From: Roman Bazalevskiy <rvb@rvb.name>
Date: Tue, 31 Oct 2017 10:44:23 +0000 (+0300)
Subject: Initial commit
X-Git-Url: https://git.rvb.name/setroute.git/commitdiff_plain/0077e2e3e430c218b65b95bec916f4b20ac0a2bd

Initial commit
---

0077e2e3e430c218b65b95bec916f4b20ac0a2bd
diff --git a/etc/cron.daily/setroute b/etc/cron.daily/setroute
new file mode 100755
index 0000000..6f7d39b
--- /dev/null
+++ b/etc/cron.daily/setroute
@@ -0,0 +1,13 @@
+#!/bin/sh
+sleep 5
+HOST=estia.rvb-home.lan
+wget -t 5 --waitretry 10 --timeout=10 -O /tmp/setroute.list http://$HOST/config/setroute.list >/dev/null 2>&1
+
+if [ $? = 0 ] 
+then
+
+  mv /tmp/setroute.list /etc/
+  touch /etc/setroute.list
+  /usr/local/bin/update_vpn_ipset > /dev/null
+  
+fi
diff --git a/etc/openvpn/down-client.sh b/etc/openvpn/down-client.sh
new file mode 100755
index 0000000..1ff8dd7
--- /dev/null
+++ b/etc/openvpn/down-client.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+echo setting route
+#/etc/setroute/if-down.sh $5
+
+ip route del default dev $dev table vpn
+iptables -t nat -D POSTROUTING -o $dev -j SNAT --to-source $4
+
diff --git a/etc/openvpn/up-client.sh b/etc/openvpn/up-client.sh
new file mode 100755
index 0000000..e434faf
--- /dev/null
+++ b/etc/openvpn/up-client.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+echo setting route
+#/etc/setroute/if-up.sh $5
+
+echo 2 > /proc/sys/net/ipv4/conf/$dev/rp_filter 
+metric=0
+ip route add default via $4 dev $dev table vpn metric $metric
+iptables -t nat -A POSTROUTING -o $dev -j SNAT --to-source $4
+
+fc=`find /etc/setroute.list -mtime +1 | wc -l`
+if [ fc != 0 ]; then
+  /etc/cron.daily/setroute &
+fi
+
+exit 0
diff --git a/etc/setroute.list b/etc/setroute.list
new file mode 100644
index 0000000..fdcc760
--- /dev/null
+++ b/etc/setroute.list
@@ -0,0 +1,32 @@
+dreamwidth.org
+opensharing.org
+gmusicbrowser.org
+research.archives.gov
+rutracker.org
+dl.rutracker.org
+rutracker.cc
+flibusta.net
+flibusta.me
+flibusta.is
+cn.flibusta.is
+cbs.com
+demotivators.to
+lurkmore.to
+lurkmore.so
+flickr.com
+archive.org
+muzofon.com
+censor.net.ua
+bt.rutracker.cc
+bt.t-ru.org
+bt2.rutracker.cc
+bt2.t-ru.org
+bt3.rutracker.cc
+bt3.t-ru.org
+bt4.rutracker.cc
+bt4.t-ru.org
+dou.ua
+archive.org
+www.linkedin.com
+linkedin.com
+sovet.kidstaff.com.ua
diff --git a/usr/local/bin/create_vpn_ipset b/usr/local/bin/create_vpn_ipset
new file mode 100755
index 0000000..f512da5
--- /dev/null
+++ b/usr/local/bin/create_vpn_ipset
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter 
+
+ipset create vpn hash:ip
+iptables -t mangle -A PREROUTING -m set --match-set vpn dst -j MARK --set-mark 4
+iptables -t mangle -A OUTPUT -m set --match-set vpn dst -j MARK --set-mark 4
+ip rule add fwmark 4 lookup vpn
+/usr/local/bin/set-route --list /etc/setroute.list --ipset vpn
diff --git a/usr/local/bin/set-route b/usr/local/bin/set-route
new file mode 100755
index 0000000..612c347
--- /dev/null
+++ b/usr/local/bin/set-route
@@ -0,0 +1,126 @@
+#!/usr/bin/python
+
+import sys,commands
+from optparse import OptionParser
+from dns.resolver import query
+from dns.exception import DNSException
+import re
+
+# default domain list
+config = '/etc/setroute.list'
+
+# read domains from file
+def read_list(file):
+
+  lines = [line.strip() for line in open(config)]  
+  names = []
+
+  for name in lines:
+    if name:
+      names.append(name)
+        
+  return names
+
+# host to IP addresses
+def host_to_ip(name):
+  ip = []
+  try:
+    qa = query(name,"A")
+    for i in qa:  
+      print name+"->"+i.to_text()
+      ip.append(i.to_text())
+  except DNSException:
+    return []
+  finally:
+    return ip      
+
+# convert names into IP addresses
+def to_ip(names):
+  re_ip = re.compile('\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$')
+  ip_list = []
+  for name in names:
+    if re_ip.match(name):
+      ip_list = list(set(ip_list + [name]))
+      print name+' appended'
+    else:
+      ip = host_to_ip(name)
+      ip_list = list(set(ip_list + ip))
+  return ip_list  
+
+# set route
+def set_route(list,interface,gateway,dest,remove):
+  for i in list:
+    if remove:
+      if interface:
+        if gateway:
+          command = "route del -net %s netmask 255.255.255.255 gw %s dev %s" % (i,gateway,interface)
+        else:
+          command = "route del -net %s netmask 255.255.255.255 dev %s" % (i,interface)
+      elif dest:  
+        command = "iptables -t nat -D OUTPUT -p tcp -d %s -m tcp -j DNAT --to-destination %s" % (i,dest)
+      elif gateway:  
+        command = "route del -net %s netmask 255.255.255.255 gw %s" % (i,gateway)
+      elif ipset:
+        command = "ipset del %s %s" %(ipset,i)  
+      print command
+      commands.getoutput(command)
+    else:  
+      if interface:
+        if gateway:
+          command = "route add -net %s netmask 255.255.255.255 gw %s dev %s" % (i,gateway,interface)
+        else:
+          command = "route add -net %s netmask 255.255.255.255 dev %s" % (i,interface)
+      elif dest:  
+        command = "iptables -t nat -I OUTPUT -p tcp -d %s -m tcp -j DNAT --to-destination %s" % (i,dest)
+      elif gateway:  
+        command = "route add -net %s netmask 255.255.255.255 gw %s" % (i,gateway)
+      elif ipset:
+        command = "ipset add %s %s" %(ipset,i)  
+      print command
+      commands.getoutput(command)
+
+# main procedure - process input parameters, read file and set route
+def main():
+  global dest,interface,gateway,remove
+  try:
+    domain_list = read_list(config)
+  except:
+    print "Cannot get domains list from file", config
+    exit()  
+  ip_list = to_ip(domain_list)
+  set_route(ip_list,interface,gateway,dest,remove)
+
+if __name__ == "__main__":
+  parser = OptionParser()
+  parser.add_option("-l", "--list", dest="config", help="Domain names list (default /etc/setroute.list) " )
+  parser.add_option("-s", "--ipset", dest="ipset", help="IPset to fill in")
+  parser.add_option("-d", "--destination", dest="destination", help="Proxy server (IP:Port)")
+  parser.add_option("-i", "--interface", dest="interface", help="Interface name")
+  parser.add_option("-g", "--gateway", dest="gateway", help="Gateway IP")
+  parser.add_option("-r", "--remove", action="store_true", dest="remove", help="Remove redirection")
+  (options, args) = parser.parse_args()
+  opts = options.__dict__
+  if opts["config"]:
+    config = opts["config"]
+  if opts["destination"]:
+    dest = opts["destination"] 
+  else:
+    dest = None  
+  if opts["interface"]:
+    interface = opts["interface"] 
+  else:
+    interface = None  
+  if opts["gateway"]:
+    gateway = opts["gateway"] 
+  else:
+    gateway = None  
+  if opts["remove"]:
+    remove = opts["remove"] 
+  else:
+    remove = None  
+  if opts["ipset"]:
+    ipset = opts["ipset"] 
+  else:
+    ipset = None  
+  main()
+  
\ No newline at end of file
diff --git a/usr/local/bin/update_vpn_ipset b/usr/local/bin/update_vpn_ipset
new file mode 100755
index 0000000..de1f6ba
--- /dev/null
+++ b/usr/local/bin/update_vpn_ipset
@@ -0,0 +1,6 @@
+#!/bin/sh
+ipset create vpn-tmp hash:ip
+/usr/local/bin/set-route --list /etc/setroute.list --ipset vpn-tmp
+ipset swap vpn vpn-tmp
+ipset destroy vpn-tmp
+