60 lines
1.2 KiB
Bash
Executable file
60 lines
1.2 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
set -ue
|
|
|
|
. web-splash.conf
|
|
|
|
remove_old()
|
|
{
|
|
# remove the rules from PREROUTING
|
|
$IPT -t nat -D PREROUTING -j $CHAIN_ALL
|
|
|
|
# empty and remove chains if they exist
|
|
for a in $CHAIN_FORWARD $CHAIN_REDIRECT $CHAIN_ALL
|
|
do $IPT -F $a 2>/dev/null && $IPT -X $a
|
|
done
|
|
}
|
|
|
|
|
|
init_chains()
|
|
{
|
|
# create chains
|
|
for a in $CHAIN_FORWARD $CHAIN_REDIRECT $CHAIN_ALL
|
|
do $IPT -N $a
|
|
done
|
|
|
|
# all packets from the specified interface go to the general chain
|
|
$IPT -t nat -A PREROUTING -i $IF_SRC -j $CHAIN_ALL
|
|
|
|
# default rules for CHAIN_ALL
|
|
# excetions will be handled by rules that are inserted before them
|
|
$IPT -A $CHAIN_ALL -p tcp --dport 80 -j $CHAIN_REDIRECT
|
|
$IPT -A $CHAIN_ALL -p tcp --dport 80 -j ACCEPT
|
|
$IPT -A $CHAIN_ALL -j $REJECT_ACTION
|
|
|
|
# all registered senders are simply accepted
|
|
$IPT -A $CHAIN_FORWARD -j ACCEPT
|
|
|
|
# all unregistered senders get redirected
|
|
$IPT -A $CHAIN_REDIRECT -j DNAT --to-destination $SPLASH_SERVER
|
|
$IPT -A $CHAIN_REDIRECT -j ACCEPT
|
|
}
|
|
|
|
|
|
ACTION="--help"
|
|
[ $# -gt 0 ] && ACTION="$1"
|
|
|
|
case "$ACTION" in
|
|
start|restart )
|
|
remove_old
|
|
init_chains
|
|
;;
|
|
stop )
|
|
remove_old
|
|
;;
|
|
* )
|
|
echo "Syntax: $0 {start|stop|restart}"
|
|
echo
|
|
;;
|
|
esac
|