Applications
/
ublinux-init
10
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'v2.126'
${ noResults }
ublinux-init/ublinux/rc.preinit.d/36-ufw

59 lines
4.2 KiB
Raw Permalink Blame History

#!/usr/bin/env bash
#
# Author: Dmitry Razumov <asmeron@ublinux.com>
# Copyright (c) 2021-2025 UBLinux <support@ublinux.com>
#
# Initial script for Linux UBLinux
# This script are launching before starting init from initrd script
# Current dir allways must be set to root (/)
# All system path must be relative, except initrd dirs
ENABLED=no
[[ ${ENABLED} == "yes" ]] || exit 0
DEBUGMODE=no
PATH=.:/:/usr/bin:/usr/local/bin:/usr/local/sbin
[[ -d /usr/lib/ublinux ]] && { ROOTFS= ; CMD_CHROOT= ; } || { [[ -d /sysroot ]] && ROOTFS="/sysroot" || ROOTFS="."; CMD_CHROOT="chroot ${ROOTFS}"; }
SOURCE=${ROOTFS}/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0
SOURCE=${ROOTFS}/usr/lib/ublinux/default; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null || exit 0
debug_mode "$0" "$@"
SYSCONF="${ROOTFS}${SYSCONF}"
SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
SOURCE=${SYSCONF}/system; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
SOURCE=${SYSCONF}/network; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
#[ -z "$IPTABLESTRUSTEDIP" ] || sed -i s-192.168.1.0/24-$IPTABLESTRUSTEDIP- etc/exports
#[ -z "$IPTABLESTRUSTEDIP" ] && sed -i s_"^\[.*-A INPUT -s .* -j ACCEPT.*"_'#[0:0] -A INPUT -s $IPTABLESTRUSTEDIP -j ACCEPT'_ etc/ublinux/iptables
#[ -z "$IPTABLESTRUSTEDIP" ] || sed -i s_".*-A INPUT -s .* -j ACCEPT.*"_"[0:0] -A INPUT -s $IPTABLESTRUSTEDIP -j ACCEPT"_ etc/ublinux/iptables
#[ -z "$IPTABLESOPENPORTSTCP" ] && sed -i s_"^\[.*-A INPUT -p tcp -m multiport --dport.*-j ACCEPT.*"_'#[0:0] -A INPUT -p tcp -m multiport --dport $IPTABLESOPENPORTSTCP -j ACCEPT'_ etc/ublinux/iptables
#[ -z "$IPTABLESOPENPORTSTCP" ] || sed -i s_".*-A INPUT -p tcp -m multiport --dport.*-j ACCEPT.*"_"[0:0] -A INPUT -p tcp -m multiport --dport $IPTABLESOPENPORTSTCP -j ACCEPT"_ etc/ublinux/iptables
#[ -z "$IPTABLESOPENPORTSUDP" ] && sed -i s_"^\[.*-A INPUT -p udp -m multiport --dport.*-j ACCEPT.*"_'#[0:0] -A INPUT -p udp -m multiport --dport $IPTABLESOPENPORTSUDP -j ACCEPT'_ etc/ublinux/iptables
#[ -z "$IPTABLESOPENPORTSUDP" ] || sed -i s_".*-A INPUT -p udp -m multiport --dport.*-j ACCEPT.*"_"[0:0] -A INPUT -p udp -m multiport --dport $IPTABLESOPENPORTSUDP -j ACCEPT"_ etc/ublinux/iptables
#if [ -z "$TORUSERS" ] ;then
# sed -i s_"^\[.* -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner .* -j RETURN.*"_'#TOR#[0:0] -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner $TORUSERS -j RETURN'_ etc/ublinux/iptables
# sed -i s_"^\[.*-A OUTPUT -p udp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:5353.*"_'#TOR#[0:0] -A OUTPUT -p udp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:5353'_ etc/ublinux/iptables
# sed -i s_"^\[.*-A OUTPUT -p tcp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:9040.*"_'#TOR#[0:0] -A OUTPUT -p tcp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:9040'_ etc/ublinux/iptables
#else
# sed -i s_".*-A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner .* -j RETURN.*"_"[0:0] -A OUTPUT -d 192.168.1.0/16 -m owner --uid-owner $TORUSERS -j RETURN"_ etc/ublinux/iptables
# sed -i s_".*-A OUTPUT -p udp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:5353.*"_"[0:0] -A OUTPUT -p udp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:5353"_ etc/ublinux/iptables
# sed -i s_".*-A OUTPUT -p tcp -m owner --uid-owner .* -j DNAT --to-destination 127.0.0.1:9040.*"_"[0:0] -A OUTPUT -p tcp -m owner --uid-owner $TORUSERS -j DNAT --to-destination 127.0.0.1:9040"_ etc/ublinux/iptables
#fi
#if [ "$ROUTER" = "yes" ] ;then
# sed -i s/".* -A POSTROUTING -j MASQUERADE.*"/'[0:0] -A POSTROUTING -j MASQUERADE'/ etc/ublinux/iptables
# PFP=etc/sysctl.conf
# [ -f $PFP ] || PFP=etc/sysctl.d/ublinux.conf
# sed -i /net.ipv4.ip_forward/d $PFP
# echo "net.ipv4.ip_forward = 1" >>$PFP
# sed -i '/-A FORWARD -i eth0 -o eth0 -j DROP/d' etc/ublinux/iptables
#else
# sed -i s/"^\[.* -A POSTROUTING -j MASQUERADE.*"/'#ROUTER#[0:0] -A POSTROUTING -j MASQUERADE'/ etc/ublinux/iptables
#fi
# Сделать:
# Для ufw найти как добавить, что-бы в /etc/ufw/before.rules перед строчкой -A ufw-before-input -j ufw-not-local вставить:
# -A ufw-before-output -m owner --uid-owner tor -p tcp -j ACCEPT
#
Reference in new issue View Git Blame Copy Permalink