From 3f8825e66811b881838e5ea3a2ff6917660488e4 Mon Sep 17 00:00:00 2001 From: bol-van Date: Tue, 15 Nov 2022 15:26:13 +0300 Subject: [PATCH] add separate IFACE_WAN6 handling for sysv and macos targets --- common/pf.sh | 4 ++-- config | 4 +++- docs/readme.eng.md | 7 +++++-- docs/readme.txt | 6 +++++- init.d/sysv/functions | 10 +++++----- 5 files changed, 20 insertions(+), 11 deletions(-) diff --git a/common/pf.sh b/common/pf.sh index d0c119e..5b021f9 100644 --- a/common/pf.sh +++ b/common/pf.sh @@ -172,8 +172,8 @@ pf_anchor_zapret_v6_tpws() echo "rdr on lo0 inet6 proto tcp from !::1 to any port $port -> fe80::1 port $1" for t in $tbl; do rule="route-to (lo0 fe80::1) inet6 proto tcp from !::1 to $t port $port user { >root }" - if [ -n "$IFACE_WAN" ] ; then - for wan in $IFACE_WAN; do + if [ -n "${IFACE_WAN6:-$IFACE_WAN}" ] ; then + for wan in ${IFACE_WAN6:-$IFACE_WAN}; do echo "pass out on $wan $rule" done else diff --git a/config b/config index 230d81c..1eb3dd1 100644 --- a/config +++ b/config @@ -66,11 +66,13 @@ FLOWOFFLOAD=donttouch #OPENWRT_LAN="lan lan2 lan3" # for routers based on desktop linux and macos. has no effect in openwrt. -# CHOOSE LAN and optinally WAN NETWORK INTERFACES +# CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES # or leave them commented if its not router # it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2" +# if IFACE_WAN6 is not defined it take the value of IFACE_WAN #IFACE_LAN=eth0 #IFACE_WAN=eth1 +#IFACE_WAN6="ipsec0 wireguard0 he_net" # should start/stop command of init scripts apply firewall rules ? # not applicable to openwrt with firewall3+iptables diff --git a/docs/readme.eng.md b/docs/readme.eng.md index e118e8b..4883683 100644 --- a/docs/readme.eng.md +++ b/docs/readme.eng.md @@ -846,9 +846,12 @@ The following settings are not relevant for openwrt : If your system works as a router, then you need to enter the names of the internal and external interfaces: ``` -IFACE_LAN = eth0 -IFACE_WAN = eth1 +IFACE_LAN=eth0 +IFACE_WAN=eth1 +IFACE_WAN6="henet ipsec0" ``` +Multiple interfaces are space separated. IF IFACE_WAN6 is omitted then IFACE_WAN value is taken. + IMPORTANT: configuring routing, masquerade, etc. not a zapret task. Only modes that intercept transit traffic are enabled. It's possible to specify multiple interfaces like this : `IFACE_LAN="eth0 eth1 eth2"` diff --git a/docs/readme.txt b/docs/readme.txt index dc1424f..7244af5 100644 --- a/docs/readme.txt +++ b/docs/readme.txt @@ -1032,9 +1032,13 @@ OPENWRT_LAN="lan lan2 lan3" Следующие настройки не актуальны для openwrt : -Если ваша система работает как роутер, то нужно вписать названия внутреннего и внешнего интерфейсов : +Если ваша система работает как роутер, то нужно вписать названия внутренних и внешних интерфейсов : IFACE_LAN=eth0 IFACE_WAN=eth1 +IFACE_WAN6="henet ipsec0" +Несколько интерфейсов могут быть вписаны через пробел. +Если IFACE_WAN6 не задан, то берется значение IFACE_WAN. + ВАЖНО : настройка маршрутизации , маскарада и т.д. не входит в задачу zapret. Включаются только режимы, обеспечивающие перехват транзитного трафика. Возможно определить несколько интерфейсов следующим образом : IFACE_LAN="eth0 eth1 eth2" diff --git a/init.d/sysv/functions b/init.d/sysv/functions index 726668c..e509c9f 100644 --- a/init.d/sysv/functions +++ b/init.d/sysv/functions @@ -111,7 +111,7 @@ fw_nfqws_post4() } fw_nfqws_post6() { - _fw_nfqws_post6 $1 "$2" $3 "$IFACE_WAN" + _fw_nfqws_post6 $1 "$2" $3 "${IFACE_WAN6:-$IFACE_WAN}" } fw_tpws4() { @@ -119,7 +119,7 @@ fw_tpws4() } fw_tpws6() { - _fw_tpws6 $1 "$2" $3 "$IFACE_LAN" "$IFACE_WAN" + _fw_tpws6 $1 "$2" $3 "$IFACE_LAN" "${IFACE_WAN6:-$IFACE_WAN}" } nft_fw_tpws4() { @@ -127,7 +127,7 @@ nft_fw_tpws4() } nft_fw_tpws6() { - _nft_fw_tpws6 "$1" $2 "$IFACE_LAN" "$IFACE_WAN" + _nft_fw_tpws6 "$1" $2 "$IFACE_LAN" "${IFACE_WAN6:-$IFACE_WAN}" } nft_fw_nfqws_post4() { @@ -135,11 +135,11 @@ nft_fw_nfqws_post4() } nft_fw_nfqws_post6() { - _nft_fw_nfqws_post6 "$1" $2 "$IFACE_WAN" + _nft_fw_nfqws_post6 "$1" $2 "${IFACE_WAN6:-$IFACE_WAN}" } nft_fill_ifsets_overload() { - nft_fill_ifsets "$IFACE_LAN" "$IFACE_WAN" "$IFACE_WAN" + nft_fill_ifsets "$IFACE_LAN" "$IFACE_WAN" "${IFACE_WAN6:-$IFACE_WAN}" }