jablonka.czprosek.czf

freenet-router

Subversion Repositories:
[/] [trunk/] [freenet-router/] [etc/] [firewall/] [p2p] - Blame information for rev 2

 

Line No. Rev Author Line
12simandl#! /bin/sh
2# Firewall nove generace pro Czela Debian 3.0
3# Autor: Mirek Slugen
4# Spoluatori: Michal Perlik, Michal Vondracek, Jan Chmelensky
5# Vytvoreno: 06.11.2006
6# Naposledy zmeneno: 17.09.2007
7# Tento skript muzete volne sirit a upravovat.
8 
9# Protokoly, kterĂŠ budou zakĂĄzĂĄny
10P2P_PROTOCOLS="bittorrent directconnect edonkey http-itunes soulseek"
11 
12# implementace zakazani P2P paketu
13p2p_start() {
14 p2p_stop
15 echo -n "Rejecting P2P packets on: "
16 # Zjisitime kde chceme mit zakazane P2P site
17 I="0"
18 NO_P2P_DEVS=""
19 while [ "$I" -lt 15 ]; do
20 DEV=DEV${I}_IFACE
21 DEV=${!DEV}
22 NO_P2P_DEV=DEV${I}_NO_P2P
23 NO_P2P_DEV=${!NO_P2P_DEV}
24 if [ "$NO_P2P_DEV" == "yes" ] && [ "$DEV" != "" ]; then
25 # A pro dana rozhrani opravdu P2P site zakazeme
26 echo -n "$DEV"
27 for protocol in $P2P_PROTOCOLS; do
28 $IPTABLES -I FORWARD -i "$DEV" -m layer7 --l7proto "$protocol" -j REJECT
29 $IPTABLES -I FORWARD -o "$DEV" -m layer7 --l7proto "$protocol" -j REJECT
30 done
31 fi
32 I="`expr $I + 1`"
33 done
34 echo "."
35}
36 
37p2p_stop() {
38 for I in `$IPTABLES -L FORWARD -n -v --line-numbers | grep REJECT | grep LAYER7 | awk '{print $1}' | sort -r -n`; do
39 $IPTABLES -D FORWARD $I
40 done
41}
42 
43p2p_allow_all() {
44 p2p_stop
45}
46 
47p2p_deny_all() {
48 for protocol in $P2P_PROTOCOLS; do
49 $IPTABLES -I FORWARD -m layer7 --l7proto "$protocol" -j REJECT
50 done
51}
52 
53p2p_allow_ip() {
54 [ "$1" == "" ] && return 0
55 
56 for I in `$IPTABLES -L FORWARD -n -v --line-numbers | grep $1 | grep LAYER7 | awk '{print $1}' | sort -r -n`; do
57 $IPTABLES -D FORWARD $I
58 done
59 for protocol in $P2P_PROTOCOLS; do
60 $IPTABLES -I FORWARD -d $1 -m layer7 --l7proto "$protocol" -j ACCEPT
61 $IPTABLES -I FORWARD -s $1 -m layer7 --l7proto "$protocol" -j ACCEPT
62 done
63}
64 
65p2p_deny_ip() {
66 [ "$1" == "" ] && return 0
67 
68 for I in `$IPTABLES -L FORWARD -n -v --line-numbers | grep $1 | grep LAYER7 | awk '{print $1}' | sort -r -n`; do
69 $IPTABLES -D FORWARD $I
70 done
71 for protocol in $P2P_PROTOCOLS; do
72 $IPTABLES -I FORWARD -d $1 -m layer7 --l7proto "$protocol" -j REJECT
73 $IPTABLES -I FORWARD -s $1 -m layer7 --l7proto "$protocol" -j REJECT
74 done
75}

Powered by WebSVN 2.2.1