3 # This is a control script to start and stop the network activity
8 grep -E "\\s*[^;#]$1]\\s*=" $CONF | sed 's/.*=\s*(.*)/\1/;s/\s*$//'
11 NET="$(getcfg listener.ip)"
12 TAP="$(getcfg listener.tap)"
13 SET="$(getcfg ipset.table)"
17 RULE=( ! -o $TAP -j TEE --gateway $NET.2 --oif $TAP )
20 # start the blocking rule
21 if iptables-save | grep -qs "match-set $SET" ; then
24 if ipset list $SET >& /dev/null ; then
27 ipset create $SET hash:net
29 iptables -A FORWARD -p tcp --dport 53 -j ACCEPT
30 iptables -A FORWARD -p udp --dport 53 -j ACCEPT
31 iptables -A FORWARD -m set --match-set $SET src -j DROP
33 # Start the traffic listener
34 if ifconfig $TAP >& /dev/null ; then
35 echo "Already started"
37 date >> /tmp/hourglass-listener.log
38 newlisp listener.lsp >> /tmp/hourglass-listener.log 2>&1 &
40 ifconfig $TAP >& /dev/null && break
43 ifconfig $TAP $NET.1 up
44 iptables -t mangle -A FORWARD -p tcp --dport 53 -j RETURN
45 iptables -t mangle -A FORWARD -p udp --dport 53 -j RETURN
46 iptables -t mangle -A FORWARD ${RULE[@]}
50 iptables -t mangle -F FORWARD
51 if ifconfig $TAP >& /dev/null ; then
52 pkill -2 -f listener.lsp
54 echo "Already stopped"