Add block trap to dpi

1bea197b · Franco (nextime) Lanza · 0e3077c8 · 1bea197b · 1bea197b · 1bea197b
Commit 1bea197b authored 4 years ago by Franco (nextime) Lanza
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 1 deletion

dpi dpi +2 -0

rc.local rc.local +9 -0

shaping shaping +1 -1

No files found.
--- a/dpi
+++ b/dpi
@@ -25,6 +25,8 @@ online_streamer = NFStreamer(source="eth1", promiscuous_mode=False, splt_analysi
 templconf = """
 {
+  "Log": "ERROR",
  "Cats":{
     "Network":{

--- a/rc.local
+++ b/rc.local
@@ -134,5 +134,14 @@ ipset create block_ip hash:ip family inet
 iptables -I FORWARD -i $LLAN -m set --match-set block_ip src -j DROP
 iptables -I FORWARD -i $LLAN -p udp --dport 53 -m set --match-set block_ip src -j ACCEPT
+# BLOCK TRAP FOR DPI
+iptables -I FORWARD -i $LLAN -m set --match-set dpiblock_ip src -j DROP
+iptables -I FORWARD -i $LLAN -m set --match-set dpiblock_extip dst -j DROP
+iptables -I FORWARD -i $LLAN -m set --match-set dpiblock_ip src -j DROP
+ip6tables  -I FORWARD -i $LLAN -m set --match-set dpiblock_ip6 src -j DROP
+ip6tables  -I FORWARD -i $LLAN -m set --match-set dpiblock_extip6 dst -j DROP
+ip6tables  -I FORWARD -i $LLAN -m set --match-set dpiblock_triplet6 dst,dst,src -j DROP
 exit 0
--- a/shaping
+++ b/shaping
@@ -19,7 +19,7 @@ DEFBAND="1024"
 DOUPLOAD=true
 DODOWNLOAD=true
 IPSET_DURATION=3600 # Seconds
-IPSETS_NAMES="social kids system full streaming"
+IPSETS_NAMES="social kids system full streaming dpiblock"
 NAT=true
 MARKSTART=5