From 8e3c55b65d2acf7ed3ab2f9eeaffcc5b9d6d117f Mon Sep 17 00:00:00 2001 From: Ralph Ronnquist Date: Sun, 8 Aug 2021 23:12:12 +1000 Subject: [PATCH] software captore --- control-extra.dat | 1 + control-logic.lsp | 4 ++-- control.dat | 12 ++++++++++++ manager/controls.lsp | 4 ++-- run-manager.sh | 3 +++ setup.sh | 18 ++++++++++++++++++ 6 files changed, 38 insertions(+), 4 deletions(-) create mode 100644 control-extra.dat create mode 100644 control.dat create mode 100755 run-manager.sh diff --git a/control-extra.dat b/control-extra.dat new file mode 100644 index 0000000..87a85d6 --- /dev/null +++ b/control-extra.dat @@ -0,0 +1 @@ +0 10 diff --git a/control-logic.lsp b/control-logic.lsp index 79732c2..cd9a830 100644 --- a/control-logic.lsp +++ b/control-logic.lsp @@ -57,14 +57,14 @@ (flat (map log-lines (directory "activity" (log-name-fmt t))))) # Translate timestamp into its local time (hour minute), if it's -# within the applicable open time, null otherwise. +# within the applicable day, null otherwise. (define (period-minute x) (when x (letn ((d (date-list (+ (int x 0 10) (* 60 (now 0 -2))))) (tm (3 2 d)) (on (if (regex "^[0-9]+ ([0-9]+)$" x 0) (> (int $1 0 10) CLIP) 1)) ) - (and on (= (0 3 d) DAY) (>= tm START) (< tm END) tm)))) + (and on (= (0 3 d) DAY) tm)))) ; (>= tm START) (< tm END) tm)))) # Collect all mentioned minutes from the activity logs (setf TOTAL diff --git a/control.dat b/control.dat new file mode 100644 index 0000000..c872c0c --- /dev/null +++ b/control.dat @@ -0,0 +1,12 @@ +; Updated at Sun Aug 8 22:53:01 2021 +((control "ipset-control.lsp") + (gap 10) + (clip 1000) + (1 timed (5 30) (2 0) (20 0)) + (2 timed (7 30) (1 0) (20 0)) + (3 timed (7 30) (1 0) (20 0)) + (4 timed (7 30) (1 0) (20 0)) + (5 timed (7 30) (3 0) (22 0)) + (6 timed (7 30) (1 0) (20 0)) + (7 timed (7 30) (1 0) (20 0)) + ) diff --git a/manager/controls.lsp b/manager/controls.lsp index c717200..b4779ae 100644 --- a/manager/controls.lsp +++ b/manager/controls.lsp @@ -28,9 +28,9 @@ end-options '() limit-options '() ) -(dotimes (h 23) (dolist (m '(0 30)) +(dotimes (h 24) (dolist (m '(0 30)) (push (format "%02d:%02d" h m) start-options -1))) -(dotimes (h 23) (dolist (m '(0 30)) +(dotimes (h 24) (dolist (m '(0 30)) (push (format "%02d:%02d" h m) end-options -1))) (for (h 1 8) (dolist (m '(0 30)) (push (format "%02d:%02d" h m) limit-options -1))) diff --git a/run-manager.sh b/run-manager.sh new file mode 100755 index 0000000..f474356 --- /dev/null +++ b/run-manager.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +( nohup newlisp -http -d 1070 -w manager/www & ) diff --git a/setup.sh b/setup.sh index e4bcc64..96463bc 100755 --- a/setup.sh +++ b/setup.sh @@ -3,12 +3,27 @@ CMD=${1-start} NET=192.168.249 TAP=tap0 +SET=TIMO cd $(dirname $0) RULE=( ! -o $TAP -j TEE --gateway $NET.2 --oif $TAP ) case "$CMD" in start) + # start the blocking rule + if iptables-save | grep -qs "match-set $SET" ; then + : # all fine + else + if ipset list $SET >& /dev/null ; then + : # The set exists + else + ipset create $SET hash:net + fi + iptables -A FORWARD -p tcp --dport 53 -j ACCEPT + iptables -A FORWARD -p udp --dport 53 -j ACCEPT + iptables -A FORWARD -m set --match-set $SET src -j DROP + fi + # Start the traffic listener if ifconfig $TAP >& /dev/null ; then echo "Already started" else @@ -19,6 +34,8 @@ case "$CMD" in echo $TAP not up yet done ifconfig $TAP $NET.1 up + iptables -t mangle -A FORWARD -p tcp --dport 53 -j RETURN + iptables -t mangle -A FORWARD -p udp --dport 53 -j RETURN iptables -t mangle -A FORWARD ${RULE[@]} fi ;; @@ -29,6 +46,7 @@ case "$CMD" in else echo "Already stopped" fi + ipset flush $SET ;; *) echo "Unknown: $CMD" -- 2.39.2