Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- set -x # uncomment/comment to enable/disable debug mode
- # name: tomato-ovpn-redirect-domains-to-wan.sh
- # version: 1.0.0, 16-Mar-2016, by eibgrad
- # purpose: redirect specific domains back to WAN
- # script type: firewall
- # dd-wrt ref: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291005
- # installation:
- # 1. add ipset directive w/ your domains to DNSMasq custom configuration:
- # e.g., ipset=/ipchicken.com/netflix.com/nflxvideo.net/lan2wan
- # 2. install script in the router's firewall script
- # 3. enable syslogd service (required for debug mode)
- # 4. reboot
- (
- TID="200"
- FW_MARK="0x88"
- IPSET="lan2wan"
- # cleanup from prior execution
- (
- # stop split tunnel
- ip rule del fwmark $FW_MARK table $TID
- # delete firewall rule
- iptables -t mangle -D PREROUTING -m set --set $IPSET dst -j MARK --set-mark $FW_MARK
- # delete ipset hash table
- ipset -F $IPSET
- ipset -X $IPSET
- # delete alternate routing table
- ip route flush table $TID
- # force routing system to recognize our changes
- ip route flush cache
- # enable reverse path filtering
- for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $i; done
- sleep 3
- ) >/dev/null 2>&1
- # quit if neither OpenVPN client is active
- ! ip route show | egrep -q 'tun1[1-2]' && exit
- # copy main routing table (exclude all default gateway routes)
- ip route show | egrep -v '^default|^0.0.0.0/1|^128.0.0.0/1' \
- | while read route; do
- ip route add $route table $TID
- done
- # add WAN as default gateway
- ip route add default via $(nvram get wan_gateway) table $TID
- # force routing system to recognize our changes
- ip route flush cache
- # disable reverse path filtering
- for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $i; done
- # load required netfilter modules
- (modprobe xt_set || modprobe ipt_set) 2>/dev/null
- # create ipset hash table
- ipset -N $IPSET iphash -q
- ipset -F $IPSET
- # add firewall rule
- iptables -t mangle -I PREROUTING -m set --set $IPSET dst -j MARK --set-mark $FW_MARK
- # start split tunnel
- ip rule add fwmark $FW_MARK table $TID
- ) 2>&1 | logger -t "ovpn_split[$$]"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement