CMD=${1-start}
NET=192.168.249
TAP=tap0
+SET=TIMO
cd $(dirname $0)
RULE=( ! -o $TAP -j TEE --gateway $NET.2 --oif $TAP )
case "$CMD" in
start)
+ # start the blocking rule
+ if iptables-save | grep -qs "match-set $SET" ; then
+ : # all fine
+ else
+ if ipset list $SET >& /dev/null ; then
+ : # The set exists
+ else
+ ipset create $SET hash:net
+ fi
+ iptables -A FORWARD -p tcp --dport 53 -j ACCEPT
+ iptables -A FORWARD -p udp --dport 53 -j ACCEPT
+ iptables -A FORWARD -m set --match-set $SET src -j DROP
+ fi
+ # Start the traffic listener
if ifconfig $TAP >& /dev/null ; then
echo "Already started"
else
echo $TAP not up yet
done
ifconfig $TAP $NET.1 up
+ iptables -t mangle -A FORWARD -p tcp --dport 53 -j RETURN
+ iptables -t mangle -A FORWARD -p udp --dport 53 -j RETURN
iptables -t mangle -A FORWARD ${RULE[@]}
fi
;;
else
echo "Already stopped"
fi
+ ipset flush $SET
;;
*)
echo "Unknown: $CMD"