3 # This is a control script to start and stop the network activity
13 RULE=( ! -o $TAP -j TEE --gateway $NET.2 --oif $TAP )
16 # start the blocking rule
17 if iptables-save | grep -qs "match-set $SET" ; then
20 if ipset list $SET >& /dev/null ; then
23 ipset create $SET hash:net
25 iptables -A FORWARD -p tcp --dport 53 -j ACCEPT
26 iptables -A FORWARD -p udp --dport 53 -j ACCEPT
27 iptables -A FORWARD -m set --match-set $SET src -j DROP
29 # Start the traffic listener
30 if ifconfig $TAP >& /dev/null ; then
31 echo "Already started"
33 date >> /tmp/hourglass-listener.log
34 newlisp listener.lsp >> /tmp/hourglass-listener.log 2>&1 &
36 ifconfig $TAP >& /dev/null && break
39 ifconfig $TAP $NET.1 up
40 iptables -t mangle -A FORWARD -p tcp --dport 53 -j RETURN
41 iptables -t mangle -A FORWARD -p udp --dport 53 -j RETURN
42 iptables -t mangle -A FORWARD ${RULE[@]}
46 iptables -t mangle -F FORWARD
47 if ifconfig $TAP >& /dev/null ; then
48 pkill -2 -f listener.lsp
50 echo "Already stopped"