LILiK
/
openwrt-packages-dist

#!/bin/sh /etc/rc.common
START=90USE_PROCD=1
TID="200"; FW_MARK="0x010000"; IPSET="vpnbypass"; 
output() {	[ -z "$verbosity" ] && config_get verbosity  'config' 'verbosity' '2'	[ -n "$2" -a $((verbosity)) -ne $(($2)) ] && return 0;	[ -t 1 ] && echo -e -n "$1"	[ $(echo -e -n "$1" | wc -l) -gt 0 ] && logger -t "vpnbypass[$$]" "$(echo -e -n ${logmsg}${1})" && logmsg='' || logmsg=${logmsg}${1}}
vpnbypass_enabled() {    config_get_bool enabled 'config' 'enabled' 0    [ $((enabled)) -gt 0 ] && return 0 || { output "VPNBypass is not enabled in the config file!\nTo enable, run 'uci set vpnbypass.config.enabled=1; uci commit vpnbypass'\n"; return 1; }}
boot() { ubus -t 30 wait_for network.interface && rc_procd start_service || output 'ERROR: Failed to settle network interface!\n'; }
start_service() {	local ll    config_load vpnbypass    vpnbypass_enabled || return 1	[ -d /etc/openvpn ] || return 1    config_get lports   'config' 'localport'    config_get rports   'config' 'remoteport'    config_get routes   'config' 'remotesubnet'    config_get ranges   'config' 'localsubnet'    config_get domains  'config' 'domain'
	procd_open_instance	procd_set_param stdout 1	procd_set_param stderr 1	procd_close_instance
	. /lib/functions/network.sh; network_get_ipaddr wanip wan; network_get_gateway gwip wan; network_get_ipaddr lanip lan	[ ! "$wanip" ] && output 'ERROR: Could not get wan ip\n' && exit 0	[ ! "$gwip" ] && output 'ERROR: Could not get wan gateway\n' && exit 0	for ll in ${routes}; do (ip route del $ll; ip route add $ll via $gwip) >/dev/null 2>&1; done	(ip rule del fwmark $FW_MARK table $TID; iptables -t mangle -F; ipset -F $IPSET; ipset -X $IPSET) >/dev/null 2>&1	(ip route flush table $TID; ip route flush cache) >/dev/null 2>&1	(ip route add default via $gwip table $TID; ip route flush cache) >/dev/null 2>&1	(modprobe xt_set || modprobe ip_set; insmod ip_set_hash_ip) >/dev/null 2>&1	(ipset -N $IPSET iphash -q; ipset -F $IPSET) >/dev/null 2>&1	for ll in ${lports}; do iptables -t mangle -A PREROUTING -p tcp -m multiport --sport $ll -j MARK --set-mark $FW_MARK/$FW_MARK -m comment --comment "vpnbypass"; done	for ll in ${rports}; do iptables -t mangle -A PREROUTING -p tcp -m multiport --dport $ll -j MARK --set-mark $FW_MARK/$FW_MARK -m comment --comment "vpnbypass"; done	for ll in ${ranges}; do iptables -t mangle -I PREROUTING -s $ll -j MARK --set-mark $FW_MARK/$FW_MARK -m comment --comment "vpnbypass"; done	iptables -t mangle -A PREROUTING -m set --match-set $IPSET dst -j MARK --set-mark $FW_MARK/$FW_MARK -m comment --comment "vpnbypass"	ip rule add fwmark $FW_MARK table $TID	output "vpnbypass started with TID: $TID FW_MARK: $FW_MARK\n"}
stop_service() {	local ll    config_load vpnbypass    vpnbypass_enabled || return 1    config_get routes   'config' 'remotesubnet'
	[ -d /etc/openvpn ] || return 1	rm -f /etc/hotplug.d/firewall/${START}-${IPSET}	. /lib/functions/network.sh; network_get_ipaddr wanip wan; network_get_gateway gwip wan; network_get_ipaddr lanip lan	[ ! "$wanip" ] && output 'ERROR: Could not get wan ip\n' && exit 0	[ ! "$gwip" ] && output 'ERROR: Could not get wan gateway\n' && exit 0	for ll in ${routes}; do ip route del $ll >/dev/null 2>&1; done#	iptables-save | grep -Fv -- "vpnbypass" | iptables-restore	(ip rule del fwmark $FW_MARK table $TID; iptables -t mangle -F; ipset -F $IPSET; ipset -X $IPSET) >/dev/null 2>&1	(ip route flush table $TID; ip route flush cache) >/dev/null 2>&1	output "vpnbypass stopped\n"}
service_triggers() {    procd_add_reload_trigger 'vpnbypass'    procd_add_reload_interface_trigger 'wan'}