small-package/luci-app-softethervpn/root/etc/init.d/softethervpn

#!/bin/sh /etc/rc.common
# Copyright (C) 2016 Chen RuiWei <crwbak@gmail.com>

START=99
STOP=10

USE_PROCD=1

CONFIG=softethervpn

add_rule() {
	openvpnport=$(cat /usr/libexec/softethervpn/vpn_server.config 2>/dev/null | grep OpenVPN_UdpPortList | awk -F " " '{print $3}')
	[ -z "$openvpnport" ] && openvpnport=1194

	iptables -N SOFTETHER_VPN-SERVER
	iptables -I INPUT -j SOFTETHER_VPN-SERVER
	
	iptables -A SOFTETHER_VPN-SERVER -p udp -m multiport --dports 500,1701,4500 -m comment --comment "L2TP-IPSec" -j ACCEPT
	iptables -A SOFTETHER_VPN-SERVER -p udp --dport $openvpnport -m comment --comment "OpenVPN" -j ACCEPT
	iptables -A SOFTETHER_VPN-SERVER -p tcp --dport $openvpnport -m comment --comment "OpenVPN" -j ACCEPT
	iptables -A SOFTETHER_VPN-SERVER -p tcp --dport 5555 -j ACCEPT
	iptables -A SOFTETHER_VPN-SERVER -p tcp --dport 8888 -j ACCEPT
	iptables -A SOFTETHER_VPN-SERVER -p tcp --dport 992 -j ACCEPT
	iptables -t mangle -I OUTPUT -p udp -m multiport --sports 500,1701,4500 -m comment --comment "SOFTETHER_VPN-SERVER-L2TP-IPSec" -j RETURN
	iptables -t mangle -I OUTPUT -p udp --sport $openvpnport -m comment --comment "SOFTETHER_VPN-SERVER-OPENVPN" -j RETURN
	iptables -t mangle -I OUTPUT -p tcp --sport $openvpnport -m comment --comment "SOFTETHER_VPN-SERVER-OPENVPN" -j RETURN
}

del_rule() {
	ipt_del() {
		for i in $(seq 1 $($1 -nL $2 | grep -c "SOFTETHER_VPN-SERVER")); do
			local index=$($1 --line-number -nL $2 | grep "SOFTETHER_VPN-SERVER" | head -1 | awk '{print $1}')
			$1 -w -D $2 $index 2>/dev/null
		done
	}
	
	ipt_del "iptables -t mangle" "OUTPUT"
	ipt_del "iptables" "INPUT"

	iptables -F SOFTETHER_VPN-SERVER 2>/dev/null
	iptables -X SOFTETHER_VPN-SERVER 2>/dev/null
}

gen_include() {
	echo '#!/bin/sh' > /var/etc/$CONFIG.include
	extract_rules() {
		echo "*$1"
		iptables-save -t $1 | grep "SOFTETHER_VPN-SERVER" | \
		sed -e "s/^-A \(INPUT\)/-I \1 1/"
		echo 'COMMIT'
	}
	cat <<-EOF >> /var/etc/$CONFIG.include
		iptables-save -c | grep -v "SOFTETHER_VPN-SERVER" | iptables-restore -c
		iptables-restore -n <<-EOT
		$(extract_rules filter)
		EOT
	EOF
	return 0
}

start_service() {
	enabled=$(uci -q get $CONFIG.@softether[0].enabled || echo "0")
	[ $enabled -ne 1 ] && return 0
	
	procd_open_instance $CONFIG
	procd_set_param env LANG=en_US.UTF-8
	procd_set_param command /usr/libexec/softethervpn/vpnserver start --foreground
	procd_set_param respawn
	procd_close_instance
	
	add_rule
	gen_include
}

stop_service() {
	top -bn1 | grep "/usr/libexec/softethervpn" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1
	del_rule
	rm -rf /var/etc/$CONFIG.include
}

reload_service() {
	restart
}

service_triggers() {
	procd_add_reload_trigger $CONFIG
}
update-09.24 2021-09-24 23:37:27 +08:00			`#!/bin/sh /etc/rc.common`
			`# Copyright (C) 2016 Chen RuiWei <crwbak@gmail.com>`

			`START=99`
			`STOP=10`

update-01.02 2022-01-02 20:31:25 +08:00			`USE_PROCD=1`

update-09.24 2021-09-24 23:37:27 +08:00			`CONFIG=softethervpn`

			`add_rule() {`
			`openvpnport=$(cat /usr/libexec/softethervpn/vpn_server.config 2>/dev/null \| grep OpenVPN_UdpPortList \| awk -F " " '{print $3}')`
			`[ -z "$openvpnport" ] && openvpnport=1194`

			`iptables -N SOFTETHER_VPN-SERVER`
			`iptables -I INPUT -j SOFTETHER_VPN-SERVER`

			`iptables -A SOFTETHER_VPN-SERVER -p udp -m multiport --dports 500,1701,4500 -m comment --comment "L2TP-IPSec" -j ACCEPT`
			`iptables -A SOFTETHER_VPN-SERVER -p udp --dport $openvpnport -m comment --comment "OpenVPN" -j ACCEPT`
			`iptables -A SOFTETHER_VPN-SERVER -p tcp --dport $openvpnport -m comment --comment "OpenVPN" -j ACCEPT`
			`iptables -A SOFTETHER_VPN-SERVER -p tcp --dport 5555 -j ACCEPT`
			`iptables -A SOFTETHER_VPN-SERVER -p tcp --dport 8888 -j ACCEPT`
			`iptables -A SOFTETHER_VPN-SERVER -p tcp --dport 992 -j ACCEPT`
			`iptables -t mangle -I OUTPUT -p udp -m multiport --sports 500,1701,4500 -m comment --comment "SOFTETHER_VPN-SERVER-L2TP-IPSec" -j RETURN`
			`iptables -t mangle -I OUTPUT -p udp --sport $openvpnport -m comment --comment "SOFTETHER_VPN-SERVER-OPENVPN" -j RETURN`
			`iptables -t mangle -I OUTPUT -p tcp --sport $openvpnport -m comment --comment "SOFTETHER_VPN-SERVER-OPENVPN" -j RETURN`
			`}`

			`del_rule() {`
			`ipt_del() {`
			`for i in $(seq 1 $($1 -nL $2 \| grep -c "SOFTETHER_VPN-SERVER")); do`
			`local index=$($1 --line-number -nL $2 \| grep "SOFTETHER_VPN-SERVER" \| head -1 \| awk '{print $1}')`
			`$1 -w -D $2 $index 2>/dev/null`
			`done`
			`}`

			`ipt_del "iptables -t mangle" "OUTPUT"`
			`ipt_del "iptables" "INPUT"`

			`iptables -F SOFTETHER_VPN-SERVER 2>/dev/null`
			`iptables -X SOFTETHER_VPN-SERVER 2>/dev/null`
			`}`

			`gen_include() {`
			`echo '#!/bin/sh' > /var/etc/$CONFIG.include`
			`extract_rules() {`
			`echo "*$1"`
			`iptables-save -t $1 \| grep "SOFTETHER_VPN-SERVER" \| \`
			`sed -e "s/^-A \(INPUT\)/-I \1 1/"`
			`echo 'COMMIT'`
			`}`
			`cat <<-EOF >> /var/etc/$CONFIG.include`
			`iptables-save -c \| grep -v "SOFTETHER_VPN-SERVER" \| iptables-restore -c`
			`iptables-restore -n <<-EOT`
			`$(extract_rules filter)`
			`EOT`
			`EOF`
			`return 0`
			`}`

update-01.02 2022-01-02 20:31:25 +08:00			`start_service() {`
			`enabled=$(uci -q get $CONFIG.@softether[0].enabled \|\| echo "0")`
			`[ $enabled -ne 1 ] && return 0`

			`procd_open_instance $CONFIG`
			`procd_set_param env LANG=en_US.UTF-8`
			`procd_set_param command /usr/libexec/softethervpn/vpnserver start --foreground`
			`procd_set_param respawn`
			`procd_close_instance`

update-09.24 2021-09-24 23:37:27 +08:00			`add_rule`
			`gen_include`
			`}`

update-01.02 2022-01-02 20:31:25 +08:00			`stop_service() {`
			`top -bn1 \| grep "/usr/libexec/softethervpn" \| grep -v "grep" \| awk '{print $1}' \| xargs kill -9 >/dev/null 2>&1`
update-09.24 2021-09-24 23:37:27 +08:00			`del_rule`
			`rm -rf /var/etc/$CONFIG.include`
			`}`
update-01.02 2022-01-02 20:31:25 +08:00
			`reload_service() {`
			`restart`
			`}`

			`service_triggers() {`
			`procd_add_reload_trigger $CONFIG`
			`}`