71 lines
1.7 KiB
PHP
71 lines
1.7 KiB
PHP
|
remove_old()
|
||
|
{
|
||
|
# remove the rules from PREROUTING
|
||
|
$IPT -t nat -F $CHAIN_FORWARD_CHECK 2>/dev/null && $IPT -t nat -D PREROUTING -i $IF_SRC -j $CHAIN_FORWARD_CHECK
|
||
|
$IPT -t nat -F $CHAIN_REDIRECT 2>/dev/null && $IPT -t nat -D PREROUTING -i $IF_SRC -j $CHAIN_REDIRECT
|
||
|
|
||
|
# empty and remove chains if they exist
|
||
|
for a in $CHAIN_FORWARD_ACTION $CHAIN_FORWARD_CHECK $CHAIN_REDIRECT
|
||
|
do $IPT -t nat -F $a 2>/dev/null && $IPT -t nat -X $a
|
||
|
true
|
||
|
done
|
||
|
}
|
||
|
|
||
|
|
||
|
init_chains()
|
||
|
{
|
||
|
# create chains
|
||
|
for a in $CHAIN_FORWARD_ACTION $CHAIN_FORWARD_CHECK $CHAIN_REDIRECT
|
||
|
do $IPT -t nat -N $a
|
||
|
done
|
||
|
|
||
|
# all packets from the specified interface go to the general chain
|
||
|
$IPT -t nat -A PREROUTING -i $IF_SRC -j $CHAIN_FORWARD_CHECK
|
||
|
$IPT -t nat -A PREROUTING -i $IF_SRC -j $CHAIN_REDIRECT
|
||
|
|
||
|
# rules for CHAIN_REDIRECT
|
||
|
$IPT -t nat -A $CHAIN_REDIRECT -p tcp --dport 80 -j DNAT --to-destination $SPLASH_SERVER
|
||
|
$IPT -t nat -A $CHAIN_REDIRECT -p tcp --dport 80 -j ACCEPT
|
||
|
$IPT -t nat -A $CHAIN_REDIRECT -j $REJECT_ACTION
|
||
|
|
||
|
# all registered senders are simply accepted
|
||
|
$IPT -t nat -A $CHAIN_FORWARD_ACTION -j ACCEPT
|
||
|
}
|
||
|
|
||
|
|
||
|
get_IPs()
|
||
|
# prints out all active forwards line by line
|
||
|
# every line consists of: "Number of Packets" and "IP"
|
||
|
{
|
||
|
iptables -t nat -L "$CHAIN_FORWARD_CHECK" -vnx | sed "1,2d; s/ */ /g" | cut -d " " -f 2,9
|
||
|
# get all active forward chains
|
||
|
# remove the first two lines
|
||
|
# remove multiple spaces
|
||
|
# take only the number of packets and the IP
|
||
|
}
|
||
|
|
||
|
|
||
|
register_IP()
|
||
|
# add a new allowed IP
|
||
|
{
|
||
|
eval `echo "$RULE_ADD" | sed "s/_IP_/$1/g"`
|
||
|
}
|
||
|
|
||
|
|
||
|
unregister_IP()
|
||
|
# remove the specified IP
|
||
|
{
|
||
|
eval `echo "$RULE_DEL" | sed "s/_IP_/$1/g"`
|
||
|
}
|
||
|
|
||
|
|
||
|
refresh_IP_list()
|
||
|
{
|
||
|
local NUM
|
||
|
local IP
|
||
|
get_IPs | while read NUM IP
|
||
|
do [ "$NUM" = "0" ] && unregister_IP "$IP"
|
||
|
done
|
||
|
}
|
||
|
|