From: Jo-Philipp Wich Date: Sat, 6 Jun 2009 08:58:44 +0000 (+0000) Subject: luci-0.8: splash: add counter rules, implement temporary bans X-Git-Tag: 0.8.8~29 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c2c366ab61bccdf7ee0b2894876eb28b8a8d02d1;p=oweals%2Fluci.git luci-0.8: splash: add counter rules, implement temporary bans --- diff --git a/applications/luci-splash/root/etc/init.d/luci_splash b/applications/luci-splash/root/etc/init.d/luci_splash index b6eaf325a..d16eaba9c 100755 --- a/applications/luci-splash/root/etc/init.d/luci_splash +++ b/applications/luci-splash/root/etc/init.d/luci_splash @@ -35,14 +35,24 @@ blacklist_add() { local cfg="$1" config_get mac "$cfg" mac - [ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP + [ -n "$mac" ] && { + iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN + iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP + } } whitelist_add() { local cfg="$1" config_get mac "$cfg" mac - [ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j RETURN + config_get ban "$cfg" kicked + + ban=${ban:+DROP} + + [ -n "$mac" ] && { + iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN + iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j "${ban:-RETURN}" + } } boot() { @@ -57,10 +67,11 @@ start() { config_load luci_splash ### Create subchains + iptables -N luci_splash_counter iptables -t nat -N luci_splash_portal iptables -t nat -N luci_splash_leases iptables -t nat -N luci_splash_prerouting - + ### Build the main and portal rule config_foreach blacklist_add blacklist config_foreach whitelist_add whitelist @@ -68,6 +79,8 @@ start() { config_foreach iface_add iface ### Build the portal rule + iptables -I INPUT -j luci_splash_counter + iptables -I FORWARD -j luci_splash_counter iptables -t nat -A luci_splash_portal -p udp --dport 33434:33523 -j RETURN iptables -t nat -A luci_splash_portal -p icmp -j RETURN iptables -t nat -A luci_splash_portal -p udp --dport 53 -j RETURN @@ -91,16 +104,20 @@ stop() { ### Clear interface rules config_load luci_splash config_foreach iface_del iface + iptables -D INPUT -j luci_splash_counter + iptables -D FORWARD -j luci_splash_counter ### Clear subchains iptables -t nat -F luci_splash_leases iptables -t nat -F luci_splash_portal iptables -t nat -F luci_splash_prerouting + iptables -F luci_splash_counter ### Delete subchains iptables -t nat -X luci_splash_leases iptables -t nat -X luci_splash_portal iptables -t nat -X luci_splash_prerouting + iptables -X luci_splash_counter ### Stop the splash httpd start-stop-daemon -K -p /var/run/luci-splashd.pid -s KILL -q