46 lines
1.4 KiB
Bash
46 lines
1.4 KiB
Bash
#!/bin/sh /etc/rc.common
|
|
|
|
START=99
|
|
|
|
log() {
|
|
logger -t "Domain Filter " "$@"
|
|
}
|
|
|
|
start()
|
|
{
|
|
ff=$(uci -q get firewall.filter)
|
|
if [ -z $ff ]; then
|
|
uci set firewall.filter="ipset"
|
|
uci set firewall.filter.name="filter"
|
|
uci set firewall.filter.family="ipv4"
|
|
uci set firewall.filter.storage="hash"
|
|
uci set firewall.filter.match="ip"
|
|
uci set firewall.filter6="ipset"
|
|
uci set firewall.filter6.name="filter6"
|
|
uci set firewall.filter6.family="ipv6"
|
|
uci set firewall.filter6.storage="hash"
|
|
uci set firewall.filter6.match="ip"
|
|
|
|
# Filter LAN client traffic with IP sets
|
|
uci set firewall.filter_fwd="rule"
|
|
uci set firewall.filter_fwd.name="Filter-IPset-DNS-Forward"
|
|
uci set firewall.filter_fwd.src="lan"
|
|
uci set firewall.filter_fwd.dest="wan"
|
|
uci set firewall.filter_fwd.ipset="filter dest"
|
|
uci set firewall.filter_fwd.family="ipv4"
|
|
uci set firewall.filter_fwd.proto="all"
|
|
uci set firewall.filter_fwd.target="REJECT"
|
|
uci set firewall.filter6_fwd="rule"
|
|
uci set firewall.filter6_fwd.name="Filter6-IPset-DNS-Forward"
|
|
uci set firewall.filter6_fwd.src="lan"
|
|
uci set firewall.filter6_fwd.dest="wan"
|
|
uci set firewall.filter6_fwd.ipset="filter6 dest"
|
|
uci set firewall.filter6_fwd.family="ipv6"
|
|
uci set firewall.filter6_fwd.proto="all"
|
|
uci set firewall.filter6_fwd.target="REJECT"
|
|
|
|
uci commit firewall
|
|
/etc/init.d/firewall restart
|
|
fi
|
|
/usr/lib/domain/filter.sh
|
|
} |