status-im
/
miniupnp
mirror of https://github.com/status-im/miniupnp.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

miniupnpd: Add options for netfilter scripts

This commit is contained in:
yangfl 2018-02-23 23:37:18 +08:00
parent a4af4a66b2
commit 82ec7bc3df
14 changed files with 196 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
miniupnpd/Makefile.linux
View File

@ -186,6 +186,7 @@ clean:
install: miniupnpd miniupnpd.8 miniupnpd.conf genuuid \
netfilter/iptables_init.sh netfilter/iptables_removeall.sh \
netfilter/ip6tables_init.sh netfilter/ip6tables_removeall.sh \
netfilter/miniupnpd_functions.sh \
linux/miniupnpd.init.d.script
$(STRIP) miniupnpd
$(INSTALL) -d $(DESTDIR)$(SBININSTALLDIR)
@ -195,6 +196,7 @@ install: miniupnpd miniupnpd.8 miniupnpd.conf genuuid \
$(INSTALL) netfilter/iptables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) netfilter/ip6tables_init.sh $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) netfilter/ip6tables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) netfilter/miniupnpd_functions.sh $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) --mode=0644 -b miniupnpd.conf $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) -d $(DESTDIR)$(PREFIX)/etc/init.d
$(INSTALL) linux/miniupnpd.init.d.script $(DESTDIR)$(PREFIX)/etc/init.d/miniupnpd

4
miniupnpd/Makefile.linux_nft
View File

@ -20,7 +20,7 @@ CFLAGS = -O -g #-DDEBUG
CFLAGS ?= -Os
CFLAGS += -fno-strict-aliasing
CFLAGS += -fno-common
CPPFLAGS += -D_GNU_SOURCE
CPPFLAGS += -D_GNU_SOURCE
CFLAGS += -Wall
CFLAGS += -Wextra -Wstrict-prototypes -Wdeclaration-after-statement
#CFLAGS += -Wno-missing-field-initializers
@ -96,6 +96,7 @@ clean:
install: miniupnpd miniupnpd.8 miniupnpd.conf genuuid \
netfilter/iptables_init.sh netfilter/iptables_removeall.sh \
netfilter/ip6tables_init.sh netfilter/ip6tables_removeall.sh \
netfilter/miniupnpd_functions.sh \
linux/miniupnpd.init.d.script
$(STRIP) miniupnpd
$(INSTALL) -d $(DESTDIR)$(SBININSTALLDIR)
@ -105,6 +106,7 @@ install: miniupnpd miniupnpd.8 miniupnpd.conf genuuid \
$(INSTALL) netfilter/iptables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) netfilter/ip6tables_init.sh $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) netfilter/ip6tables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) netfilter/miniupnpd_functions.sh $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) --mode=0644 -b miniupnpd.conf $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) -d $(DESTDIR)$(PREFIX)/etc/init.d
$(INSTALL) linux/miniupnpd.init.d.script $(DESTDIR)$(PREFIX)/etc/init.d/miniupnpd

7
miniupnpd/netfilter/ip6tables_display.sh
View File

@ -1,8 +1,9 @@
#! /bin/sh
# $Id: ip6tables_display.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $
IPTABLES=/sbin/ip6tables
IPV6=1
. $(dirname "$0")/miniupnpd_functions.sh
#display all chains relative to miniupnpd
$IPTABLES -v -n -t filter -L FORWARD
$IPTABLES -v -n -t filter -L MINIUPNPD
$IPTABLES -v -n -t filter -L $CHAIN

7
miniupnpd/netfilter/ip6tables_flush.sh
View File

@ -1,7 +1,8 @@
#! /bin/sh
# $Id: ip6tables_flush.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $
IPTABLES=/sbin/ip6tables
IPV6=1
. $(dirname "$0")/miniupnpd_functions.sh
#flush all rules owned by miniupnpd
$IPTABLES -t filter -F MINIUPNPD
$IPTABLES -t filter -F $CHAIN

28
miniupnpd/netfilter/ip6tables_init.sh
View File

@ -1,12 +1,22 @@
#! /bin/sh
# $Id: ip6tables_init.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $
IPTABLES=/sbin/ip6tables
# $Id: ip6tables_init_and_clean.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $
# Improved Miniupnpd iptables init script.
# Checks for state of filter before doing anything..
#change this parameters :
EXTIF=eth0
#adding the MINIUPNPD chain for filter
$IPTABLES -t filter -N MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD
IPV6=1
EXT=1
. $(dirname "$0")/miniupnpd_functions.sh
if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
echo "Filter table dirty; Cleaning..."
elif [ "$FDIRTY" = "Chain" ]; then
echo "Dirty filter chain but no reference..? Fixing..."
$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
else
echo "Filter table clean..initalizing.."
$IPTABLES -t filter -N $CHAIN
$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
fi
if [ "$CLEAN" = "yes" ]; then
$IPTABLES -t filter -F $CHAIN
fi

22
miniupnpd/netfilter/ip6tables_init_and_clean.sh
View File

@ -1,22 +0,0 @@
#! /bin/sh
# $Id: ip6tables_init_and_clean.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $
# Improved Miniupnpd iptables init script.
# Checks for state of filter before doing anything..
EXTIF=eth0
IPTABLES=/sbin/ip6tables
FDIRTY="`LC_ALL=C /sbin/ip6tables -t filter -L -n | grep 'MINIUPNPD' | awk '{printf $1}'`"
if [[ $FDIRTY = "MINIUPNPDChain" ]]; then
echo "Filter table dirty; Cleaning..."
$IPTABLES -t filter -F MINIUPNPD
elif [[ $FDIRTY = "Chain" ]]; then
echo "Dirty filter chain but no reference..? Fixsted."
$IPTABLES -t filter -I FORWARD 4 -i $EXTIF ! -o $EXTIF -j MINIUPNPD
$IPTABLES -t filter -F MINIUPNPD
else
echo "Filter table clean..initalizing.."
$IPTABLES -t filter -N MINIUPNPD
$IPTABLES -t filter -I FORWARD 4 -i $EXTIF ! -o $EXTIF -j MINIUPNPD
fi

19
miniupnpd/netfilter/ip6tables_removeall.sh
View File

@ -1,13 +1,16 @@
#! /bin/sh
# $Id: ip6tables_removeall.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $
IPTABLES=/sbin/ip6tables
#change this parameters :
EXTIF=eth0
IPV6=1
EXT=1
. $(dirname "$0")/miniupnpd_functions.sh
#removing the MINIUPNPD chain for filter
$IPTABLES -t filter -F MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD
$IPTABLES -t filter -X MINIUPNPD
if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
$IPTABLES -t filter -F $CHAIN
$IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
$IPTABLES -t filter -X $CHAIN
elif [ "$FDIRTY" = "Chain" ]; then
$IPTABLES -t filter -F $CHAIN
$IPTABLES -t filter -X $CHAIN
fi

12
miniupnpd/netfilter/iptables_display.sh
View File

@ -1,14 +1,14 @@
#! /bin/sh
# $Id: iptables_display.sh,v 1.4 2011/05/16 12:11:37 nanard Exp $
IPTABLES=/sbin/iptables
. $(dirname "$0")/miniupnpd_functions.sh
#display all chains relative to miniupnpd
$IPTABLES -v -n -t nat -L PREROUTING
$IPTABLES -v -n -t nat -L MINIUPNPD
$IPTABLES -v -n -t nat -L $CHAIN
$IPTABLES -v -n -t nat -L POSTROUTING
$IPTABLES -v -n -t nat -L MINIUPNPD-POSTROUTING
$IPTABLES -v -n -t nat -L $CHAIN-POSTROUTING
$IPTABLES -v -n -t mangle -L PREROUTING
$IPTABLES -v -n -t mangle -L MINIUPNPD
$IPTABLES -v -n -t mangle -L $CHAIN
$IPTABLES -v -n -t filter -L FORWARD
$IPTABLES -v -n -t filter -L MINIUPNPD
$IPTABLES -v -n -t filter -L $CHAIN

14
miniupnpd/netfilter/iptables_display_miniupnpd.sh
View File

@ -1,10 +1,10 @@
#! /bin/sh
# $Id: iptables_display.sh,v 1.6 2016/02/09 09:37:44 nanard Exp $
IPTABLES=/sbin/iptables
# $Id: iptables_display_miniupnpd.sh,v 1.1 2016/02/12 15:23:29 nanard Exp $
. $(dirname "$0")/miniupnpd_functions.sh
#display miniupnpd chains
$IPTABLES -v -n -t nat -L MINIUPNPD
$IPTABLES -v -n -t nat -L MINIUPNPD-POSTROUTING
$IPTABLES -v -n -t mangle -L MINIUPNPD
$IPTABLES -v -n -t filter -L MINIUPNPD
$IPTABLES -v -n -t nat -L $CHAIN
$IPTABLES -v -n -t nat -L $CHAIN-POSTROUTING
$IPTABLES -v -n -t mangle -L $CHAIN
$IPTABLES -v -n -t filter -L $CHAIN

14
miniupnpd/netfilter/iptables_flush.sh
View File

@ -1,10 +1,10 @@
#! /bin/sh
# $Id: iptables_flush.sh,v 1.3 2011/05/16 12:11:37 nanard Exp $
IPTABLES=/sbin/iptables
# $Id: iptables_flush.sh,v 1.6 2017/04/21 11:16:09 nanard Exp $
. $(dirname "$0")/miniupnpd_functions.sh
#flush all rules owned by miniupnpd
$IPTABLES -t nat -F MINIUPNPD
$IPTABLES -t nat -F MINIUPNPD-POSTROUTING
$IPTABLES -t filter -F MINIUPNPD
$IPTABLES -t mangle -F MINIUPNPD
$IPTABLES -t nat -F $CHAIN
$IPTABLES -t nat -F $CHAIN-POSTROUTING
$IPTABLES -t filter -F $CHAIN
$IPTABLES -t mangle -F $CHAIN

60
miniupnpd/netfilter/iptables_init.sh
View File

@ -1,31 +1,37 @@
#! /bin/sh
# $Id: iptables_init.sh,v 1.5 2011/05/16 12:11:37 nanard Exp $
IPTABLES="`which iptables`" || exit 1
IPTABLES="$IPTABLES -w"
IP="`which ip`" || exit 1
# $Id: iptables_init_and_clean.sh,v 1.7 2017/04/21 11:16:09 nanard Exp $
# Improved Miniupnpd iptables init script.
# Checks for state of filter before doing anything..
#change this parameters :
#EXTIF=eth0
EXTIF="`LC_ALL=C $IP -4 route | grep 'default' | sed -e 's/.*dev[[:space:]]*//' -e 's/[[:space:]].*//'`" || exit 1
EXTIP="`LC_ALL=C $IP -4 addr show $EXTIF | awk '/inet/ { print $2 }' | cut -d "/" -f 1`"
EXT=1
. $(dirname "$0")/miniupnpd_functions.sh
echo "External IP = $EXTIP"
if [ "$NDIRTY" = "${CHAIN}Chain" ]; then
echo "Nat table dirty; Cleaning..."
elif [ "$NDIRTY" = "Chain" ]; then
echo "Dirty NAT chain but no reference..? Fixing..."
#$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN
$IPTABLES -t nat -A PREROUTING -i $EXTIF -j $CHAIN
else
echo "NAT table clean..initalizing.."
$IPTABLES -t nat -N $CHAIN
#$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN
$IPTABLES -t nat -A PREROUTING -i $EXTIF -j $CHAIN
fi
if [ "$CLEAN" = "yes" ]; then
$IPTABLES -t nat -F $CHAIN
fi
#adding the MINIUPNPD chain for nat
$IPTABLES -t nat -N MINIUPNPD
#adding the rule to MINIUPNPD
#$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD
$IPTABLES -t nat -A PREROUTING -i $EXTIF -j MINIUPNPD
#adding the MINIUPNPD chain for mangle
$IPTABLES -t mangle -N MINIUPNPD
$IPTABLES -t mangle -A PREROUTING -i $EXTIF -j MINIUPNPD
#adding the MINIUPNPD chain for filter
$IPTABLES -t filter -N MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD
#adding the MINIUPNPD chain for nat
$IPTABLES -t nat -N MINIUPNPD-POSTROUTING
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MINIUPNPD-POSTROUTING
if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
echo "Filter table dirty; Cleaning..."
elif [ "$FDIRTY" = "Chain" ]; then
echo "Dirty filter chain but no reference..? Fixing..."
$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
else
echo "Filter table clean..initalizing.."
$IPTABLES -t filter -N MINIUPNPD
$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
fi
if [ "$CLEAN" = "yes" ]; then
$IPTABLES -t filter -F $CHAIN
fi

42
miniupnpd/netfilter/iptables_init_and_clean.sh
View File

@ -1,42 +0,0 @@
#! /bin/sh
# $Id: iptables_init_and_clean.sh,v 1.1 2011/05/13 09:58:47 nanard Exp $
# Improved Miniupnpd iptables init script.
# Checks for state of filter before doing anything..
IPTABLES="`which iptables`" || exit 1
IPTABLES="$IPTABLES -w"
IP="`which ip`" || exit 1
#EXTIF=eth0
EXTIF="`LC_ALL=C $IP -4 route | grep 'default' | sed -e 's/.*dev[[:space:]]*//' -e 's/[[:space:]].*//'`" || exit 1
EXTIP="`LC_ALL=C $IP -4 addr show $EXTIF | awk '/inet/ { print $2 }' | cut -d "/" -f 1`"
NDIRTY="`LC_ALL=C $IPTABLES -t nat -L -n | awk '/MINIUPNPD/ {printf $1}'`"
FDIRTY="`LC_ALL=C $IPTABLES -t filter -L -n | awk '/MINIUPNPD/ {printf $1}'`"
echo "External IP = $EXTIP"
if [[ $NDIRTY = "MINIUPNPDChain" ]]; then
echo "Nat table dirty; Cleaning..."
$IPTABLES -t nat -F MINIUPNPD
elif [[ $NDIRTY = "Chain" ]]; then
echo "Dirty NAT chain but no reference..? Fixsted."
$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD
$IPTABLES -t nat -F MINIUPNPD
else
echo "NAT table clean..initalizing.."
$IPTABLES -t nat -N MINIUPNPD
$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD
fi
if [[ $FDIRTY = "MINIUPNPDChain" ]]; then
echo "Filter table dirty; Cleaning..."
$IPTABLES -t filter -F MINIUPNPD
elif [[ $FDIRTY = "Chain" ]]; then
echo "Dirty filter chain but no reference..? Fixsted."
$IPTABLES -t filter -I FORWARD 4 -i $EXTIF ! -o $EXTIF -j MINIUPNPD
$IPTABLES -t filter -F MINIUPNPD
else
echo "Filter table clean..initalizing.."
$IPTABLES -t filter -N MINIUPNPD
$IPTABLES -t filter -I FORWARD 4 -i $EXTIF ! -o $EXTIF -j MINIUPNPD
fi

60
miniupnpd/netfilter/iptables_removeall.sh
View File

@ -1,34 +1,46 @@
#! /bin/sh
# $Id: iptables_removeall.sh,v 1.5 2011/05/16 12:11:37 nanard Exp $
IPTABLES="`which iptables`" || exit 1
IPTABLES="$IPTABLES -w"
IP="`which ip`" || exit 1
# $Id: iptables_removeall.sh,v 1.10 2017/04/21 11:16:09 nanard Exp $
#change this parameters :
#EXTIF=eth0
EXTIF="`LC_ALL=C $IP -4 route | grep 'default' | sed -e 's/.*dev[[:space:]]*//' -e 's/[[:space:]].*//'`" || exit 1
EXTIP="`LC_ALL=C $IP -4 addr show $EXTIF | awk '/inet/ { print $2 }' | cut -d "/" -f 1`"
EXT=1
. $(dirname "$0")/miniupnpd_functions.sh
#removing the MINIUPNPD chain for nat
$IPTABLES -t nat -F MINIUPNPD
#rmeoving the rule to MINIUPNPD
#$IPTABLES -t nat -D PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD
$IPTABLES -t nat -D PREROUTING -i $EXTIF -j MINIUPNPD
$IPTABLES -t nat -X MINIUPNPD
if [ "$NDIRTY" = "${CHAIN}Chain" ]; then
$IPTABLES -t nat -F $CHAIN
#$IPTABLES -t nat -D PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN
$IPTABLES -t nat -D PREROUTING -i $EXTIF -j $CHAIN
$IPTABLES -t nat -X $CHAIN
elif [ "$NDIRTY" = "Chain" ]; then
$IPTABLES -t nat -F $CHAIN
$IPTABLES -t nat -X $CHAIN
fi
#removing the MINIUPNPD chain for mangle
$IPTABLES -t mangle -F MINIUPNPD
$IPTABLES -t mangle -D PREROUTING -i $EXTIF -j MINIUPNPD
$IPTABLES -t mangle -X MINIUPNPD
if [ "$MDIRTY" = "${CHAIN}Chain" ]; then
$IPTABLES -t mangle -F $CHAIN
$IPTABLES -t mangle -D FORWARD -i $EXTIF -j $CHAIN
$IPTABLES -t mangle -X $CHAIN
elif [ "$MDIRTY" = "Chain" ]; then
$IPTABLES -t mangle -F $CHAIN
$IPTABLES -t mangle -X $CHAIN
fi
#removing the MINIUPNPD chain for filter
$IPTABLES -t filter -F MINIUPNPD
#adding the rule to MINIUPNPD
$IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD
$IPTABLES -t filter -X MINIUPNPD
if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
$IPTABLES -t filter -F $CHAIN
$IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
$IPTABLES -t filter -X $CHAIN
elif [ "$FDIRTY" = "Chain" ]; then
$IPTABLES -t filter -F $CHAIN
$IPTABLES -t filter -X $CHAIN
fi
#removing the MINIUPNPD-POSTROUTING chain for nat
$IPTABLES -t nat -F MINIUPNPD-POSTROUTING
#removing the rule to MINIUPNPD-POSTROUTING
$IPTABLES -t nat -D POSTROUTING -o $EXTIF -j MINIUPNPD-POSTROUTING
$IPTABLES -t nat -X MINIUPNPD-POSTROUTING
if [ "$NPDIRTY" = "${CHAIN}-POSTROUTINGChain" ]; then
$IPTABLES -t nat -F $CHAIN-POSTROUTING
$IPTABLES -t nat -D POSTROUTING -o $EXTIF -j $CHAIN-POSTROUTING
$IPTABLES -t nat -X $CHAIN-POSTROUTING
elif [ "$NPDIRTY" = "Chain" ]; then
$IPTABLES -t nat -F $CHAIN-POSTROUTING
$IPTABLES -t nat -X $CHAIN-POSTROUTING
fi

64
miniupnpd/netfilter/miniupnpd_functions.sh Executable file
View File

@ -0,0 +1,64 @@
#! /bin/sh
# $Id: miniupnpd_functions.sh,v 1.1 2018/02/24 12:15:19 nanard Exp $
IP=$(which ip) || {
echo "Can't find ip" >&2
exit 1
}
if [ -z "$IPV6" ]; then
IPTABLES=$(which iptables) || {
echo "Can't find iptables" >&2
exit 1
}
IP="$IP -4"
else
IPTABLES=$(which ip6tables) || {
echo "Can't find ip6tables" >&2
exit 1
}
IP="$IP -6"
fi
CHAIN=MINIUPNPD
CLEAN=
while getopts ":c:i:f" opt; do
case $opt in
c)
CHAIN=$OPTARG
;;
i)
EXTIF=$OPTARG
;;
f)
CLEAN=yes
;;
\?)
echo "Invalid option: -$OPTARG" >&2
exit 1
;;
:)
echo "Option -$OPTARG requires an argument." >&2
exit 1
;;
esac
done
if [ -n "$EXT" ]; then
if [ -z "$EXTIF" ]; then
EXTIF=$(LC_ALL=C $IP route | grep 'default' | sed -e 's/.*dev[[:space:]]*//' -e 's/[[:space:]].*//') || {
echo "Can't find default interface" >&2
exit 1
}
fi
#if [ -z "$IPV6" ]; then
# EXTIP=$(LC_ALL=C $IP addr show $EXTIF | awk '/inet/ { print $2 }' | cut -d "/" -f 1)
#fi
fi
FDIRTY=$(LC_ALL=C $IPTABLES -t filter -L -n | awk "/$CHAIN/ {printf \$1}")
if [ -z "$IPV6" ]; then
NDIRTY=$(LC_ALL=C $IPTABLES -t nat -L -n | awk "/$CHAIN/ {printf \$1}")
MDIRTY=$(LC_ALL=C $IPTABLES -t mangle -L -n | awk "/$CHAIN/ {printf \$1}")
NPDIRTY=$(LC_ALL=C $IPTABLES -t nat -L -n | awk "/$CHAIN-POSTROUTING/ {printf \$1}")
fi