Mirror/youtubeUnblock
1
0
Fork 0
mirror of https://github.com/Waujito/youtubeUnblock.git synced 2026-01-27 12:40:36 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
3e676f9e25d6027242a31e305c89dc1b073d81e8
youtubeUnblock/youtubeUnblockEntware/files/S51youtubeUnblock
Vadim Vetrov add9a58af1 Update firewall rules 
Support for all UDP ports
2024-12-20 00:33:27 +03:00

208 lines
5.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# Pass your args here
ARGS=""
ENABLED=yes
PROCS=youtubeUnblock
PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
IPV6=1
ACTION=$1
CALLER=$2
# . /opt/etc/nfqws/nfqws.conf
ansi_red="\033[1;31m";
ansi_white="\033[1;37m";
ansi_green="\033[1;32m";
ansi_yellow="\033[1;33m";
ansi_blue="\033[1;34m";
ansi_bell="\007";
ansi_blink="\033[5m";
ansi_std="\033[m";
ansi_rev="\033[7m";
ansi_ul="\033[4m";
is_running() {
PID_RUNNING=$(pgrep -nx "$PROCS" 2>/dev/null)
if [ -z "$PID_RUNNING" ]; then
return 1
fi
return 0
}
start() {
if [ "$CALLER" = "cron" -a "$ENABLED" != yes ]; then
return 8
fi
if is_running; then
echo -e "$ansi_white $PROCS is already running $ansi_std" >&2
return 1
fi
kernel_modules_load
if [ $IPV6 -eq 0 ]; then
ARGS="$ARGS --no-ipv6"
fi
$PROCS $ARGS >/dev/null 2>&1 &
firewall_start_v4
firewall_start_v6
system_config
echo -e "$ansi_white Started $PROCS $ansi_std"
}
stop() {
echo -e "$ansi_white Shutting down $PROCS $ansi_std"
firewall_stop_v4
firewall_stop_v6
killall $PROCS 2> /dev/null
}
_iptables()
{
ARG="$@"
CMD=$1 # iptables or ip6tables
ACTION=$2 # -I, -A, -D
shift; shift;
RULE="$@"
$CMD -C $RULE 2>/dev/null
exists=$(( ! $? ))
if [ "$ACTION" = "-A" -o "$ACTION" = "-I" ]
then
if [ $exists -eq 0 ]; then
$ARG || exit 1
fi
else # -D
if [ $exists -ne 0 ]; then
$ARG
fi
fi
}
firewall_start_v4() {
iptables -t mangle -N YOUTUBEUNBLOCK >/dev/null 2>&1
_iptables iptables -A YOUTUBEUNBLOCK -t mangle -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
_iptables iptables -A YOUTUBEUNBLOCK -t mangle -p udp -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:8 -j NFQUEUE --queue-num 537 --queue-bypass
_iptables iptables -A POSTROUTING -t mangle -j YOUTUBEUNBLOCK
_iptables iptables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT
}
firewall_stop_v4() {
_iptables iptables -D YOUTUBEUNBLOCK -t mangle -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
_iptables iptables -D YOUTUBEUNBLOCK -t mangle -p udp -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:8 -j NFQUEUE --queue-num 537 --queue-bypass
_iptables iptables -D POSTROUTING -t mangle -j YOUTUBEUNBLOCK
_iptables iptables -D OUTPUT -m mark --mark 32768/32768 -j ACCEPT
iptables -t mangle -X YOUTUBEUNBLOCK >/dev/null 2>&1
}
firewall_start_v6() {
if [ $IPV6 -eq 0 ]; then
return 0
fi
ip6tables -t mangle -N YOUTUBEUNBLOCK >/dev/null 2>&1
_iptables ip6tables -A YOUTUBEUNBLOCK -t mangle -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
_iptables ip6tables -A YOUTUBEUNBLOCK -t mangle -p udp -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:8 -j NFQUEUE --queue-num 537 --queue-bypass
_iptables ip6tables -A POSTROUTING -t mangle -j YOUTUBEUNBLOCK
_iptables ip6tables -I OUTPUT -m mark --mark 32768/32768 -j ACCEPT
}
firewall_stop_v6() {
if [ $IPV6 -eq 0 ]; then
return 0
fi
_iptables ip6tables -D YOUTUBEUNBLOCK -t mangle -p tcp --dport 443 -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:19 -j NFQUEUE --queue-num 537 --queue-bypass
_iptables ip6tables -D YOUTUBEUNBLOCK -t mangle -p udp -m connbytes --connbytes-dir original --connbytes-mode packets --connbytes 0:8 -j NFQUEUE --queue-num 537 --queue-bypass
_iptables ip6tables -D POSTROUTING -t mangle -j YOUTUBEUNBLOCK
_iptables ip6tables -D OUTPUT -m mark --mark 32768/32768 -j ACCEPT
ip6tables -t mangle -X YOUTUBEUNBLOCK >/dev/null 2>&1
}
kernel_modules_load() {
KERNEL=$(uname -r)
connbytes_mod_path=$(find /lib/modules/$(uname -r) -name "xt_connbytes.ko*")
if [ ! -z "$connbytes_mod_path" ]; then
insmod "$connbytes_mod_path" >/dev/null 2>&1 && echo "xt_connbytes.ko loaded"
fi
nfqueue_mod_path=$(find /lib/modules/$(uname -r) -name "xt_NFQUEUE.ko*")
if [ ! -z "$nfqueue_mod_path" ]; then
insmod "$nfqueue_mod_path" >/dev/null 2>&1 && echo "xt_NFQUEUE.ko loaded"
fi
(modprobe xt_connbytes --first-time >/dev/null 2>&1 && echo "xt_connbytes loaded") || true
(modprobe xt_NFQUEUE --first-time >/dev/null 2>&1 && echo "xt_NFQUEUE loaded") || true
}
system_config() {
sysctl -w net.netfilter.nf_conntrack_checksum=0 >/dev/null 2>&1
sysctl -w net.netfilter.nf_conntrack_tcp_be_liberal=1 >/dev/null 2>&1
}
status() {
if is_running; then
echo "running"
else
echo "stopped"
fi
}
case $ACTION in
start)
start
;;
stop)
stop
;;
status)
status
;;
restart)
stop
start
;;
firewall-load)
firewall_start_v4
firewall_start_v6
;;
firewall-stop)
firewall_stop_v4
firewall_stop_v6
;;
firewall_stop_v4)
firewall_stop_v4
;;
firewall_start_v4)
firewall_start_v4
;;
firewall_stop_v6)
firewall_stop_v6
;;
firewall_start_v6)
firewall_start_v6
;;
init-system)
kernel_modules_load
system_config
;;
*)
echo "Usage: $0 {start|stop|restart|status|firewall-load|firewall-stop|init-system}"
esac
Reference in New Issue View Git Blame Copy Permalink