Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- [ "$type" = "ip6tables" ] && exit
- [ "$table" != "mangle" ] && exit
- ipset_lists="bypass bypass2"
- SOURCE_IP="192.168.1.0/24,172.16.5.0/24"
- INTERFACE="br0"
- for bypass_desc in $ipset_lists; do
- if ! ipset --quiet list "$bypass_desc" >/dev/null 2>&1; then
- continue
- fi
- mark_id=$(curl -kfsS http://localhost:79/rci/show/ip/policy | jq -r ".[] | select(.description == \"$bypass_desc\") | .mark")
- if [ -z "$mark_id" ]; then
- continue
- fi
- if ! iptables-save | grep -qw "$bypass_desc"; then
- iptables -w -t mangle -A PREROUTING -s "$SOURCE_IP" -m conntrack --ctstate NEW -m set --match-set "$bypass_desc" dst -j CONNMARK --set-mark 0x$mark_id
- iptables -w -t mangle -A PREROUTING -s "$SOURCE_IP" -m set --match-set "$bypass_desc" dst -j CONNMARK --restore-mark
- for iface in $INTERFACE; do
- iptables -w -t mangle -A PREROUTING -i "$iface" -m conntrack --ctstate NEW -m set --match-set "$bypass_desc" dst -j CONNMARK --set-mark 0x$mark_id
- iptables -w -t mangle -A PREROUTING -i "$iface" -m set --match-set "$bypass_desc" dst -j CONNMARK --restore-mark
- done
- fi
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
