From 425606d50759c30860511840eea87ada33b45969 Mon Sep 17 00:00:00 2001
From: "A. Demant" <ademant@ademant.de>
Date: Tue, 12 Feb 2019 04:12:51 +0100
Subject: [PATCH] add own tables

---
 custom_rules_init.sh | 59 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100755 custom_rules_init.sh

diff --git a/custom_rules_init.sh b/custom_rules_init.sh
new file mode 100755
index 0000000..a7f0bb3
--- /dev/null
+++ b/custom_rules_init.sh
@@ -0,0 +1,59 @@
+#!/bin/sh
+KIDS_IP="172.24.42.100-172.24.42.110"
+KIDS_MAC="00:e0:53:13:1b:f1 88:79:7e:f7:05:60 d0:04:01:9f:b4:09"
+
+FOR_OUT_KIDS="forwarding_lan_rules_kids"
+FOR_OUT_GAMES="forwarding_lan_rules_games"
+FOR_IN_KIDS="forwarding_wan_rules_kids"
+YOUTUBE="forwarding_wan_rules_youtube"
+
+iptables -N ${FOR_OUT_KIDS}
+iptables -A ${FOR_OUT_KIDS} -j DROP
+
+iptables -N ${FOR_OUT_GAMES}
+iptables -A ${FOR_OUT_GAMES} -j DROP
+
+iptables -N ${FOR_IN_KIDS}
+iptables -A ${FOR_IN_KIDS} -j DROP
+
+iptables -N ${YOUTUBE}
+iptables -A ${YOUTUBE} -j DROP
+
+# Time restriction for games
+iptables -I ${FOR_OUT_GAMES} 1 -m time --timestart 14:00 --timestop 21:00 --weekdays Mon,Tue,Wed,Thu,Sun -j ACCEPT
+iptables -I ${FOR_OUT_GAMES} 1 -m time --timestart 08:00 --timestop 23:00 --weekdays Sat -j ACCEPT
+iptables -I ${FOR_OUT_GAMES} 1 -m time --timestart 12:00 --timestop 23:00 --weekdays Fri -j ACCEPT
+
+# allow WhatsApp
+iptables -I ${FOR_OUT_KIDS} 1 -p tcp -m multiport --dports 4244,5222,5223,5228,5242,50318,59234 -m comment --comment "TCP Whatsapp" -j ACCEPT
+iptables -I ${FOR_OUT_KIDS} 1 -p udp -m multiport --dports 3478,45395,50318,59234 -m comment --comment "UDP Whatsapp" -j ACCEPT
+
+# redirect games
+iptables -I ${FOR_OUT_KIDS} -p udp -m multiport --dports 29995:30005 -m comment --comment "Minetest" -j ${FOR_OUT_GAMES}
+
+# populate list
+#iptables -I forwarding_lan_rule 1 -m mac --mac-source 00:22:15:a4:15:e4 -m comment --comment "Test apollon" -j ${FOR_OUT_KIDS}
+#iptables -I FORWARD 1 -m iprange --dst-range 172.24.42.100-172.24.42.110 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "Test apollon" -j ${FOR_IN_KIDS}
+#iptables -I FORWARD 1 -m iprange --dst-range 172.24.42.230-172.24.42.235 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "Test apollon" -j ${FOR_IN_KIDS}
+for i in ${KIDS_MAC}; do
+	iptables -I forwarding_lan_rule -m mac --mac-source $i -j ${FOR_OUT_KIDS}
+done
+iptables -I FORWARD -m iprange --dst-range ${KIDS_IP} -m conntrack --ctstatus RELATED,ESTABLISHED -j ${FOR_IN_KIDS}
+
+# web access - time restriction
+iptables -I ${FOR_OUT_KIDS} 1 -p tcp -m multiport --dports 80,443 -m time --timestart 08:00 --timestop 23:00 -j ACCEPT
+iptables -I ${FOR_IN_KIDS} 1 -p tcp -m multiport --sports 80,443 -m time --timestart 08:00 --timestop 23:00 -j ACCEPT
+
+# Youtube
+iptables -I ${FOR_IN_KIDS} -m iprange --src-range 199.223.232.0-199.223.239.255 -p tcp -j ${YOUTUBE}
+iptables -I ${FOR_IN_KIDS} -m iprange --src-range 207.223.160.0-207.223.175.255 -p tcp -j ${YOUTUBE}
+iptables -I ${FOR_IN_KIDS} -m iprange --src-range 208.65.152.0-208.65.155.255 -p tcp -j ${YOUTUBE}
+iptables -I ${FOR_IN_KIDS} -m iprange --src-range 208.117.224.0-208.117.255.255 -p tcp -j ${YOUTUBE}
+iptables -I ${FOR_IN_KIDS} -m iprange --src-range 209.85.128.0-209.85.255.255 -p tcp -j ${YOUTUBE}
+iptables -I ${FOR_IN_KIDS} -m iprange --src-range 216.58.192.0-216.58.223.255 -p tcp -j ${YOUTUBE}
+iptables -I ${FOR_IN_KIDS} -m iprange --src-range 216.239.32.0-216.239.63.255 -p tcp -j ${YOUTUBE}
+iptables -I ${FOR_IN_KIDS} -m iprange --src-range 9.192.115.0-9.192.115.255 -p tcp -j ${YOUTUBE}
+iptables -I ${FOR_IN_KIDS} -m iprange --src-range 74.125.206.0-74.125.206.255 -p tcp -j ${YOUTUBE}
+iptables -I ${FOR_IN_KIDS} -m iprange --src-range 64.233.167.0-64.233.167.255 -p tcp -j ${YOUTUBE}
+
+