mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2025-12-10 07:44:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

urlfilter: update regex

Browse source 
* update regex handling
* simplify iptables rules to setup nfq into single rule
* update makefile to not compile urlfilter as a kernel module
This commit is contained in:
Rahul Thakur 2024-08-06 15:13:09 +05:30
parent 7e56b7eca4
commit 29979d3559
2 changed files with 26 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
urlfilter/Makefile
View file

@ -3,16 +3,15 @@
#
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=urlfilter
PKG_VERSION:=1.1.15
PKG_VERSION:=2.0.0
LOCAL_DEV:=0
ifneq ($(LOCAL_DEV),1)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://dev.iopsys.eu/network/urlfilter.git
PKG_SOURCE_VERSION:=b68c9bb94c24a7394997522e982e37d85e172e0c
PKG_SOURCE_VERSION:=08044747036259db23d6581fcbaa51750516749e
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MIRROR_HASH:=skip
endif

66
urlfilter/files/etc/init.d/urlfilter
View file

@ -1,6 +1,6 @@
#!/bin/sh /etc/rc.common
START=21
START=95
STOP=10
USE_PROCD=1
@ -13,16 +13,11 @@ configure_firewall()
if [ "$?" -ne 0 ]; then
# setup netfilter queue 0, use queue bypass so that if no application is
# listening to this queue then traffic is unaffected.
iptables -w -I FORWARD 1 -p tcp --dport 80 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I FORWARD 2 -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I FORWARD 3 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I FORWARD 4 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I FORWARD 5 -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I FORWARD 6 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I INPUT 1 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I INPUT 2 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I INPUT 3 -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I INPUT 4 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I INPUT 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I INPUT 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
# disable acceleration for https packet so that they can be read by urlfilter
ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
@ -32,16 +27,11 @@ configure_firewall()
ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
if [ "$?" -ne 0 ]; then
#ip6table rules
ip6tables -w -I FORWARD 1 -p tcp --dport 80 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I FORWARD 2 -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I FORWARD 3 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I FORWARD 4 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I FORWARD 5 -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I FORWARD 6 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I INPUT 1 -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I INPUT 2 -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I INPUT 3 -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I INPUT 4 -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I INPUT 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I INPUT 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
# disable acceleration for https packet so that they can be read by urlfilter
ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
@ -54,9 +44,9 @@ configure_firewall()
start_service() {
if [ "$(uci -q get urlfilter.globals.enable)" == "1" ]; then
configure_firewall
procd_open_instance urlfilter
procd_set_param command ${PROG}
configure_firewall
procd_set_param respawn
procd_close_instance
@ -72,16 +62,12 @@ start_service() {
stop_service() {
iptables -w -nL FORWARD|grep -iqE "NFQUEUE"
if [ "$?" -eq 0 ]; then
iptables -w -D FORWARD -p tcp --dport 80 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D FORWARD -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D FORWARD -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D FORWARD -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D INPUT -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D INPUT -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D INPUT -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D INPUT -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D INPUT -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D INPUT -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
ebtables --concurrent -D FORWARD -p ip --ip-protocol 17 --ip-source-port 53 -j SKIPLOG 2> /dev/null
@ -89,16 +75,12 @@ stop_service() {
ip6tables -w -nL FORWARD|grep -iqE "NFQUEUE"
if [ "$?" -eq 0 ]; then
#ip6table rules
ip6tables -w -D FORWARD -p tcp --dport 80 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D FORWARD -p tcp --dport 443 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D FORWARD -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D FORWARD -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D FORWARD -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D FORWARD -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D INPUT -p udp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D INPUT -p udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D INPUT -p tcp --dport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D INPUT -p tcp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D INPUT -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D INPUT -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 17 --ip6-source-port 53 -j SKIPLOG 2> /dev/null