first try

web-splash/web-splash.sh

@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -ue
+
+. web-splash.conf
+
+remove_old()
+{
+	# remove the rules from PREROUTING
+	$IPT -t nat -D PREROUTING -j $CHAIN_ALL
+	
+	# empty and remove chains if they exist
+	for a in $CHAIN_FORWARD $CHAIN_REDIRECT $CHAIN_ALL
+		do	$IPT -F $a 2>/dev/null && $IPT -X $a
+	  done
+}
+
+
+init_chains()
+{
+	# create chains
+	for a in $CHAIN_FORWARD $CHAIN_REDIRECT $CHAIN_ALL
+		do	$IPT -N $a
+	  done
+	
+	# all packets from the specified interface go to the general chain
+	$IPT -t nat -A PREROUTING -i $IF_SRC -j $CHAIN_ALL
+
+	# default rules for CHAIN_ALL
+	# excetions will be handled by rules that are inserted before them
+	$IPT -A $CHAIN_ALL -p tcp --dport 80 -j $CHAIN_REDIRECT
+	$IPT -A $CHAIN_ALL -p tcp --dport 80 -j ACCEPT
+	$IPT -A $CHAIN_ALL -j $REJECT_ACTION
+
+	# all registered senders are simply accepted
+	$IPT -A $CHAIN_FORWARD -j ACCEPT
+
+	# all unregistered senders get redirected
+	$IPT -A $CHAIN_REDIRECT -j DNAT --to-destination $SPLASH_SERVER
+	$IPT -A $CHAIN_REDIRECT -j ACCEPT
+}
+
+
+ACTION="--help"
+[ $# -gt 0 ] && ACTION="$1"
+
+case "$ACTION" in
+	start|restart )
+		remove_old
+		init_chains
+		;;
+	stop )
+		remove_old
+		;;
+	* )
+		echo "Syntax: $0 {start|stop|restart}"
+		echo
+		;;
+  esac