10 RULE=( ! -o $TAP -j TEE --gateway $NET.2 --oif $TAP )
13 # start the blocking rule
14 if iptables-save | grep -qs "match-set $SET" ; then
17 if ipset list $SET >& /dev/null ; then
20 ipset create $SET hash:net
22 iptables -A FORWARD -p tcp --dport 53 -j ACCEPT
23 iptables -A FORWARD -p udp --dport 53 -j ACCEPT
24 iptables -A FORWARD -m set --match-set $SET src -j DROP
26 # Start the traffic listener
27 if ifconfig $TAP >& /dev/null ; then
28 echo "Already started"
30 date >> /tmp/hourglass-listener.log
31 newlisp listener.lsp >> /tmp/hourglass-listener.log 2>&1 &
33 ifconfig $TAP >& /dev/null && break
36 ifconfig $TAP $NET.1 up
37 iptables -t mangle -A FORWARD -p tcp --dport 53 -j RETURN
38 iptables -t mangle -A FORWARD -p udp --dport 53 -j RETURN
39 iptables -t mangle -A FORWARD ${RULE[@]}
43 iptables -t mangle -F FORWARD
44 if ifconfig $TAP >& /dev/null ; then
45 pkill -2 -f listener.lsp
47 echo "Already stopped"