mirror of
https://github.com/openwrt/packages.git
synced 2025-12-21 17:04:32 +04:00
790753f6a6
This update includes the following changes:
1. Makefile
* update copyright
* attempt to implement the proper variants to avoid luci-app dependency on both variants
* quietly stop service on uninstall
2. Config-file
* add the list of dnsmasq instances to target in supported dnsmasq modes
* for default pbr variant, set the `resolver_set` to `dnsmasq.nftset`
* for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset`
* add the `nft_file_support` (disabled by default)
* introduce `procd_boot_delay` to delay service start on boot
* introduce the following nft set creation options:
* nft_set_auto_merge
* nft_set_counter
* nft_set_flags_interval
* nft_set_flags_timeout
* nft_set_gc_interval
* nft_set_policy
* nft_set_timeout
* add the pbr.user.wg_server_and_client custom user script to allow running wg server and
client at the same time
* add the "Ignore Local Requests" sample policy
3. Hotplug firewall/interface scripts
* better logged messages
4. The pbr and pbr-iptables uci defaults script
* use functions from the init script
* improve vpn-policy-routing migration
5. The pbr-netifd uci defaults script
* use functions from the init script
* improve uci operations
6. Introduce the firewall.include file
7. Improve pbr.user.aws custom user script
8. Improve pbr.user.netflix custom user script
9. Introduce pbr.user.wg_server_and_client custom user script
10. Update the init file:
* refactor some code to allow the init script file to be sourced by the uci defaults scripts
and the luci rpcd script for shared functions
* add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include
file for faster operations on service reload
* improve Tor support (nft mode only)
* implement support for nft set options
* update validation functions for new options/parameters
Signed-off-by: Stan Grishin <stangri@melmac.ca>
63 lines
1.9 KiB
Bash
63 lines
1.9 KiB
Bash
#!/bin/sh
|
|
# shellcheck disable=SC3037,SC3043
|
|
|
|
readonly pbrFunctionsFile='/etc/init.d/pbr'
|
|
if [ -s "$pbrFunctionsFile" ]; then
|
|
# shellcheck source=../../etc/init.d/pbr
|
|
. "$pbrFunctionsFile"
|
|
else
|
|
printf "%b: pbr init.d file (%s) not found! \n" '\033[0;31mERROR\033[0m' "$pbrFunctionsFile"
|
|
fi
|
|
|
|
# shellcheck disable=SC2317
|
|
pbr_iface_setup() {
|
|
local iface="${1}"
|
|
local proto
|
|
config_get proto "${iface}" proto
|
|
case "${iface}" in
|
|
(lan|loopback) return 0 ;;
|
|
esac
|
|
case "${proto}" in
|
|
(gre*|nebula|relay|vti*|vxlan|xfrm) return 0 ;;
|
|
(none)
|
|
uci_add network route "${iface}_rt"
|
|
uci_set network "${iface}_rt" interface "${iface}"
|
|
uci_set network "${iface}_rt" target '0.0.0.0/0'
|
|
uci_add route6 network "${iface}_rt6"
|
|
uci_set network "${iface}_rt6" interface "${iface}"
|
|
uci_set network "${iface}_rt6" target '::/0'
|
|
;;
|
|
esac
|
|
echo -en "Setting up ${packageName} routing tables for ${iface}... "
|
|
uci_set 'network' "${iface}" 'ip4table' "${packageName}_${iface%6}"
|
|
uci_set 'network' "${iface}" 'ip6table' "${packageName}_${iface%6}"
|
|
if ! grep -q -E -e "^[0-9]+\s+${packageName}_${iface%6}$" /etc/iproute2/rt_tables; then
|
|
sed -i -e "\$a $(($(sort -r -n /etc/iproute2/rt_tables | grep -o -E -m 1 "^[0-9]+")+1))\t${packageName}_${iface%6}" \
|
|
/etc/iproute2/rt_tables
|
|
fi
|
|
echo -e "${__OK__}"
|
|
}
|
|
|
|
config_load network
|
|
config_foreach pbr_iface_setup interface
|
|
network_flush_cache
|
|
network_find_wan iface
|
|
network_find_wan6 iface6
|
|
# shellcheck disable=SC2154
|
|
[ -n "$iface" ] && uci -q batch << EOF
|
|
set network.default='rule'
|
|
set network.default.lookup='${packageName}_${iface%6}'
|
|
set network.default.priority='80000'
|
|
EOF
|
|
[ -n "$iface6" ] && uci -q batch << EOF
|
|
set network.default6='rule6'
|
|
set network.default6.lookup='${packageName}_${iface6%6}'
|
|
set network.default6.priority='80000'
|
|
EOF
|
|
uci_commit network
|
|
echo -en "Restarting network... "
|
|
/etc/init.d/network restart
|
|
echo -e "${__OK__}"
|
|
|
|
exit 0
|