zapret/init.d/openwrt/firewall.user.tiera

TPPORT=1188
TPWS_USER=daemon

. /lib/functions/network.sh

network_find_wan wan_iface

for ext_iface in $wan_iface; do
    network_get_device DEVICE $ext_iface
    # DNAT for local traffic
    iptables -t nat -C OUTPUT -p tcp --dport 80 -o $DEVICE -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT ||
     iptables -t nat -I OUTPUT -p tcp --dport 80 -o $DEVICE -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT

done

network_get_device DEVICE lan
sysctl -w net.ipv4.conf.$DEVICE.route_localnet=1
iptables -t nat -C prerouting_lan_rule -p tcp --dport 80 -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT ||
 iptables -t nat -I prerouting_lan_rule -p tcp --dport 80 -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT
Tiera 2016-03-05 11:04:40 +03:00			`TPPORT=1188`
			`TPWS_USER=daemon`

			`. /lib/functions/network.sh`

			`network_find_wan wan_iface`

			`for ext_iface in $wan_iface; do`
			`network_get_device DEVICE $ext_iface`
			`# DNAT for local traffic`
			`iptables -t nat -C OUTPUT -p tcp --dport 80 -o $DEVICE -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT \|\|`
			`iptables -t nat -I OUTPUT -p tcp --dport 80 -o $DEVICE -m owner ! --uid-owner $TPWS_USER -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT`

			`done`

do not hardcode br-lan 2018-01-15 12:23:28 +03:00			`network_get_device DEVICE lan`
			`sysctl -w net.ipv4.conf.$DEVICE.route_localnet=1`
Tiera 2016-03-05 11:04:40 +03:00			`iptables -t nat -C prerouting_lan_rule -p tcp --dport 80 -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT \|\|`
			`iptables -t nat -I prerouting_lan_rule -p tcp --dport 80 -m set --match-set zapret dst -j DNAT --to 127.0.0.1:$TPPORT`