97 lines
2.6 KiB
Bash
Executable File
97 lines
2.6 KiB
Bash
Executable File
#!/bin/sh /etc/rc.common
|
|
|
|
START=99
|
|
|
|
TIMECONTROL_ENABLE=0
|
|
|
|
iptables_w(){
|
|
iptables -w 1 "$@"
|
|
}
|
|
|
|
add_rule(){
|
|
local enable macaddr timeoff timeon z1 z2 z3 z4 z5 z6 z7
|
|
config_get enable "$1" enable "0"
|
|
config_get macaddr "$1" macaddr
|
|
config_get timeoff "$1" timeoff
|
|
config_get timeon "$1" timeon
|
|
config_get z1 "$1" z1
|
|
config_get z2 "$1" z2
|
|
config_get z3 "$1" z3
|
|
config_get z4 "$1" z4
|
|
config_get z5 "$1" z5
|
|
config_get z6 "$1" z6
|
|
config_get z7 "$1" z7
|
|
|
|
if [ -z $enable ] || [ "$enable" != "1" ] || [ -z $macaddr ] || [ -z $timeoff ] || [ -z $timeon ]; then
|
|
return 0
|
|
fi
|
|
|
|
local Z1 Z2 Z3 Z4 Z5 Z6 Z7
|
|
[ "$z1" == "1" ] && Z1="Mon,"
|
|
[ "$z2" == "1" ] && Z2="Tue,"
|
|
[ "$z3" == "1" ] && Z3="Wed,"
|
|
[ "$z4" == "1" ] && Z4="Thu,"
|
|
[ "$z5" == "1" ] && Z5="Fri,"
|
|
[ "$z6" == "1" ] && Z6="Sat,"
|
|
[ "$z7" == "1" ] && Z7="Sun"
|
|
|
|
local table
|
|
for table in filter nat; do
|
|
iptables_w -t $table -A TIMECONTROL_RULES -m mac --mac-source $macaddr -m time --kerneltz --timestart $timeon --timestop $timeoff --weekdays $Z1$Z2$Z3$Z4$Z5$Z6$Z7 -j TIMECONTROL_REJECT
|
|
done
|
|
}
|
|
|
|
timecontrol_header(){
|
|
config_get TIMECONTROL_ENABLE "$1" enable "0"
|
|
}
|
|
|
|
start(){
|
|
local table
|
|
config_load timecontrol
|
|
config_foreach timecontrol_header basic
|
|
|
|
[ "$TIMECONTROL_ENABLE" != "1" ] && return 0
|
|
# resolve interface
|
|
local interface=$(
|
|
. /lib/functions/network.sh
|
|
|
|
network_is_up "lan" && network_get_device device "lan"
|
|
echo "${device:-br-lan}"
|
|
)
|
|
|
|
for table in filter nat; do
|
|
iptables_w -t $table -N TIMECONTROL
|
|
iptables_w -t $table -F TIMECONTROL
|
|
iptables_w -t $table -N TIMECONTROL_RULES
|
|
iptables_w -t $table -F TIMECONTROL_RULES
|
|
iptables_w -t $table -N TIMECONTROL_REJECT
|
|
iptables_w -t $table -F TIMECONTROL_REJECT
|
|
done
|
|
iptables_w -t filter -I TIMECONTROL_REJECT -j DROP
|
|
iptables_w -t filter -I TIMECONTROL_REJECT -p tcp -j REJECT --reject-with tcp-reset
|
|
iptables_w -t nat -I TIMECONTROL_REJECT -j ACCEPT
|
|
|
|
config_foreach add_rule macbind
|
|
|
|
iptables_w -t filter -I TIMECONTROL -i $interface -j TIMECONTROL_RULES
|
|
iptables_w -t filter -I FORWARD -j TIMECONTROL
|
|
iptables_w -t nat -I TIMECONTROL -i $interface -j TIMECONTROL_RULES
|
|
iptables_w -t nat -I PREROUTING -j TIMECONTROL
|
|
echo "/etc/init.d/timecontrol restart" > "/var/etc/timecontrol.include"
|
|
}
|
|
|
|
stop(){
|
|
local table
|
|
iptables_w -t filter -D FORWARD -j TIMECONTROL
|
|
iptables_w -t nat -D PREROUTING -j TIMECONTROL
|
|
|
|
for table in filter nat; do
|
|
iptables_w -t $table -F TIMECONTROL
|
|
iptables_w -t $table -X TIMECONTROL
|
|
iptables_w -t $table -F TIMECONTROL_RULES
|
|
iptables_w -t $table -X TIMECONTROL_RULES
|
|
iptables_w -t $table -F TIMECONTROL_REJECT
|
|
iptables_w -t $table -X TIMECONTROL_REJECT
|
|
done
|
|
}
|