API tools faq
paste
Advertisement
rs232

p2partisan 3.00

rs232
Aug 27th, 2014
348
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 19.47 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. #
  3. # p2partisan v3.00 (27/08/2014)
  4. #
  5. # <CONFIGURATION> ###########################################
  6. # Adjust location where the files are kept
  7. P2Partisandir=/cifs1/p2partisan
  8. #
  9. # Edit the file "blacklists" to customise if needed
  10. # Edit the "whitelist" to overwrite the blacklist if needed
  11. #
  12. # Enable logging? Use only for troubleshooting. 0=off 1=on
  13. syslogs=1
  14. # Maximum number of logs to be recorded in a given 60 min
  15. # Consider set this very low (like 3 or 6) once your are
  16. # happy with the installation. To troubleshoot blocked
  17. # connection close all the secondary traffic e.g. p2p
  18. # and try a connection to the blocked site/port you should
  19. # find a reference in the logs.
  20. maxloghour=1
  21. #
  22. # What do you want to block?
  23. # 1) Input (Router only, running transmission?)
  24. # 2) LAN (LAN clients only)
  25. # 3) Both *default
  26. protection=3
  27. #
  28. # ports to be whitelisted. Whitelisted ports will never be
  29. # blocked no matter what the source/destination IP is.
  30. # This is very important if you're running a service like
  31. # e.g. SMTP/HTTP/IMAP/else. Separate value in the list below
  32. # with commas - NOTE: Leave 80 and 443 untouched, add custom ports only
  33. # you might want to add remote admin and VPN ports here if any.
  34. # Standard iptables syntax, individual ports divided by "," and ":" to
  35. # define a range e.g. 80,443,2100:2130
  36. whiteports="21,25,53,80,123,443,1194:1196"
  37. #
  38. # Fastrouting will process the IP classes very quickly but use
  39. # Lot of resources. If you disable the effect is transparent
  40. # but the full process will take minutes rather than seconds
  41. # 0=disabled 1=enabled
  42. fastroutine=1
  43. #
  44. # Enable check on script availability to help autorun
  45. # E.g. wait for the file to be available in cifs before run it
  46. # instead of quit with a file missing error
  47. autorun_availability_check=1
  48. #
  49. # Schedule updates? (once a week is plenty)
  50. schedule="30 4 * * 1"
  51. #
  52. testip="8.8.8.8"
  53. # </CONFIGURATION> ###########################################
  54.  
  55. # Wait until Internet is available
  56.     while :
  57.     do
  58.         ping -c 3 $testip >/dev/null 2>&1
  59.         if [ $? = 0 ]; then
  60.             break
  61.         fi
  62.         sleep 2
  63.     done
  64.  
  65. pidfile=/var/run/p2partisan.pid
  66. cd $P2Partisandir
  67. version=`head -3 ./p2partisan.sh | tail -1 | cut -f 3- -d " "`
  68.  
  69. alias ipset='/bin/nice -n19 /usr/sbin/ipset'
  70. alias sed='/bin/nice -n19 /bin/sed'
  71. alias iptables='/usr/sbin/iptables'
  72. alias service='/sbin/service'
  73. alias plog='logger -t P2PARTISAN -s'
  74. now=`date +"%H:%M:%S - %d/%m/%y"`
  75. wanif=`nvram get wan_ifname`
  76. lanif=`nvram get lan_ifname`
  77.  
  78.  
  79. psoftstop() {
  80.     ./iptables-del 2> /dev/null
  81.     plog "Stopping P2Partisan"
  82.     [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
  83. }
  84.  
  85. pblock() {
  86.     plog "P2PArtisan: Applying paranoia block"
  87.     iptables -N PARANOIA-DROP 2> /dev/null
  88.    
  89.     whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
  90.         a=1
  91.         b=8
  92.         rounds=`echo $(( $whiteports_number / $b ))`
  93.         if [ $rounds -eq 0 ]; then rounds="1"; fi
  94.     while [ $rounds -gt 0 ]
  95.     do
  96.         w=`echo $whiteports | cut -d"," -f $a-$b`
  97.         a=`echo $(( $a + $b ))`
  98.         b=`echo $(( $b + $b ))`
  99. whitep="${whitep}iptables -A PARANOIA-DROP -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
  100. iptables -A PARANOIA-DROP -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
  101. iptables -A PARANOIA-DROP -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
  102. iptables -A PARANOIA-DROP -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
  103. "
  104.     rounds=`echo $(( $rounds - 1 ))`
  105.     donea
  106.  
  107.     iptables -A PARANOIA-DROP -m limit --limit $maxloghour/hour --limit-burst 5 -j LOG --log-prefix "P2Partisan Rejected (paranoia): " --log-level 1 2> /dev/null
  108.     iptables -A PARANOIA-DROP -j DROP
  109.     iptables -I wanin 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  110.     iptables -I wanout 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  111.     iptables -I INPUT 1 -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  112.     iptables -I OUTPUT 1 -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  113. }
  114.  
  115. punblock() {
  116.     while iptables -L wanin 2> /dev/null | grep "PARANOIA-DROP"
  117.     do
  118.         iptables -D wanin -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  119.     done
  120.     while iptables -L wanout 2> /dev/null | grep "PARANOIA-DROP"
  121.     do
  122.         iptables -D wanout -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  123.     done
  124.     while iptables -L INPUT 2> /dev/null | grep "PARANOIA-DROP"
  125.     do
  126.         iptables -D INPUT -i $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  127.     done
  128.     while iptables -L OUTPUT 2> /dev/null | grep "PARANOIA-DROP"
  129.     do
  130.         iptables -D OUTPUT -o $wanif -m state --state NEW -j PARANOIA-DROP 2> /dev/null
  131.     done
  132.     iptables -F PARANOIA-DROP 2> /dev/null && plog "P2PArtisan: Removing paranoia block"
  133.     iptables -X PARANOIA-DROP 2> /dev/null
  134. }
  135.  
  136. pforcestop() {
  137.     while iptables -L wanin 2> /dev/null | grep P2PARTISAN-IN
  138.     do
  139.         iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  140.     done
  141.     while iptables -L wanout 2> /dev/null | grep P2PARTISAN-OUT
  142.     do
  143.         iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  144.     done
  145.     while iptables -L INPUT | grep P2PARTISAN-IN
  146.     do
  147.         iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  148.     done
  149.     while iptables -L OUTPUT | grep P2PARTISAN-OUT
  150.     do
  151.         iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  152.     done
  153.     iptables -F P2PARTISAN-DROP-IN 2> /dev/null
  154.     iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
  155.     iptables -F P2PARTISAN-IN 2> /dev/null
  156.     iptables -F P2PARTISAN-OUT 2> /dev/null
  157.     iptables -X P2PARTISAN-DROP-IN 2> /dev/null
  158.     iptables -X P2PARTISAN-DROP-OUT 2> /dev/null   
  159.     iptables -X P2PARTISAN-IN 2> /dev/null
  160.     iptables -X P2PARTISAN-OUT 2> /dev/null
  161.     ipset -F
  162.     for i in `ipset --list | grep Name | cut -f2 -d ":" `; do
  163.         ipset -X $i
  164.     done
  165.     chmod 777 ./*.gz
  166.     [ -f iptables-add ] && rm iptables-add
  167.     [ -f iptables-del ] && rm iptables-del
  168.     [ -f ipset-del ] && rm ipset-del
  169.     [ -f $pidfile ] && rm -f "$pidfile" 2> /dev/null
  170. plog "Unloading ipset modules"
  171.     lsmod | grep "ipt_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ipt_set 2> /dev/null
  172.     lsmod | grep "ip_set_iptreemap" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set_iptreemap 2> /dev/null
  173.     lsmod | grep "ip_set" > /dev/null 2>&1 && sleep 2 ; rmmod -f ip_set 2> /dev/null
  174. plog "Stopping P2Partisan"
  175. }
  176.  
  177. pstatus() {
  178.     running3=`iptables -L | grep P2PARTISAN-IN  2> /dev/null | wc -l`
  179.     running4=`[ -f $pidfile ] && echo 1 || echo 0`
  180.     running5=`nvram get script_fire | grep p2partisan >/dev/null && echo Yes || echo No`
  181.     running6=`cru l | grep P2Partisan-update >/dev/null && echo Yes || echo No`
  182.     running7=`tail -200 /var/log/messages | grep Rejected | tail -1`
  183.    
  184.     from=`head -1 ./iptables-add 2> /dev/null | cut -c3-`
  185.     drop_packet_count_in=`iptables -vL P2PARTISAN-DROP-IN 2> /dev/null| grep " DROP " | awk '{print $1}'`
  186.     drop_packet_count_out=`iptables -vL P2PARTISAN-DROP-OUT 2> /dev/null| grep " REJECT " | awk '{print $1}'`
  187.    
  188.    
  189.     if [[ $running3 -eq "0" ]] && [[ $running4 -eq "0" ]]; then
  190.         running8=No
  191.     elif [[ $running3 -eq "0" ]] && [[ $running4 -eq "1" ]]; then
  192.         running8=Loading...
  193.     elif [[ $running3 -gt "0" ]] && [[ $running4 -eq "0" ]]; then
  194.         running8=Not quite... try to run \"p2partisan.sh update\"
  195.     else
  196.         running8=Yes
  197.     fi
  198.    
  199.     echo "################### P2Partisan ##########################
  200. #   Release version: $version
  201. ################# P2Partisan status #####################
  202. #   P2Partisan running:   $running8
  203. #   P2Partisan autorun:   $running5
  204. #   P2Partisan scheduled: $running6
  205. #########################################################
  206. #   P2Partisan activity since: $from
  207. #   Dropped connections inbound: $drop_packet_count_in
  208. #   Rejected connections outbound: $drop_packet_count_out
  209. ################# Last log recorded #####################
  210. #   Remember your max logs per hour is set to: $maxloghour
  211. $running7
  212. #########################################################"
  213. }
  214.  
  215. if [ $autorun_availability_check = 1 ]; then
  216. av="while true; do [ -f $P2Partisandir/p2partisan.sh ] && break || sleep 5; done ;"
  217. fi
  218.  
  219. pautorunset() {
  220.     p=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
  221.     if [ $p -eq "0" ] ; then
  222.         t=`nvram get script_fire`; t=`printf "$t\n$av$P2Partisandir/p2partisan.sh\n"` ; nvram set "script_fire=$t"
  223.     fi
  224.     plog "P2Partisan AUTO RUN is ON"
  225.     nvram commit
  226. }
  227.  
  228. pautorununset() {
  229.     p=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
  230.     if [ $p -eq "1" ]; then
  231.     t=`nvram get script_fire`; t=`printf "$t\n$P2Partisandir/p2partisan.sh\n" | grep -v p2partisan` ; nvram set "script_fire=$t"
  232.     fi
  233.     plog "P2Partisan AUTO RUN is OFF"
  234.     nvram commit
  235. }
  236.  
  237. pscheduleset() {
  238.     cru d P2Partisan-update
  239.     cru a P2Partisan-update "$schedule $P2Partisandir/p2partisan.sh paranoia-update"
  240.     pp=`nvram get script_fire | grep "p2partisan.sh" | grep -v cru | wc -l`
  241.     p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
  242.     if [ $p -eq "0" ] ; then
  243.         if [ $pp -eq "0" ]; then
  244.         t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
  245.         else
  246.         pautorununset
  247.         t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n"` ; nvram set "script_fire=$t"
  248.         pautorunset
  249.         fi
  250.     fi
  251.     plog "P2Partisan AUTO UPDATE is ON"
  252.     nvram commit
  253. }
  254.  
  255. pscheduleunset() {
  256.     cru d P2Partisan-update
  257.     p=`nvram get script_fire | grep "cru a P2Partisan-update" | wc -l`
  258.     if [ $p -eq "1" ] ; then
  259.     t=`nvram get script_fire`; t=`printf "$t\ncru a P2Partisan-update \"$schedule $P2Partisandir/p2partisan.sh paranoia-update\"\n" | grep -v "cru a P2Partisan-update"` ; nvram set "script_fire=$t"
  260.     fi
  261.     plog "P2Partisan AUTO UPDATE is OFF"
  262.     nvram commit
  263. }
  264.  
  265. pstart() {
  266.     running4=`[ -f $pidfile ] && echo 1 || echo 0`
  267.     if [ $running4 -eq "0" ] ; then
  268.  
  269.     echo $$ > $pidfile
  270.  
  271.     sleep 2
  272.    
  273.     [ -f iptables-add ] && rm iptables-add
  274.     [ -f iptables-del ] && rm iptables-del
  275.     [ -f ipset-del ] && rm ipset-del
  276.      
  277.     echo "### PREPARATION ###"
  278.     echo "Loading the ipset modules"
  279.     lsmod | grep "ip_set" > /dev/null 2>&1 || insmod ip_set
  280.     lsmod | grep "ip_set_iptreemap" > /dev/null 2>&1 || insmod ip_set_iptreemap
  281.     lsmod | grep "ipt_set" > /dev/null 2>&1 || insmod ipt_set
  282.  
  283. counter=0
  284. pos=1
  285. couscous=`cat blacklist-custom | grep -v "^#" | grep -v "^$" | wc -l`
  286.  
  287.         echo "### CUSTOM BLACKLIST ###
  288. blacklist-custom file -> $couscous entries found"
  289.  if [ $couscous -eq "0" ]; then
  290.         echo "No custom blacklist entries found: skipping"
  291.  else
  292.         echo "loading blacklist #$counter --> ***Custom IP blacklist***"
  293.         ipset --create blacklist-custom iptreemap
  294.         if [ -e blacklist-custom ]; then
  295.         for IP in `cat blacklist-custom | grep -v "^#" | grep -v "^$" | cut -d: -f2`
  296.             do
  297.                 ipset -A blacklist-custom $IP
  298.             done
  299.         fi
  300. fi
  301.    
  302. echo "### WHITELIST ###"
  303.        
  304.     whiteports_number=`echo $whiteports | tr -d '\n' | sed 's/,/,\n/g' | sed 's/:/:\n/g' | wc -l`
  305.         a=1
  306.         b=8
  307.         rounds=`echo $(( $whiteports_number / $b ))`
  308.         if [ $rounds -eq 0 ]; then rounds="1"; fi
  309.     while [ $rounds -gt 0 ]
  310.     do
  311.         w=`echo $whiteports | cut -d"," -f $a-$b`
  312.         a=`echo $(( $a + $b ))`
  313.         b=`echo $(( $b + $b ))`
  314.     echo "loading whitelisted ports $w exemption"
  315. whitep="${whitep}iptables -A P2PARTISAN-IN -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
  316. iptables -A P2PARTISAN-IN -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
  317. iptables -A P2PARTISAN-IN -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
  318. iptables -A P2PARTISAN-IN -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
  319. iptables -A P2PARTISAN-OUT -p tcp --match multiport --sports $w -j ACCEPT 2> /dev/null
  320. iptables -A P2PARTISAN-OUT -p udp --match multiport --sports $w -j ACCEPT 2> /dev/null
  321. iptables -A P2PARTISAN-OUT -p tcp --match multiport --dports $w -j ACCEPT 2> /dev/null
  322. iptables -A P2PARTISAN-OUT -p udp --match multiport --dports $w -j ACCEPT 2> /dev/null
  323. "
  324.     rounds=`echo $(( $rounds - 1 ))`
  325.     done
  326.  
  327.  
  328.         echo "# $now
  329. iptables -N P2PARTISAN-IN 2> /dev/null
  330. iptables -N P2PARTISAN-OUT 2> /dev/null
  331. iptables -N P2PARTISAN-DROP-IN 2> /dev/null
  332. iptables -N P2PARTISAN-DROP-OUT 2> /dev/null
  333. iptables -F P2PARTISAN-IN 2> /dev/null
  334. iptables -F P2PARTISAN-OUT 2> /dev/null
  335. iptables -F P2PARTISAN-DROP-IN 2> /dev/null
  336. iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
  337. iptables -A P2PARTISAN-IN -m set --set blacklist-custom src -j P2PARTISAN-DROP-IN 2> /dev/null
  338. iptables -A P2PARTISAN-OUT -m set --set blacklist-custom src -j P2PARTISAN-DROP-OUT 2> /dev/null
  339. $whitep" >> iptables-add
  340.  
  341.  
  342.         echo "# $now
  343. iptables -D wanin -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  344. iptables -D wanout -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  345. iptables -D INPUT -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  346. iptables -D INPUT -i $lanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  347. iptables -D OUTPUT -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  348. iptables -F P2PARTISAN-DROP-IN 2> /dev/null
  349. iptables -F P2PARTISAN-DROP-OUT 2> /dev/null
  350. iptables -F P2PARTISAN-IN 2> /dev/null
  351. iptables -F P2PARTISAN-OUT 2> /dev/null
  352. iptables -X P2PARTISAN-IN 2> /dev/null
  353. iptables -X P2PARTISAN-OUT 2> /dev/null
  354. iptables -X P2PARTISAN-DROP-IN 2> /dev/null
  355. iptables -X P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-del
  356.  
  357.  
  358. echo "preparing the IP whitelist for the iptables"
  359. #Load the whitelist
  360. if [ "$(ipset --swap whitelist whitelist 2>&1 | grep 'Unknown set')" != "" ]
  361.     then
  362.     ipset --create whitelist iptreemap
  363.     cat whitelist | grep -v "^10." | grep -v "^172.16." | grep -v "^192.168." |
  364.     (
  365.     while read IP
  366.     do
  367.             echo "$IP" | grep "^#" >/dev/null 2>&1 && continue
  368.             echo "$IP" | grep "^$" >/dev/null 2>&1 && continue
  369.                     ipset -A whitelist $IP
  370.             done
  371.     )
  372. fi
  373.         echo "# $now
  374. ipset -F
  375. ipset -X blacklist-custom
  376. ipset -X whitelist" > ipset-del
  377.  
  378.             echo "loading the IP whitelist"
  379.             echo "iptables -A P2PARTISAN-IN -m set --set whitelist src -j ACCEPT 2> /dev/null
  380. iptables -A P2PARTISAN-OUT -m set --set whitelist dst -j ACCEPT 2> /dev/null" >> iptables-add
  381.  
  382.         if [ $syslogs -eq "1" ]; then        
  383.             echo "iptables -A P2PARTISAN-DROP-IN -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Dropped: \" --log-level 1 2> /dev/null" >> iptables-add
  384.             echo "iptables -A P2PARTISAN-DROP-OUT -m limit --limit $maxloghour/hour --limit-burst 1 -j LOG --log-prefix \"P2Partisan Rejected: \" --log-level 1 2> /dev/null" >> iptables-add
  385.        
  386.         fi
  387.         echo "iptables -A P2PARTISAN-DROP-IN -j DROP"  >> iptables-add
  388.         echo "iptables -A P2PARTISAN-DROP-OUT -j REJECT --reject-with icmp-admin-prohibited"  >> iptables-add
  389.  
  390.  
  391. echo "### BLACKLISTs ###"
  392.    
  393.     cat blacklists |
  394.    (
  395.     while read line
  396.     do
  397.             echo "$line" | grep "^#" >/dev/null 2>&1 && continue
  398.             echo "$line" | grep "^$" >/dev/null 2>&1 && continue
  399.             counter=`expr $counter + 1`
  400.             name=`echo $line |cut -d ' ' -f1`
  401.             url=`echo $line |cut -d ' ' -f2`
  402.             echo "loading blacklist #$counter --> ***$name***"
  403.      
  404.     if [ $fastroutine -eq "1" ]; then
  405.      
  406.      if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
  407.       then
  408.  
  409.           [ -e $name.gz ] || wget -q -O $name.gz "$url"
  410.           { echo "-N $name iptreemap"
  411.             gunzip -c  $name.gz | \
  412.             sed -e "/^[\t ]*#.*\|^[\t ]*$/d;s/^.*:/-A $name /"
  413.             echo COMMIT
  414.           } | ipset -R
  415.      fi
  416.     else
  417.      
  418.         if [ "$(ipset --swap $name $name 2>&1 | grep 'Unknown set')" != "" ]
  419.             then
  420.             ipset --create $name iptreemap
  421.             [ -e $name.lst ] || wget -q -O - "$url" | gunzip | cut -d: -f2 | grep -E "^[-0-9.]+$" > $name.lst
  422.             for IP in $(cat $name.lst)
  423.                     do
  424.                     ipset -A $name $IP
  425.                     done
  426.             fi
  427.              
  428.     fi
  429.  
  430.                 echo "ipset -X $name " >> ipset-del
  431.                 echo "iptables -A P2PARTISAN-IN -m set --set $name src -j P2PARTISAN-DROP-IN 2> /dev/null
  432. iptables -A P2PARTISAN-OUT -m set --set $name dst -j P2PARTISAN-DROP-OUT 2> /dev/null" >> iptables-add 
  433.             done
  434.     )
  435.  
  436.  
  437.         if [ $protection -eq "1" ]; then
  438.             echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  439. iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add
  440.         elif [ $protection -eq "2" ]; then
  441.             echo "iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  442. iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  443. iptables -I INPUT $pos -i $lanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null" >> iptables-add
  444.         elif [ $protection -eq "3" ]; then
  445.             echo "iptables -I INPUT $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  446. iptables -I INPUT $pos -i $lanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  447. iptables -I OUTPUT $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null
  448. iptables -I wanin $pos -i $wanif -m state --state NEW -j P2PARTISAN-IN 2> /dev/null
  449. iptables -I wanout $pos -o $wanif -m state --state NEW -j P2PARTISAN-OUT 2> /dev/null" >> iptables-add
  450.  
  451.         fi
  452.  
  453. chmod 777 ./iptables-*
  454. chmod 777 ./ipset-*
  455. ./iptables-add  #protecting
  456.  
  457. plog "... P2Partisan started."
  458.  
  459. p=`nvram get dnsmasq_custom | grep log-async | wc -l`
  460. if [ $p -eq "1" ]; then
  461.     plog "log-async found under dnsmasq -> OK"
  462. else
  463.     plog "
  464. It appears like you don't have a log-async parameter
  465. in your dnsmasq config. This is strongly suggested
  466. due to the amount of logs involved. please consider
  467. adding the following command under Advanced/DHCP/DNS
  468. /Dnsmasq Custom configuration
  469.  
  470. log-async=10
  471. "
  472. fi
  473.  
  474. punblock  #remove paranoia DROPs if any
  475.  
  476. else
  477.         echo "
  478.     It appears like P2Partisan is already running. Skipping...
  479.            
  480.     If this is not what you expected? Try:
  481.     p2partisan.sh update
  482.         "
  483.     fi
  484. }
  485.  
  486.  
  487. for p in $1
  488. do
  489. case "$p" in
  490.         "start")
  491.                 pstart
  492.                 exit
  493.                 ;;     
  494.         "stop")
  495.                 pforcestop
  496.                 exit
  497.                 ;;
  498.         "restart")
  499.                 pscheduleunset
  500.                 psoftstop
  501.                 pscheduleset
  502.                 ;;
  503.         "status")
  504.                 pstatus
  505.                 exit               
  506.                 ;;     
  507.         "update")
  508.                 pscheduleunset
  509.                 pforcestop
  510.                 pscheduleset
  511.                 ;;
  512.         "paranoia-update")
  513.                 pscheduleunset
  514.                 pblock
  515.                 pforcestop
  516.                 pscheduleset
  517.                 ;;
  518.         "autorun-on")
  519.                 pautorunset
  520.                 exit
  521.                 ;;
  522.         "autorun-off")
  523.                 pautorununset
  524.                 exit
  525.                 ;;
  526.         "autoupdate-on")
  527.                 pscheduleset
  528.                 exit
  529.                 ;;
  530.         "autoupdate-off")
  531.                 pscheduleunset
  532.                 exit
  533.                 ;;
  534.         "help")
  535.                 echo
  536. P2Partisan parameters:
  537.                
  538.     help        Display this text      
  539.     start       Starts the process (this runs also if no option
  540.             is provided)
  541.     stop        Stops P2Partisan
  542.     restart     Soft restart, quick, updates iptables only
  543.     update      Hard restart, slow removes p2partisan, updates
  544.             the lists and does a fresh start
  545.     paranoia-update Like update but blocks any new connection until
  546.             P2Partisan is running again
  547.     status      Display P2Partisan running status + extra info
  548.     autorun-on  Sets P2Partisan to boot with the router
  549.     autorun-off Sets P2Partisan not to boot with the router
  550.     autoupdate-on   Sets automatic updates on
  551.     autoupdate-off  Sets automatic updates off
  552.                 "
  553.                 exit
  554.                 ;;
  555.         *)
  556.                 echo "parameter not valid. please run:
  557.                
  558.     p2partisan.sh help
  559.     "
  560.                 exit
  561.             ;;
  562.  
  563. esac
  564. done
  565.  
  566. pstart
  567.  
  568. exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!