From b56be286c90501a412f8ff07a8686a1cde0e2a69 Mon Sep 17 00:00:00 2001 From: bol-van Date: Tue, 2 Dec 2025 10:50:12 +0300 Subject: [PATCH] init.d: 40-webserver custom script --- docs/changes.txt | 1 + init.d/custom.d.examples.linux/40-webserver | 39 +++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 init.d/custom.d.examples.linux/40-webserver diff --git a/docs/changes.txt b/docs/changes.txt index ab9cde9..5e94629 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -37,3 +37,4 @@ v0.2 v0.3 * init.d launch scripts +* init.d: 40-webserver custom script diff --git a/init.d/custom.d.examples.linux/40-webserver b/init.d/custom.d.examples.linux/40-webserver new file mode 100644 index 0000000..2ac2203 --- /dev/null +++ b/init.d/custom.d.examples.linux/40-webserver @@ -0,0 +1,39 @@ +# this custom script runs nfqws2 in server mode for typical webserver + +WEBSERVER_DEFAULT_STRATEGY=" +--server +--payload http_reply,tls_server_hello --lua-desync=fake:blob=0x00000000000000000000000000000000:badsum:repeats=2 --lua-desync=multisplit +--payload empty --lua-desync=synack_split" + +# can override in config : +NFQWS_OPT_DESYNC_WEBSERVER="${NFQWS_OPT_DESYNC_WEBSERVER:-$WEBSERVER_DEFAULT_STRATEGY}" +WEBSERVER_PORTS="${WEBSERVER_PORTS:-80,443}" +WEBSERVER_PKT_OUT="${WEBSERVER_PKT_OUT:-15}" + +alloc_dnum DNUM_WEBSERVER +alloc_qnum QNUM_WEBSERVER + +zapret_custom_daemons() +{ + # $1 - 1 - add, 0 - stop + + local opt="--qnum=$QNUM_WEBSERVER $NFQWS_OPT_DESYNC_WEBSERVER" + do_nfqws $1 $DNUM_WEBSERVER "$opt" +} +zapret_custom_firewall() +{ + # $1 - 1 - run, 0 - stop + + local PORTS=$(replace_char - : $WEBSERVER_PORTS) + local first_packets=$(ipt_first_packets $WEBSERVER_PKT_OUT) + local f="-p tcp -m multiport --sports $PORTS $first_packets" + fw_nfqws_post $1 "$f" "$f" $QNUM_WEBSERVER +} +zapret_custom_firewall_nft() +{ + # stop logic is not required + + local first_packets=$(nft_first_packets $WEBSERVER_PKT_OUT) + local f="tcp sport {$WEBSERVER_PORTS} $first_packets" + nft_fw_nfqws_post "$f" "$f" $QNUM_WEBSERVER +}