add youtube list
parent
425606d507
commit
45973ad65f
|
@ -1,4 +1,5 @@
|
|||
#!/bin/sh
|
||||
ACTDIR=$(dirname "$0")
|
||||
KIDS_IP="172.24.42.100-172.24.42.110"
|
||||
KIDS_MAC="00:e0:53:13:1b:f1 88:79:7e:f7:05:60 d0:04:01:9f:b4:09"
|
||||
|
||||
|
@ -8,9 +9,11 @@ FOR_IN_KIDS="forwarding_wan_rules_kids"
|
|||
YOUTUBE="forwarding_wan_rules_youtube"
|
||||
|
||||
iptables -N ${FOR_OUT_KIDS}
|
||||
iptables -I ${FOR_OUT_GAMES} -m limit --limit 1/min -j LOG --log-prefix "Surfing kid: "
|
||||
iptables -A ${FOR_OUT_KIDS} -j DROP
|
||||
|
||||
iptables -N ${FOR_OUT_GAMES}
|
||||
iptables -I ${FOR_OUT_GAMES} -m limit --limit 1/min -j LOG --log-prefix "Playing kid: "
|
||||
iptables -A ${FOR_OUT_GAMES} -j DROP
|
||||
|
||||
iptables -N ${FOR_IN_KIDS}
|
||||
|
@ -32,12 +35,7 @@ iptables -I ${FOR_OUT_KIDS} 1 -p udp -m multiport --dports 3478,45395,50318,5923
|
|||
iptables -I ${FOR_OUT_KIDS} -p udp -m multiport --dports 29995:30005 -m comment --comment "Minetest" -j ${FOR_OUT_GAMES}
|
||||
|
||||
# populate list
|
||||
#iptables -I forwarding_lan_rule 1 -m mac --mac-source 00:22:15:a4:15:e4 -m comment --comment "Test apollon" -j ${FOR_OUT_KIDS}
|
||||
#iptables -I FORWARD 1 -m iprange --dst-range 172.24.42.100-172.24.42.110 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "Test apollon" -j ${FOR_IN_KIDS}
|
||||
#iptables -I FORWARD 1 -m iprange --dst-range 172.24.42.230-172.24.42.235 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "Test apollon" -j ${FOR_IN_KIDS}
|
||||
for i in ${KIDS_MAC}; do
|
||||
iptables -I forwarding_lan_rule -m mac --mac-source $i -j ${FOR_OUT_KIDS}
|
||||
done
|
||||
${ACTDIR}/filter_mac.sh start
|
||||
iptables -I FORWARD -m iprange --dst-range ${KIDS_IP} -m conntrack --ctstatus RELATED,ESTABLISHED -j ${FOR_IN_KIDS}
|
||||
|
||||
# web access - time restriction
|
||||
|
@ -45,15 +43,6 @@ iptables -I ${FOR_OUT_KIDS} 1 -p tcp -m multiport --dports 80,443 -m time --time
|
|||
iptables -I ${FOR_IN_KIDS} 1 -p tcp -m multiport --sports 80,443 -m time --timestart 08:00 --timestop 23:00 -j ACCEPT
|
||||
|
||||
# Youtube
|
||||
iptables -I ${FOR_IN_KIDS} -m iprange --src-range 199.223.232.0-199.223.239.255 -p tcp -j ${YOUTUBE}
|
||||
iptables -I ${FOR_IN_KIDS} -m iprange --src-range 207.223.160.0-207.223.175.255 -p tcp -j ${YOUTUBE}
|
||||
iptables -I ${FOR_IN_KIDS} -m iprange --src-range 208.65.152.0-208.65.155.255 -p tcp -j ${YOUTUBE}
|
||||
iptables -I ${FOR_IN_KIDS} -m iprange --src-range 208.117.224.0-208.117.255.255 -p tcp -j ${YOUTUBE}
|
||||
iptables -I ${FOR_IN_KIDS} -m iprange --src-range 209.85.128.0-209.85.255.255 -p tcp -j ${YOUTUBE}
|
||||
iptables -I ${FOR_IN_KIDS} -m iprange --src-range 216.58.192.0-216.58.223.255 -p tcp -j ${YOUTUBE}
|
||||
iptables -I ${FOR_IN_KIDS} -m iprange --src-range 216.239.32.0-216.239.63.255 -p tcp -j ${YOUTUBE}
|
||||
iptables -I ${FOR_IN_KIDS} -m iprange --src-range 9.192.115.0-9.192.115.255 -p tcp -j ${YOUTUBE}
|
||||
iptables -I ${FOR_IN_KIDS} -m iprange --src-range 74.125.206.0-74.125.206.255 -p tcp -j ${YOUTUBE}
|
||||
iptables -I ${FOR_IN_KIDS} -m iprange --src-range 64.233.167.0-64.233.167.255 -p tcp -j ${YOUTUBE}
|
||||
|
||||
|
||||
while read -r line; do
|
||||
iptables -I ${FOR_IN_KIDS} -m iprange --src-range ${line} -m length --length 2048:65535 -p tcp -j ${YOUTUBE}
|
||||
done < "${ACTDIR}/youtube.txt"
|
||||
|
|
|
@ -5,19 +5,21 @@ if [ -z "$startstop" ]; then
|
|||
startstop="start"
|
||||
fi
|
||||
|
||||
table="INPUT"
|
||||
table="forwarding_lan_rule"
|
||||
filtertable="forwarding_lan_rules_kids"
|
||||
|
||||
macsrc=$(cat ./mac.txt)
|
||||
|
||||
case "$startstop" in
|
||||
start)
|
||||
for i in $macsrc; do
|
||||
iptables -I ${table} -m mac --mac-source $i -m comment --comment "macfiltering" -j DROP
|
||||
iptables -I ${table} -m mac --mac-source $i -m comment --comment "macfiltering" -j ${filtertable}
|
||||
done
|
||||
;;
|
||||
stop)
|
||||
macdel=$(iptables -S ${table} |grep macfiltering|sed -e 's/\ /\n/g'|grep mac-source -A 1 |grep :)
|
||||
for i in $macdel; do
|
||||
iptables -D ${table} -m mac --mac-source $i -m comment --comment "macfiltering" -j DROP
|
||||
iptables -D ${table} -m mac --mac-source $i -m comment --comment "macfiltering" -j ${filtertable}
|
||||
done
|
||||
|
||||
;;
|
||||
|
|
6
mac.txt
6
mac.txt
|
@ -1,3 +1,3 @@
|
|||
00:50:8b:01:02:03
|
||||
00:07:e9:01:02:03
|
||||
00:60:2f:01:02:03
|
||||
00:e0:53:13:1b:f1
|
||||
88:79:7e:f7:05:60
|
||||
d0:04:01:9f:b4:09
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
199.223.232.0-199.223.239.255
|
||||
207.223.160.0-207.223.175.255
|
||||
208.65.152.0-208.65.155.255
|
||||
208.117.224.0-208.117.255.255
|
||||
209.85.128.0-209.85.255.255
|
||||
216.58.192.0-216.58.223.255
|
||||
216.239.32.0-216.239.63.255
|
||||
9.192.115.0-9.192.115.255
|
||||
74.125.206.0-74.125.206.255
|
||||
64.233.167.0-64.233.167.255
|
Loading…
Reference in New Issue