You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
823 B
51 lines
823 B
#!/bin/sh |
|
# |
|
# This script blocks all outbound and inbound DNS except DNS. If all UDP is |
|
# blocked, the only way to do a peer to peer connection is with a TURN server |
|
# which supports tcp. |
|
# |
|
# NOTE: this script requires Linux and must be run as root/sudo. |
|
# |
|
# (c)2016 struktur AG |
|
# http://www.struktur.de |
|
|
|
set -e |
|
RETVAL=0 |
|
|
|
run() { |
|
set -x |
|
local mode=$1 |
|
iptables $mode INPUT -p udp --sport 53 -j ACCEPT |
|
iptables $mode INPUT -p udp --dport 53 -j ACCEPT |
|
iptables $mode OUTPUT -p udp --sport 53 -j ACCEPT |
|
iptables $mode OUTPUT -p udp --dport 53 -j ACCEPT |
|
|
|
iptables $mode INPUT -p udp -j DROP |
|
iptables $mode OUTPUT -p udp -j DROP |
|
set +x |
|
} |
|
|
|
start() { |
|
run -A |
|
} |
|
|
|
stop() { |
|
set +e |
|
run -D |
|
set -e |
|
} |
|
|
|
case "$1" in |
|
start) |
|
start |
|
;; |
|
stop) |
|
stop |
|
;; |
|
*) |
|
echo "Usage: $0 [start|stop]" |
|
RETVAL=1 |
|
;; |
|
esac |
|
|
|
exit $RETVAL
|
|
|