You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
3.7 KiB
51 lines
3.7 KiB
#!/bin/bash
|
|
#
|
|
# Initial script for UBLinux
|
|
# This script are launching before starting init from initrd script
|
|
# Current dir allways must be set to root (/)
|
|
# All system path must be relative, except initrd dirs
|
|
|
|
ENABLED=no
|
|
[[ ${ENABLED} == "yes" ]] || exit 0
|
|
|
|
PATH=.:/:/usr/bin:/usr/local/bin:/usr/local/sbin
|
|
DEBUGMODE=no
|
|
. usr/lib/ublinux/functions
|
|
. usr/lib/ublinux/default
|
|
debug_mode "$0" "$@"
|
|
|
|
echo $SYSCONF | grep -q ^/ && SYSCONF=.$SYSCONF
|
|
SOURCE=${SYSCONF}/config; [ -f "${SOURCE}" ] && . ${SOURCE} 2>/dev/null
|
|
|
|
#[ -z "$IPTABLESTRUSTEDIP" ] || sed -i s-192.168.1.0/24-$IPTABLESTRUSTEDIP- etc/exports
|
|
#[ -z "$IPTABLESTRUSTEDIP" ] && sed -i s_"^\[.*-A INPUT -s .* -j ACCEPT.*"_'#[0:0] -A INPUT -s $IPTABLESTRUSTEDIP -j ACCEPT'_ etc/ublinux/iptables
|
|
#[ -z "$IPTABLESTRUSTEDIP" ] || sed -i s_".*-A INPUT -s .* -j ACCEPT.*"_"[0:0] -A INPUT -s $IPTABLESTRUSTEDIP -j ACCEPT"_ etc/ublinux/iptables
|
|
#[ -z "$IPTABLESOPENPORTSTCP" ] && sed -i s_"^\[.*-A INPUT -p tcp -m multiport --dport.*-j ACCEPT.*"_'#[0:0] -A INPUT -p tcp -m multiport --dport $IPTABLESOPENPORTSTCP -j ACCEPT'_ etc/ublinux/iptables
|
|
#[ -z "$IPTABLESOPENPORTSTCP" ] || sed -i s_".*-A INPUT -p tcp -m multiport --dport.*-j ACCEPT.*"_"[0:0] -A INPUT -p tcp -m multiport --dport $IPTABLESOPENPORTSTCP -j ACCEPT"_ etc/ublinux/iptables
|
|
#[ -z "$IPTABLESOPENPORTSUDP" ] && sed -i s_"^\[.*-A INPUT -p udp -m multiport --dport.*-j ACCEPT.*"_'#[0:0] -A INPUT -p udp -m multiport --dport $IPTABLESOPENPORTSUDP -j ACCEPT'_ etc/ublinux/iptables
|
|
#[ -z "$IPTABLESOPENPORTSUDP" ] || sed -i s_".*-A INPUT -p udp -m multiport --dport.*-j ACCEPT.*"_"[0:0] -A INPUT -p udp -m multiport --dport $IPTABLESOPENPORTSUDP -j ACCEPT"_ etc/ublinux/iptables
|
|
#if [ -z "$TORUSERS" ] ;then
|
|
# sed -i s_"^\[.* -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner .* -j RETURN.*"_'#TOR#[0:0] -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner $TORUSERS -j RETURN'_ etc/ublinux/iptables
|
|
# sed -i s_"^\[.*-A OUTPUT -p udp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:5353.*"_'#TOR#[0:0] -A OUTPUT -p udp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:5353'_ etc/ublinux/iptables
|
|
# sed -i s_"^\[.*-A OUTPUT -p tcp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:9040.*"_'#TOR#[0:0] -A OUTPUT -p tcp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:9040'_ etc/ublinux/iptables
|
|
#else
|
|
# sed -i s_".*-A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner .* -j RETURN.*"_"[0:0] -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner $TORUSERS -j RETURN"_ etc/ublinux/iptables
|
|
# sed -i s_".*-A OUTPUT -p udp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:5353.*"_"[0:0] -A OUTPUT -p udp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:5353"_ etc/ublinux/iptables
|
|
# sed -i s_".*-A OUTPUT -p tcp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:9040.*"_"[0:0] -A OUTPUT -p tcp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:9040"_ etc/ublinux/iptables
|
|
#fi
|
|
#if [ "$ROUTER" = "yes" ] ;then
|
|
# sed -i s/".* -A POSTROUTING -j MASQUERADE.*"/'[0:0] -A POSTROUTING -j MASQUERADE'/ etc/ublinux/iptables
|
|
# PFP=etc/sysctl.conf
|
|
# [ -f $PFP ] || PFP=etc/sysctl.d/ublinux.conf
|
|
# sed -i /net.ipv4.ip_forward/d $PFP
|
|
# echo "net.ipv4.ip_forward = 1" >>$PFP
|
|
# sed -i '/-A FORWARD -i eth0 -o eth0 -j DROP/d' etc/ublinux/iptables
|
|
#else
|
|
# sed -i s/"^\[.* -A POSTROUTING -j MASQUERADE.*"/'#ROUTER#[0:0] -A POSTROUTING -j MASQUERADE'/ etc/ublinux/iptables
|
|
#fi
|
|
|
|
# Сделать:
|
|
# Для ufw найти как добавить, что-бы в /etc/ufw/before.rules перед строчкой -A ufw-before-input -j ufw-not-local вставить:
|
|
# -A ufw-before-output -m owner --uid-owner tor -p tcp -j ACCEPT
|
|
#
|