mirror of
https://github.com/bol-van/zapret.git
synced 2024-11-14 10:48:32 +05:00
add separate IFACE_WAN6 handling for sysv and macos targets
This commit is contained in:
parent
9f303c2748
commit
3f8825e668
@ -172,8 +172,8 @@ pf_anchor_zapret_v6_tpws()
|
|||||||
echo "rdr on lo0 inet6 proto tcp from !::1 to any port $port -> fe80::1 port $1"
|
echo "rdr on lo0 inet6 proto tcp from !::1 to any port $port -> fe80::1 port $1"
|
||||||
for t in $tbl; do
|
for t in $tbl; do
|
||||||
rule="route-to (lo0 fe80::1) inet6 proto tcp from !::1 to $t port $port user { >root }"
|
rule="route-to (lo0 fe80::1) inet6 proto tcp from !::1 to $t port $port user { >root }"
|
||||||
if [ -n "$IFACE_WAN" ] ; then
|
if [ -n "${IFACE_WAN6:-$IFACE_WAN}" ] ; then
|
||||||
for wan in $IFACE_WAN; do
|
for wan in ${IFACE_WAN6:-$IFACE_WAN}; do
|
||||||
echo "pass out on $wan $rule"
|
echo "pass out on $wan $rule"
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
|
4
config
4
config
@ -66,11 +66,13 @@ FLOWOFFLOAD=donttouch
|
|||||||
#OPENWRT_LAN="lan lan2 lan3"
|
#OPENWRT_LAN="lan lan2 lan3"
|
||||||
|
|
||||||
# for routers based on desktop linux and macos. has no effect in openwrt.
|
# for routers based on desktop linux and macos. has no effect in openwrt.
|
||||||
# CHOOSE LAN and optinally WAN NETWORK INTERFACES
|
# CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES
|
||||||
# or leave them commented if its not router
|
# or leave them commented if its not router
|
||||||
# it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2"
|
# it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2"
|
||||||
|
# if IFACE_WAN6 is not defined it take the value of IFACE_WAN
|
||||||
#IFACE_LAN=eth0
|
#IFACE_LAN=eth0
|
||||||
#IFACE_WAN=eth1
|
#IFACE_WAN=eth1
|
||||||
|
#IFACE_WAN6="ipsec0 wireguard0 he_net"
|
||||||
|
|
||||||
# should start/stop command of init scripts apply firewall rules ?
|
# should start/stop command of init scripts apply firewall rules ?
|
||||||
# not applicable to openwrt with firewall3+iptables
|
# not applicable to openwrt with firewall3+iptables
|
||||||
|
@ -846,9 +846,12 @@ The following settings are not relevant for openwrt :
|
|||||||
|
|
||||||
If your system works as a router, then you need to enter the names of the internal and external interfaces:
|
If your system works as a router, then you need to enter the names of the internal and external interfaces:
|
||||||
```
|
```
|
||||||
IFACE_LAN = eth0
|
IFACE_LAN=eth0
|
||||||
IFACE_WAN = eth1
|
IFACE_WAN=eth1
|
||||||
|
IFACE_WAN6="henet ipsec0"
|
||||||
```
|
```
|
||||||
|
Multiple interfaces are space separated. IF IFACE_WAN6 is omitted then IFACE_WAN value is taken.
|
||||||
|
|
||||||
IMPORTANT: configuring routing, masquerade, etc. not a zapret task.
|
IMPORTANT: configuring routing, masquerade, etc. not a zapret task.
|
||||||
Only modes that intercept transit traffic are enabled.
|
Only modes that intercept transit traffic are enabled.
|
||||||
It's possible to specify multiple interfaces like this : `IFACE_LAN="eth0 eth1 eth2"`
|
It's possible to specify multiple interfaces like this : `IFACE_LAN="eth0 eth1 eth2"`
|
||||||
|
@ -1032,9 +1032,13 @@ OPENWRT_LAN="lan lan2 lan3"
|
|||||||
|
|
||||||
Следующие настройки не актуальны для openwrt :
|
Следующие настройки не актуальны для openwrt :
|
||||||
|
|
||||||
Если ваша система работает как роутер, то нужно вписать названия внутреннего и внешнего интерфейсов :
|
Если ваша система работает как роутер, то нужно вписать названия внутренних и внешних интерфейсов :
|
||||||
IFACE_LAN=eth0
|
IFACE_LAN=eth0
|
||||||
IFACE_WAN=eth1
|
IFACE_WAN=eth1
|
||||||
|
IFACE_WAN6="henet ipsec0"
|
||||||
|
Несколько интерфейсов могут быть вписаны через пробел.
|
||||||
|
Если IFACE_WAN6 не задан, то берется значение IFACE_WAN.
|
||||||
|
|
||||||
ВАЖНО : настройка маршрутизации , маскарада и т.д. не входит в задачу zapret.
|
ВАЖНО : настройка маршрутизации , маскарада и т.д. не входит в задачу zapret.
|
||||||
Включаются только режимы, обеспечивающие перехват транзитного трафика.
|
Включаются только режимы, обеспечивающие перехват транзитного трафика.
|
||||||
Возможно определить несколько интерфейсов следующим образом : IFACE_LAN="eth0 eth1 eth2"
|
Возможно определить несколько интерфейсов следующим образом : IFACE_LAN="eth0 eth1 eth2"
|
||||||
|
@ -111,7 +111,7 @@ fw_nfqws_post4()
|
|||||||
}
|
}
|
||||||
fw_nfqws_post6()
|
fw_nfqws_post6()
|
||||||
{
|
{
|
||||||
_fw_nfqws_post6 $1 "$2" $3 "$IFACE_WAN"
|
_fw_nfqws_post6 $1 "$2" $3 "${IFACE_WAN6:-$IFACE_WAN}"
|
||||||
}
|
}
|
||||||
fw_tpws4()
|
fw_tpws4()
|
||||||
{
|
{
|
||||||
@ -119,7 +119,7 @@ fw_tpws4()
|
|||||||
}
|
}
|
||||||
fw_tpws6()
|
fw_tpws6()
|
||||||
{
|
{
|
||||||
_fw_tpws6 $1 "$2" $3 "$IFACE_LAN" "$IFACE_WAN"
|
_fw_tpws6 $1 "$2" $3 "$IFACE_LAN" "${IFACE_WAN6:-$IFACE_WAN}"
|
||||||
}
|
}
|
||||||
nft_fw_tpws4()
|
nft_fw_tpws4()
|
||||||
{
|
{
|
||||||
@ -127,7 +127,7 @@ nft_fw_tpws4()
|
|||||||
}
|
}
|
||||||
nft_fw_tpws6()
|
nft_fw_tpws6()
|
||||||
{
|
{
|
||||||
_nft_fw_tpws6 "$1" $2 "$IFACE_LAN" "$IFACE_WAN"
|
_nft_fw_tpws6 "$1" $2 "$IFACE_LAN" "${IFACE_WAN6:-$IFACE_WAN}"
|
||||||
}
|
}
|
||||||
nft_fw_nfqws_post4()
|
nft_fw_nfqws_post4()
|
||||||
{
|
{
|
||||||
@ -135,11 +135,11 @@ nft_fw_nfqws_post4()
|
|||||||
}
|
}
|
||||||
nft_fw_nfqws_post6()
|
nft_fw_nfqws_post6()
|
||||||
{
|
{
|
||||||
_nft_fw_nfqws_post6 "$1" $2 "$IFACE_WAN"
|
_nft_fw_nfqws_post6 "$1" $2 "${IFACE_WAN6:-$IFACE_WAN}"
|
||||||
}
|
}
|
||||||
nft_fill_ifsets_overload()
|
nft_fill_ifsets_overload()
|
||||||
{
|
{
|
||||||
nft_fill_ifsets "$IFACE_LAN" "$IFACE_WAN" "$IFACE_WAN"
|
nft_fill_ifsets "$IFACE_LAN" "$IFACE_WAN" "${IFACE_WAN6:-$IFACE_WAN}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user