gandc/zapret2
Template
1
0
Fork 0
mirror of https://github.com/bol-van/zapret2.git synced 2026-03-14 06:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

init.d: optimize ipt dports

Browse Source
This commit is contained in:
bol-van
2026-02-10 12:34:47 +03:00
parent 6204c74993
commit 48e4d3a6e7
1 changed files with 22 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
common/ipt.sh
View File

@@ -247,30 +247,29 @@ ipt_do_nfqws_in_out()
# $1 - 1 - add, 0 - del # $1 - 1 - add, 0 - del
# $2 - tcp,udp # $2 - tcp,udp
# $3 - ports # $3 - ports
# $4 - PKT_OUT. special value : 'keepalive' # $4 - PKT. special value : 'keepalive'
# $5 - PKT_IN # $5 - 1 - out, 0 - in
local f4 f6 first_packets_only ipset # $6 - ipset base name
local f f4 f6 first_packets_only ipset
[ -n "$3" ] || return [ -n "$3" ] || return
ipset=${IPSET_PORTS_NAME}_$2 ipset="${6}_$2"
[ "$4" = keepalive ] && ipset="${ipset}_k" [ "$4" = keepalive ] && ipset="${ipset}_k"
[ "$1" = 1 ] && { [ "$1" = 1 ] && ipt_port_ipset $ipset "$3"
ipt_port_ipset $ipset "$3" || return
}
[ -n "$4" -a "$4" != 0 ] && [ -n "$4" -a "$4" != 0 ] &&
{ {
first_packets_only="$(ipt_first_packets $4)" first_packets_only="$(ipt_first_packets $4)"
f4="-p $2 -m set --match-set $ipset dst $first_packets_only" f4="-p $2 -m set --match-set $ipset"
if [ "$5" = 1 ]; then
f4="$f4 dst"
f=fw_nfqws_post
else
f4="$f4 src"
f=fw_reverse_nfqws_rule
fi
f4="$f4 $first_packets_only"
f6=$f4 f6=$f4
filter_apply_ipset_target f4 f6 filter_apply_ipset_target f4 f6
fw_nfqws_post $1 "$f4" "$f6" $QNUM $f $1 "$f4" "$f6" $QNUM
}
[ -n "$5" -a "$5" != 0 ] &&
{
first_packets_only="$(ipt_first_packets $5)"
f4="-p $2 -m set --match-set $ipset dst $first_packets_only"
f6=$f4
filter_apply_ipset_target f4 f6
fw_reverse_nfqws_rule $1 "$f4" "$f6" $QNUM
} }
[ "$1" = 1 ] || ipset -q destroy $ipset [ "$1" = 1 ] || ipset -q destroy $ipset
} }
@@ -280,10 +279,12 @@ zapret_do_firewall_standard_nfqws_rules_ipt()
# $1 - 1 - add, 0 - del # $1 - 1 - add, 0 - del
[ "$NFQWS2_ENABLE" = 1 ] && { [ "$NFQWS2_ENABLE" = 1 ] && {
ipt_do_nfqws_in_out $1 tcp "$NFQWS2_PORTS_TCP" "$NFQWS2_TCP_PKT_OUT" "$NFQWS2_TCP_PKT_IN" ipt_do_nfqws_in_out $1 tcp "$NFQWS2_PORTS_TCP" "$NFQWS2_TCP_PKT_OUT" 1 $IPSET_PORTS_NAME
ipt_do_nfqws_in_out $1 tcp "$NFQWS2_PORTS_TCP_KEEPALIVE" keepalive "$NFQWS2_TCP_PKT_IN" ipt_do_nfqws_in_out $1 tcp "$NFQWS2_PORTS_TCP" "$NFQWS2_TCP_PKT_IN" 0 $IPSET_PORTS_NAME
ipt_do_nfqws_in_out $1 udp "$NFQWS2_PORTS_UDP" "$NFQWS2_UDP_PKT_OUT" "$NFQWS2_UDP_PKT_IN" ipt_do_nfqws_in_out $1 tcp "$NFQWS2_PORTS_TCP_KEEPALIVE" keepalive 1 $IPSET_PORTS_NAME
ipt_do_nfqws_in_out $1 udp "$NFQWS2_PORTS_UDP_KEEPALIVE" keepalive "$NFQWS2_UDP_PKT_IN" ipt_do_nfqws_in_out $1 udp "$NFQWS2_PORTS_UDP" "$NFQWS2_UDP_PKT_OUT" 1 $IPSET_PORTS_NAME
ipt_do_nfqws_in_out $1 udp "$NFQWS2_PORTS_UDP" "$NFQWS2_UDP_PKT_IN" 0 $IPSET_PORTS_NAME
ipt_do_nfqws_in_out $1 udp "$NFQWS2_PORTS_UDP_KEEPALIVE" keepalive 1 $IPSET_PORTS_NAME
} }
} }
zapret_do_firewall_standard_rules_ipt() zapret_do_firewall_standard_rules_ipt()