freenet-router |
Subversion Repositories: |
Compare with Previous - Blame - Download
#! /bin/sh
# Firewall nove generace pro Czela Debian 3.0
# Autor: Mirek Slugen
# Spoluatori: Michal Perlik, Michal Vondracek, Jan Chmelensky
# Vytvoreno: 06.11.2006
# Naposledy zmeneno: 17.09.2007
# Tento skript muzete volne sirit a upravovat.
# Protokoly, kterĂŠ budou zakĂĄzĂĄny
P2P_PROTOCOLS="bittorrent directconnect edonkey http-itunes soulseek"
# implementace zakazani P2P paketu
p2p_start() {
p2p_stop
echo -n "Rejecting P2P packets on: "
# Zjisitime kde chceme mit zakazane P2P site
I="0"
NO_P2P_DEVS=""
while [ "$I" -lt 15 ]; do
DEV=DEV${I}_IFACE
DEV=${!DEV}
NO_P2P_DEV=DEV${I}_NO_P2P
NO_P2P_DEV=${!NO_P2P_DEV}
if [ "$NO_P2P_DEV" == "yes" ] && [ "$DEV" != "" ]; then
# A pro dana rozhrani opravdu P2P site zakazeme
echo -n "$DEV"
for protocol in $P2P_PROTOCOLS; do
$IPTABLES -I FORWARD -i "$DEV" -m layer7 --l7proto "$protocol" -j REJECT
$IPTABLES -I FORWARD -o "$DEV" -m layer7 --l7proto "$protocol" -j REJECT
done
fi
I="`expr $I + 1`"
done
echo "."
}
p2p_stop() {
for I in `$IPTABLES -L FORWARD -n -v --line-numbers | grep REJECT | grep LAYER7 | awk '{print $1}' | sort -r -n`; do
$IPTABLES -D FORWARD $I
done
}
p2p_allow_all() {
p2p_stop
}
p2p_deny_all() {
for protocol in $P2P_PROTOCOLS; do
$IPTABLES -I FORWARD -m layer7 --l7proto "$protocol" -j REJECT
done
}
p2p_allow_ip() {
[ "$1" == "" ] && return 0
for I in `$IPTABLES -L FORWARD -n -v --line-numbers | grep $1 | grep LAYER7 | awk '{print $1}' | sort -r -n`; do
$IPTABLES -D FORWARD $I
done
for protocol in $P2P_PROTOCOLS; do
$IPTABLES -I FORWARD -d $1 -m layer7 --l7proto "$protocol" -j ACCEPT
$IPTABLES -I FORWARD -s $1 -m layer7 --l7proto "$protocol" -j ACCEPT
done
}
p2p_deny_ip() {
[ "$1" == "" ] && return 0
for I in `$IPTABLES -L FORWARD -n -v --line-numbers | grep $1 | grep LAYER7 | awk '{print $1}' | sort -r -n`; do
$IPTABLES -D FORWARD $I
done
for protocol in $P2P_PROTOCOLS; do
$IPTABLES -I FORWARD -d $1 -m layer7 --l7proto "$protocol" -j REJECT
$IPTABLES -I FORWARD -s $1 -m layer7 --l7proto "$protocol" -j REJECT
done
}