From 88b6064d6b15feb847fc182b06d565485f8eb696 Mon Sep 17 00:00:00 2001 From: Justin Wind Date: Sun, 1 Dec 2019 11:35:47 -0800 Subject: [PATCH] minor updates to scripts --- firewall.sh | 14 +++++++++++++- router.sh | 3 --- services.wark | 1 + shaper.sh | 8 ++++++-- xenophobe.cidr | 2 ++ xenophobe.cidr.wark | 12 +++++++++++- 6 files changed, 33 insertions(+), 7 deletions(-) diff --git a/firewall.sh b/firewall.sh index 8bf6160..c55762f 100755 --- a/firewall.sh +++ b/firewall.sh @@ -15,7 +15,7 @@ fi if [ $# -lt 1 ] then - echo "Usage: $(basename "$0") external_interface" 1>&2 + echo "Usage: $(basename "$0") external_interface [external_addr]" 1>&2 exit 64 fi @@ -26,6 +26,13 @@ then exit 1 fi +is_router=0 +if [ $# -gt 1 ] +then + is_router=1 + EXT_ADDR="$2" +fi + $IPTABLES -F $IPTABLES -F INPUT $IPTABLES -X @@ -76,6 +83,11 @@ $IP6TABLES -A INPUT -p esp -j ACCEPT $IPTABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT $IP6TABLES -A INPUT -m policy --dir in --pol ipsec -j ACCEPT +if [ $is_router -gt 0 ] +then + $IPTABLES -t nat -A POSTROUTING -o ${EXT_IF} -j SNAT --to ${EXT_ADDR} +fi + ./services.sh ${EXT_IF} create_drop_chain xenophobe diff --git a/router.sh b/router.sh index 7b2c5ad..c2c74c3 100755 --- a/router.sh +++ b/router.sh @@ -14,9 +14,6 @@ EXT6_IF=he6 INT6_IF=eth5 SUBNET6='2001:470:1f05:cb8::/64' -UPLINK=11232 #kbit -BURST=15 #k - # note that behavior between v4 and v6 is slightly different ### diff --git a/services.wark b/services.wark index 30f52c5..47a4fc0 100644 --- a/services.wark +++ b/services.wark @@ -1,4 +1,5 @@ https # only https +tinc openvpn 1194/udp # openvpn udp 6881-6999/tcp 6881-6999/udp 51333/tcp 51333/udp # bittorrent 22556/tcp # dogecoind diff --git a/shaper.sh b/shaper.sh index 5b55d3f..3b2c622 100755 --- a/shaper.sh +++ b/shaper.sh @@ -8,7 +8,11 @@ SHAPE_CHAIN='SHAPER-OUT' set -e -. ./common.sh +# . ./common.sh +IPTABLES=$(which iptables) +IP6TABLES=$(which ip6tables) +IPSET=$(which ipset) +TC=$(which tc) if [ $# -lt 1 ] then @@ -68,7 +72,7 @@ fi if ! $IP6TABLES -t mangle -L "${SHAPE_CHAIN}" >/dev/null 2>&1 then echo "initializing ipv6 chain '${SHAPE_CHAIN}'" - $iP6TABLES -t mangle -N "${SHAPE_CHAIN}" + $IP6TABLES -t mangle -N "${SHAPE_CHAIN}" fi # prioritize small and responsive things diff --git a/xenophobe.cidr b/xenophobe.cidr index 6b675cc..a28ce75 100644 --- a/xenophobe.cidr +++ b/xenophobe.cidr @@ -1,10 +1,12 @@ 5.101.40.0/24 +5.188.203.114/32 13.69.26.191/32 31.207.47.36/32 42.119.176.0/20 91.197.232.0/24 103.79.140.0/22 103.89.88.0/22 +103.114.104.0/22 103.207.36.0/22 195.162.95.35/32 212.83.141.117/32 diff --git a/xenophobe.cidr.wark b/xenophobe.cidr.wark index 6c84d9f..ffeb7be 100644 --- a/xenophobe.cidr.wark +++ b/xenophobe.cidr.wark @@ -1,7 +1,17 @@ 5.101.40.10/32 +5.188.203.113/32 +27.79.255.255/12 +31.20.77.44/32 +91.236.116.89/32 103.56.156.0/22 103.89.88.0/22 +103.99.0.0/22 +103.114.104.0/22 118.70.128.0/20 163.172.113.3/32 -171.224.0.0/16 +171.224.0.0/15 +193.105.134.0/24 +195.154.0.0/16 +203.76.109.100/32 +212.83.160.0/19 212.129.0.0/18 -- 2.45.2