minor updates to scripts

diff --git a/firewall.sh b/firewall.sh
index 8bf61607de02fcbf03af62915316e24eda5226b0..c55762f75a0db702c9efe4a1ef5ebe935c21d606 100755 (executable)
--- a/firewall.sh
+++ b/firewall.sh
@@ -15,7 +15,7 @@ fi
 
 if [ $# -lt 1 ]
 then
 
 if [ $# -lt 1 ]
 then

-       echo "Usage: $(basename "$0") external_interface" 1>&2
+       echo "Usage: $(basename "$0") external_interface [external_addr]" 1>&2

        exit 64
 fi
 
        exit 64
 fi
 


@@ -26,6 +26,13 @@ then
        exit 1
 fi
 
        exit 1
 fi
 

+is_router=0
+if [ $# -gt 1 ]
+then
+       is_router=1
+       EXT_ADDR="$2"
+fi
+

 $IPTABLES -F
 $IPTABLES -F INPUT
 $IPTABLES -X
 $IPTABLES -F
 $IPTABLES -F INPUT
 $IPTABLES -X


@@ -76,6 +83,11 @@ $IP6TABLES -A INPUT -p esp -j ACCEPT
 $IPTABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
 $IP6TABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
 
 $IPTABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
 $IP6TABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
 

+if [ $is_router -gt 0 ]
+then
+       $IPTABLES -t nat -A POSTROUTING -o ${EXT_IF} -j SNAT --to ${EXT_ADDR}
+fi
+

 ./services.sh ${EXT_IF}
 
 create_drop_chain xenophobe
 ./services.sh ${EXT_IF}
 
 create_drop_chain xenophobe

diff --git a/router.sh b/router.sh
index 7b2c5ad1b228e9c4805a405db795cefed1e4d235..c2c74c3123ee09b05f8fb6a4bd276f0d1199c283 100755 (executable)
--- a/router.sh
+++ b/router.sh
@@ -14,9 +14,6 @@ EXT6_IF=he6
 INT6_IF=eth5
 SUBNET6='2001:470:1f05:cb8::/64'
 
 INT6_IF=eth5
 SUBNET6='2001:470:1f05:cb8::/64'
 

-UPLINK=11232 #kbit
-BURST=15 #k
-

 # note that behavior between v4 and v6 is slightly different
 
 ###
 # note that behavior between v4 and v6 is slightly different
 
 ###

diff --git a/services.wark b/services.wark
index 30f52c52fc9b1315a6204baf0cbc6200e8b122ca..47a4fc06401c1fb902825498fd351735c322ce08 100644 (file)
--- a/services.wark
+++ b/services.wark
@@ -1,4 +1,5 @@
 https # only https
 https # only https

+tinc

 openvpn 1194/udp # openvpn udp
 6881-6999/tcp 6881-6999/udp 51333/tcp 51333/udp # bittorrent
 22556/tcp # dogecoind
 openvpn 1194/udp # openvpn udp
 6881-6999/tcp 6881-6999/udp 51333/tcp 51333/udp # bittorrent
 22556/tcp # dogecoind

diff --git a/shaper.sh b/shaper.sh
index 5b55d3fd4b8b3ebbfd78f35c4725262956c8a448..3b2c6229d4899e58b18e64d2a2e424f1059b38b6 100755 (executable)
--- a/shaper.sh
+++ b/shaper.sh
@@ -8,7 +8,11 @@ SHAPE_CHAIN='SHAPER-OUT'
 
 set -e
 
 
 set -e
 

-. ./common.sh
+# . ./common.sh
+IPTABLES=$(which iptables)
+IP6TABLES=$(which ip6tables)
+IPSET=$(which ipset)
+TC=$(which tc)

 
 if [ $# -lt 1 ]
 then
 
 if [ $# -lt 1 ]
 then


@@ -68,7 +72,7 @@ fi
 if ! $IP6TABLES -t mangle -L "${SHAPE_CHAIN}" >/dev/null 2>&1
 then
        echo "initializing ipv6 chain '${SHAPE_CHAIN}'"
 if ! $IP6TABLES -t mangle -L "${SHAPE_CHAIN}" >/dev/null 2>&1
 then
        echo "initializing ipv6 chain '${SHAPE_CHAIN}'"

-       $iP6TABLES -t mangle -N "${SHAPE_CHAIN}"
+       $IP6TABLES -t mangle -N "${SHAPE_CHAIN}"

 fi
 
 # prioritize small and responsive things
 fi
 
 # prioritize small and responsive things

diff --git a/xenophobe.cidr b/xenophobe.cidr
index 6b675cc9edc89b6fe310448d2934d86346f389c0..a28ce754c00a27bff9e9f6323af9c1a5c3ba35cd 100644 (file)
--- a/xenophobe.cidr
+++ b/xenophobe.cidr
@@ -1,10 +1,12 @@
 5.101.40.0/24
 5.101.40.0/24

+5.188.203.114/32

 13.69.26.191/32
 31.207.47.36/32
 42.119.176.0/20
 91.197.232.0/24
 103.79.140.0/22
 103.89.88.0/22
 13.69.26.191/32
 31.207.47.36/32
 42.119.176.0/20
 91.197.232.0/24
 103.79.140.0/22
 103.89.88.0/22

+103.114.104.0/22

 103.207.36.0/22
 195.162.95.35/32
 212.83.141.117/32
 103.207.36.0/22
 195.162.95.35/32
 212.83.141.117/32

diff --git a/xenophobe.cidr.wark b/xenophobe.cidr.wark
index 6c84d9fe94b6201afc5f7c7563e9972dddb1c99d..ffeb7beaa3094a30e5195fecf9d5e67cacc83558 100644 (file)
--- a/xenophobe.cidr.wark
+++ b/xenophobe.cidr.wark
@@ -1,7 +1,17 @@
 5.101.40.10/32
 5.101.40.10/32

+5.188.203.113/32
+27.79.255.255/12
+31.20.77.44/32
+91.236.116.89/32

 103.56.156.0/22
 103.89.88.0/22
 103.56.156.0/22
 103.89.88.0/22

+103.99.0.0/22
+103.114.104.0/22

 118.70.128.0/20
 163.172.113.3/32
 118.70.128.0/20
 163.172.113.3/32

-171.224.0.0/16
+171.224.0.0/15
+193.105.134.0/24
+195.154.0.0/16
+203.76.109.100/32
+212.83.160.0/19

 212.129.0.0/18
 212.129.0.0/18