Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in
Toggle navigation
N
nexdpi
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
sysadmin
nexdpi
Commits
1bea197b
Commit
1bea197b
authored
Jul 05, 2021
by
Franco (nextime) Lanza
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add block trap to dpi
parent
0e3077c8
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
12 additions
and
1 deletion
+12
-1
dpi
dpi
+2
-0
rc.local
rc.local
+9
-0
shaping
shaping
+1
-1
No files found.
dpi
View file @
1bea197b
...
@@ -25,6 +25,8 @@ online_streamer = NFStreamer(source="eth1", promiscuous_mode=False, splt_analysi
...
@@ -25,6 +25,8 @@ online_streamer = NFStreamer(source="eth1", promiscuous_mode=False, splt_analysi
templconf
=
"""
templconf
=
"""
{
{
"Log": "ERROR",
"Cats":{
"Cats":{
"Network":{
"Network":{
...
...
rc.local
View file @
1bea197b
...
@@ -134,5 +134,14 @@ ipset create block_ip hash:ip family inet
...
@@ -134,5 +134,14 @@ ipset create block_ip hash:ip family inet
iptables
-I
FORWARD
-i
$LLAN
-m
set
--match-set
block_ip src
-j
DROP
iptables
-I
FORWARD
-i
$LLAN
-m
set
--match-set
block_ip src
-j
DROP
iptables
-I
FORWARD
-i
$LLAN
-p
udp
--dport
53
-m
set
--match-set
block_ip src
-j
ACCEPT
iptables
-I
FORWARD
-i
$LLAN
-p
udp
--dport
53
-m
set
--match-set
block_ip src
-j
ACCEPT
# BLOCK TRAP FOR DPI
iptables
-I
FORWARD
-i
$LLAN
-m
set
--match-set
dpiblock_ip src
-j
DROP
iptables
-I
FORWARD
-i
$LLAN
-m
set
--match-set
dpiblock_extip dst
-j
DROP
iptables
-I
FORWARD
-i
$LLAN
-m
set
--match-set
dpiblock_ip src
-j
DROP
ip6tables
-I
FORWARD
-i
$LLAN
-m
set
--match-set
dpiblock_ip6 src
-j
DROP
ip6tables
-I
FORWARD
-i
$LLAN
-m
set
--match-set
dpiblock_extip6 dst
-j
DROP
ip6tables
-I
FORWARD
-i
$LLAN
-m
set
--match-set
dpiblock_triplet6 dst,dst,src
-j
DROP
exit
0
exit
0
shaping
View file @
1bea197b
...
@@ -19,7 +19,7 @@ DEFBAND="1024"
...
@@ -19,7 +19,7 @@ DEFBAND="1024"
DOUPLOAD
=
true
DOUPLOAD
=
true
DODOWNLOAD
=
true
DODOWNLOAD
=
true
IPSET_DURATION
=
3600
# Seconds
IPSET_DURATION
=
3600
# Seconds
IPSETS_NAMES
=
"social kids system full streaming"
IPSETS_NAMES
=
"social kids system full streaming
dpiblock
"
NAT
=
true
NAT
=
true
MARKSTART
=
5
MARKSTART
=
5
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment