Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

luci-0.8: splash: add counter rules, implement temporary bans

Browse source
This commit is contained in:
Jo-Philipp Wich 2009-06-06 08:58:44 +00:00
parent 2322d876af
commit c2c366ab61
1 changed files with 20 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
applications/luci-splash/root/etc/init.d/luci_splash
View file

@ -35,14 +35,24 @@ blacklist_add() {
local cfg="$1" local cfg="$1"
config_get mac "$cfg" mac config_get mac "$cfg" mac
[ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP [ -n "$mac" ] && {
iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN
iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP
}
} }
whitelist_add() { whitelist_add() {
local cfg="$1" local cfg="$1"
config_get mac "$cfg" mac config_get mac "$cfg" mac
[ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j RETURN config_get ban "$cfg" kicked
ban=${ban:+DROP}
[ -n "$mac" ] && {
iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN
iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j "${ban:-RETURN}"
}
} }
boot() { boot() {
@ -57,10 +67,11 @@ start() {
config_load luci_splash config_load luci_splash
### Create subchains ### Create subchains
iptables -N luci_splash_counter
iptables -t nat -N luci_splash_portal iptables -t nat -N luci_splash_portal
iptables -t nat -N luci_splash_leases iptables -t nat -N luci_splash_leases
iptables -t nat -N luci_splash_prerouting iptables -t nat -N luci_splash_prerouting
### Build the main and portal rule ### Build the main and portal rule
config_foreach blacklist_add blacklist config_foreach blacklist_add blacklist
config_foreach whitelist_add whitelist config_foreach whitelist_add whitelist
@ -68,6 +79,8 @@ start() {
config_foreach iface_add iface config_foreach iface_add iface
### Build the portal rule ### Build the portal rule
iptables -I INPUT -j luci_splash_counter
iptables -I FORWARD -j luci_splash_counter
iptables -t nat -A luci_splash_portal -p udp --dport 33434:33523 -j RETURN iptables -t nat -A luci_splash_portal -p udp --dport 33434:33523 -j RETURN
iptables -t nat -A luci_splash_portal -p icmp -j RETURN iptables -t nat -A luci_splash_portal -p icmp -j RETURN
iptables -t nat -A luci_splash_portal -p udp --dport 53 -j RETURN iptables -t nat -A luci_splash_portal -p udp --dport 53 -j RETURN
@ -91,16 +104,20 @@ stop() {
### Clear interface rules ### Clear interface rules
config_load luci_splash config_load luci_splash
config_foreach iface_del iface config_foreach iface_del iface
iptables -D INPUT -j luci_splash_counter
iptables -D FORWARD -j luci_splash_counter
### Clear subchains ### Clear subchains
iptables -t nat -F luci_splash_leases iptables -t nat -F luci_splash_leases
iptables -t nat -F luci_splash_portal iptables -t nat -F luci_splash_portal
iptables -t nat -F luci_splash_prerouting iptables -t nat -F luci_splash_prerouting
iptables -F luci_splash_counter
### Delete subchains ### Delete subchains
iptables -t nat -X luci_splash_leases iptables -t nat -X luci_splash_leases
iptables -t nat -X luci_splash_portal iptables -t nat -X luci_splash_portal
iptables -t nat -X luci_splash_prerouting iptables -t nat -X luci_splash_prerouting
iptables -X luci_splash_counter
### Stop the splash httpd ### Stop the splash httpd
start-stop-daemon -K -p /var/run/luci-splashd.pid -s KILL -q start-stop-daemon -K -p /var/run/luci-splashd.pid -s KILL -q