jablonka.czprosek.czf

freenet-router

Subversion Repositories:
[/] [trunk/] [freenet-router/] [etc/] [firewall/] [p2p] - Rev 2

Compare with Previous - Blame - Download


#! /bin/sh
# Firewall nove generace pro Czela Debian 3.0
# Autor: Mirek Slugen
# Spoluatori: Michal Perlik, Michal Vondracek, Jan Chmelensky
# Vytvoreno: 06.11.2006
# Naposledy zmeneno: 17.09.2007
# Tento skript muzete volne sirit a upravovat.

# Protokoly, kterĂŠ budou zakĂĄzĂĄny
P2P_PROTOCOLS="bittorrent directconnect edonkey http-itunes soulseek"

# implementace zakazani P2P paketu
p2p_start() {
    p2p_stop
    echo -n "Rejecting P2P packets on: "
    # Zjisitime kde chceme mit zakazane P2P site
    I="0"
    NO_P2P_DEVS=""
    while [ "$I" -lt 15 ]; do
        DEV=DEV${I}_IFACE
        DEV=${!DEV}
        NO_P2P_DEV=DEV${I}_NO_P2P
        NO_P2P_DEV=${!NO_P2P_DEV}
        if [ "$NO_P2P_DEV" == "yes" ] && [ "$DEV" != "" ]; then
            # A pro dana rozhrani opravdu P2P site zakazeme
            echo -n "$DEV"
            for protocol in $P2P_PROTOCOLS; do
                $IPTABLES -I FORWARD -i "$DEV" -m layer7 --l7proto "$protocol" -j REJECT
                $IPTABLES -I FORWARD -o "$DEV" -m layer7 --l7proto "$protocol" -j REJECT
            done
        fi
        I="`expr $I + 1`"
    done
    echo "."
}

p2p_stop() {
    for I in `$IPTABLES -L FORWARD -n -v --line-numbers | grep REJECT | grep LAYER7 | awk '{print $1}' | sort -r -n`; do
        $IPTABLES -D FORWARD $I
    done
}

p2p_allow_all() {
    p2p_stop
}

p2p_deny_all() {
    for protocol in $P2P_PROTOCOLS; do
        $IPTABLES -I FORWARD -m layer7 --l7proto "$protocol" -j REJECT
    done
}

p2p_allow_ip() {
    [ "$1" == "" ] && return 0

    for I in `$IPTABLES -L FORWARD -n -v --line-numbers | grep $1 | grep LAYER7 | awk '{print $1}' | sort -r -n`; do
        $IPTABLES -D FORWARD $I
    done
    for protocol in $P2P_PROTOCOLS; do
        $IPTABLES -I FORWARD -d $1 -m layer7 --l7proto "$protocol" -j ACCEPT
        $IPTABLES -I FORWARD -s $1 -m layer7 --l7proto "$protocol" -j ACCEPT
    done
}

p2p_deny_ip() {
    [ "$1" == "" ] && return 0

    for I in `$IPTABLES -L FORWARD -n -v --line-numbers | grep $1 | grep LAYER7 | awk '{print $1}' | sort -r -n`; do
        $IPTABLES -D FORWARD $I
    done
    for protocol in $P2P_PROTOCOLS; do
        $IPTABLES -I FORWARD -d $1 -m layer7 --l7proto "$protocol" -j REJECT
        $IPTABLES -I FORWARD -s $1 -m layer7 --l7proto "$protocol" -j REJECT
    done
}

Powered by WebSVN 2.2.1