| #!/bin/sh |
| |
| . /etc/utils.sh # for ip46tables |
| |
| port="8888" |
| allowed_list= |
| url= |
| |
| bin=$(basename "$0") |
| USAGE=" |
| Usage: |
| $bin start [options...] |
| -p <port> port on which HTTP bouncer will listen (default: $port) |
| -a <allowed_ips> list of allowed IPs/subnets |
| -u <url> redirect URL |
| |
| $bin stop |
| " |
| usage() { |
| echo "$USAGE" >&2 |
| exit 1 |
| } |
| |
| |
| if [ $# -eq 0 ]; then |
| usage |
| fi |
| |
| cmd=$1 |
| shift |
| |
| while getopts "p:a:u:" opt |
| do |
| case $opt in |
| p) port="$OPTARG" ;; |
| a) allowed_list="$OPTARG" ;; |
| u) url="$OPTARG" ;; |
| *) usage ;; |
| esac |
| done |
| |
| start_iptables() { |
| ip46tables -t filter -A acs-captive-portal-input -p tcp --dport "$port" -j ACCEPT |
| |
| for dest in $allowed_list; do |
| iptables -t filter -A acs-captive-portal-filter -d "$dest" -j ACCEPT |
| done |
| |
| for dest in $allowed_list; do |
| iptables -t nat -A acs-captive-portal-nat -d "$dest" -j ACCEPT |
| done |
| iptables -t nat -A acs-captive-portal-nat -p tcp --dport 80 -j REDIRECT \ |
| --to-ports "$port" |
| } |
| |
| stop_iptables() { |
| iptables -t nat -F acs-captive-portal-nat |
| ip46tables -t filter -F acs-captive-portal-input |
| ip46tables -t filter -F acs-captive-portal-filter |
| } |
| |
| start_http_bouncer() { |
| PYTHONPATH=/usr/catawampus/tr/vendor/tornado http_bouncer -p "$port" -u "$url" & |
| } |
| |
| stop_http_bouncer() { |
| pkillwait http_bouncer |
| } |
| |
| case "$cmd" in |
| start|restart) |
| stop_http_bouncer |
| stop_iptables |
| start_iptables |
| start_http_bouncer |
| ;; |
| stop) |
| stop_iptables |
| stop_http_bouncer |
| ;; |
| *) |
| usage |
| ;; |
| esac |
| |