luci-0.8: splash: add counter rules, implement temporary bans

author Jo-Philipp Wich <jow@openwrt.org>

Sat, 6 Jun 2009 08:58:44 +0000 (08:58 +0000)

committer Jo-Philipp Wich <jow@openwrt.org>

Sat, 6 Jun 2009 08:58:44 +0000 (08:58 +0000)
author Jo-Philipp Wich <jow@openwrt.org>
Sat, 6 Jun 2009 08:58:44 +0000 (08:58 +0000)
committer Jo-Philipp Wich <jow@openwrt.org>
Sat, 6 Jun 2009 08:58:44 +0000 (08:58 +0000)
diff --git a/applications/luci-splash/root/etc/init.d/luci_splash b/applications/luci-splash/root/etc/init.d/luci_splash

index b6eaf325aeb09dcf60fb6b6c0b1e4607f1a8732d..d16eaba9cfb6a189d4f8ada7622e27597c998ad0 100755 (executable)
--- a/applications/luci-splash/root/etc/init.d/luci_splash
+++ b/applications/luci-splash/root/etc/init.d/luci_splash
@@ -35,14 +35,24 @@ blacklist_add() {
         local cfg="$1"
         
         config_get mac "$cfg" mac
-       [ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP
+       [ -n "$mac" ] && {
+               iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN
+               iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j DROP
+       }
  }
  
  whitelist_add() {
         local cfg="$1"
         
         config_get mac "$cfg" mac
-       [ -n "$mac" ] && iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j RETURN
+       config_get ban "$cfg" kicked
+
+       ban=${ban:+DROP}
+
+       [ -n "$mac" ] && {
+               iptables -I luci_splash_counter -m mac --mac-source "$mac" -j RETURN
+               iptables -t nat -I luci_splash_leases -m mac --mac-source "$mac" -j "${ban:-RETURN}"
+       }
  }
  
  boot() {
@@ -57,10 +67,11 @@ start() {
         config_load luci_splash
         
         ### Create subchains
+       iptables -N luci_splash_counter
         iptables -t nat -N luci_splash_portal
         iptables -t nat -N luci_splash_leases
         iptables -t nat -N luci_splash_prerouting
-       
+
         ### Build the main and portal rule
         config_foreach blacklist_add blacklist
         config_foreach whitelist_add whitelist
@@ -68,6 +79,8 @@ start() {
         config_foreach iface_add iface
         
         ### Build the portal rule
+       iptables -I INPUT -j luci_splash_counter
+       iptables -I FORWARD -j luci_splash_counter
         iptables -t nat -A luci_splash_portal -p udp --dport 33434:33523 -j RETURN
         iptables -t nat -A luci_splash_portal -p icmp -j RETURN
         iptables -t nat -A luci_splash_portal -p udp --dport 53 -j RETURN
@@ -91,16 +104,20 @@ stop() {
         ### Clear interface rules
         config_load luci_splash
         config_foreach iface_del iface
+       iptables -D INPUT -j luci_splash_counter
+       iptables -D FORWARD -j luci_splash_counter
          
         ### Clear subchains
         iptables -t nat -F luci_splash_leases
         iptables -t nat -F luci_splash_portal
         iptables -t nat -F luci_splash_prerouting
+       iptables -F luci_splash_counter
         
         ### Delete subchains
         iptables -t nat -X luci_splash_leases
         iptables -t nat -X luci_splash_portal
         iptables -t nat -X luci_splash_prerouting
+       iptables -X luci_splash_counter
  
         ### Stop the splash httpd
         start-stop-daemon -K -p /var/run/luci-splashd.pid -s KILL -q
author	Jo-Philipp Wich <jow@openwrt.org>
	Sat, 6 Jun 2009 08:58:44 +0000 (08:58 +0000)
committer	Jo-Philipp Wich <jow@openwrt.org>
	Sat, 6 Jun 2009 08:58:44 +0000 (08:58 +0000)