- "tutor-on")
- ptutorset
- exit
- ;;
- "tutor-off")
- ptutorunset
- exit
- ;;
- "tutor")
- ptutor
- exit
- ;;
- "upgrade")
- pupgrade
- ;;
- "help")
- echo "
- P2Partisan parameters:
- help Display this text
- start Starts the process (this runs also if no option
- is provided)
- stop Stops P2Partisan
- restart Soft restart, quick, updates iptables only
- update Hard restart, slow removes p2partisan, updates
- the lists and does a fresh start
- paranoia-update Like update but blocks any new connection until
- P2Partisan is running again
- status Display P2Partisan running status + extra info
- autorun-on Sets P2Partisan to boot with the router
- autorun-off Sets P2Partisan not to boot with the router
- autoupdate-on Sets automatic updates on
- autoupdate-off Sets automatic updates off
- tutor-on Schedule tutor check every hour
- tutor-off Unset the tutor schedule
- upgrade Download and install the latest P2Partisan
- "
- exit
- ;;
- *)
- echo "parameter not valid. please run:
- p2partisan.sh help
- "
- exit
- ;;
- esac
- done
- pstart
- exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement