tomato-ovpn-redirect-domains-to-wan-291005.sh

1. #!/bin/sh
2. set -x # uncomment/comment to enable/disable debug mode
3.  
4. #         name: tomato-ovpn-redirect-domains-to-wan.sh
5. #      version: 1.0.0, 16-Mar-2016, by eibgrad
6. #      purpose: redirect specific domains back to WAN
7. #  script type: firewall
8. #   dd-wrt ref: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291005
9. # installation:
10. #   1. add ipset directive w/ your domains to DNSMasq custom configuration:
11. #      e.g., ipset=/ipchicken.com/netflix.com/nflxvideo.net/lan2wan
12. #   2. install script in the router's firewall script
13. #   3. enable syslogd service (required for debug mode)
14. #   4. reboot
15.  
16. (
17. TID="200"
18. FW_MARK="0x88"
19. IPSET="lan2wan"
20.  
21. # cleanup from prior execution
22. (
23. # stop split tunnel
24. ip rule del fwmark $FW_MARK table $TID
25.  
26. # delete firewall rule
27. iptables -t mangle -D PREROUTING -m set --set $IPSET dst -j MARK --set-mark $FW_MARK
28.  
29. # delete ipset hash table
30. ipset -F $IPSET
31. ipset -X $IPSET
32.  
33. # delete alternate routing table
34. ip route flush table $TID
35.  
36. # force routing system to recognize our changes
37. ip route flush cache
38.  
39. # enable reverse path filtering
40. for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $i; done
41.  
42. sleep 3
43. ) >/dev/null 2>&1
44.  
45. # quit if neither OpenVPN client is active
46. ! ip route show | egrep -q 'tun1[1-2]' && exit
47.  
48. # copy main routing table (exclude all default gateway routes)
49. ip route show | egrep -v '^default|^0.0.0.0/1|^128.0.0.0/1' \
50.   | while read route; do
51.         ip route add $route table $TID
52.     done
53.  
54. # add WAN as default gateway
55. ip route add default via $(nvram get wan_gateway) table $TID
56.  
57. # force routing system to recognize our changes
58. ip route flush cache
59.  
60. # disable reverse path filtering
61. for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $i; done
62.  
63. # load required netfilter modules
64. (modprobe xt_set || modprobe ipt_set) 2>/dev/null
65.  
66. # create ipset hash table
67. ipset -N $IPSET iphash -q
68. ipset -F $IPSET
69.  
70. # add firewall rule
71. iptables -t mangle -I PREROUTING -m set --set $IPSET dst -j MARK --set-mark $FW_MARK
72.  
73. # start split tunnel
74. ip rule add fwmark $FW_MARK table $TID
75.  
76. ) 2>&1 | logger -t "ovpn_split[$$]"