mwan3_set_user_iptables_rule()
{
- local ipset family proto policy src_ip src_port sticky dest_ip dest_port use_policy timeout rule policy IPT
+ local ipset family proto policy src_ip src_port sticky dest_ip
+ local dest_port use_policy timeout rule policy IPT
+ local global_logging rule_logging loglevel
rule="$1"
config_get use_policy $1 use_policy
config_get family $1 family any
+ config_get rule_logging $1 logging 0
+ config_get global_logging globals logging 0
+ config_get loglevel globals loglevel notice
+
if [ "$1" != $(echo "$1" | cut -c1-15) ]; then
$LOG warn "Rule $1 exceeds max of 15 chars. Not setting rule" && return 0
fi
for IPT in "$IPT4" "$IPT6"; do
case $proto in
tcp|udp)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m multiport --sports $src_port \
+ -m multiport --dports $dest_port \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT -A mwan3_rules \
-p $proto \
-s $src_ip \
-j $policy &> /dev/null
;;
*)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT -A mwan3_rules \
-p $proto \
-s $src_ip \
case $proto in
tcp|udp)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m multiport --sports $src_port \
+ -m multiport --dports $dest_port \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT4 -A mwan3_rules \
-p $proto \
-s $src_ip \
-j $policy &> /dev/null
;;
*)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT4 -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT4 -A mwan3_rules \
-p $proto \
-s $src_ip \
case $proto in
tcp|udp)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT6 -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m multiport --sports $src_port \
+ -m multiport --dports $dest_port \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT6 -A mwan3_rules \
-p $proto \
-s $src_ip \
-j $policy &> /dev/null
;;
*)
+ [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && {
+ $IPT6 -A mwan3_rules \
+ -p $proto \
+ -s $src_ip \
+ -d $dest_ip $ipset \
+ -m mark --mark 0/$MMX_MASK \
+ -m comment --comment "$1" \
+ -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null
+ }
$IPT6 -A mwan3_rules \
-p $proto \
-s $src_ip \
projects / feed / packages.git / commitdiff