-#!/bin/bash
+#!/bin/sh
#
-# This is a control script for nfblocker.
-#
-
-if [ -z "$1" ] ; then
- echo "start or stop?"
- exit 1
-fi
+# Control script for manual use of nfblocker.
-cd $(dirname $(readlink $0))
+do_start() {
+ iptables -I OUTPUT -p tcp -j NFQUEUE --queue-num 99
+ nfblocker /etc/nfblocker/blocked/*.acl &
+}
-function start_nfblocker() {
- LOG=/var/log/nfblocker.$(date +%Y%m%d)
- BLOCKED=( ../acl/*.acl )
- echo "BLOCKING ${BLOCKED[@]}" >> $LOG
- ./nfblocker ../blocked/*.acl >> $LOG 2>&1 &
+do_stop() {
+ iptables -D OUTPUT -p tcp -j NFQUEUE --queue-num 99
+ pkill nfblocker
}
-TABLE=OUTPUT
-case $1 in
- start)
- iptables -I $TABLE -p tcp -j NFQUEUE --queue-num 99
- pkill -x nfblocker
- start_nfblocker
- ;;
- reload)
- pkill -x nfblocker
- start_nfblocker
- ;;
- stop)
- iptables -D $TABLE -p tcp -j NFQUEUE --queue-num 99
- pkill -x nfblocker
- ;;
- *)
- echo "Use start, stop or reload" >&2
- ;;
+case "$1" in
+ start) do_start ;;
+ reload) do_stop ; do_start ;;
+ stop) do_stop ;;
+ *) echo "Use start, stop or reload" >&2 ;;
esac
projects / rrq / nfblocker.git / commitdiff