if [ $# -lt 1 ]
then
- echo "Usage: $(basename "$0") external_interface" 1>&2
+ echo "Usage: $(basename "$0") external_interface [external_addr]" 1>&2
exit 64
fi
exit 1
fi
+is_router=0
+if [ $# -gt 1 ]
+then
+ is_router=1
+ EXT_ADDR="$2"
+fi
+
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -X
$IPTABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
$IP6TABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
+if [ $is_router -gt 0 ]
+then
+ $IPTABLES -t nat -A POSTROUTING -o ${EXT_IF} -j SNAT --to ${EXT_ADDR}
+fi
+
./services.sh ${EXT_IF}
create_drop_chain xenophobe
INT6_IF=eth5
SUBNET6='2001:470:1f05:cb8::/64'
-UPLINK=11232 #kbit
-BURST=15 #k
-
# note that behavior between v4 and v6 is slightly different
###
https # only https
+tinc
openvpn 1194/udp # openvpn udp
6881-6999/tcp 6881-6999/udp 51333/tcp 51333/udp # bittorrent
22556/tcp # dogecoind
set -e
-. ./common.sh
+# . ./common.sh
+IPTABLES=$(which iptables)
+IP6TABLES=$(which ip6tables)
+IPSET=$(which ipset)
+TC=$(which tc)
if [ $# -lt 1 ]
then
if ! $IP6TABLES -t mangle -L "${SHAPE_CHAIN}" >/dev/null 2>&1
then
echo "initializing ipv6 chain '${SHAPE_CHAIN}'"
- $iP6TABLES -t mangle -N "${SHAPE_CHAIN}"
+ $IP6TABLES -t mangle -N "${SHAPE_CHAIN}"
fi
# prioritize small and responsive things
5.101.40.0/24
+5.188.203.114/32
13.69.26.191/32
31.207.47.36/32
42.119.176.0/20
91.197.232.0/24
103.79.140.0/22
103.89.88.0/22
+103.114.104.0/22
103.207.36.0/22
195.162.95.35/32
212.83.141.117/32
5.101.40.10/32
+5.188.203.113/32
+27.79.255.255/12
+31.20.77.44/32
+91.236.116.89/32
103.56.156.0/22
103.89.88.0/22
+103.99.0.0/22
+103.114.104.0/22
118.70.128.0/20
163.172.113.3/32
-171.224.0.0/16
+171.224.0.0/15
+193.105.134.0/24
+195.154.0.0/16
+203.76.109.100/32
+212.83.160.0/19
212.129.0.0/18