eswyft/homekit
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
homekit/misc/openwrt/etc/rc.local
Evgeny Zinoviev 3e3753d726 add various scripts to not lose them
2023-06-03 01:00:49 +03:00

71 lines
2.3 KiB
Plaintext
Raw Blame History

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
TABLES="mts-azov rt-azov mts-il"
# create ip sets
for _table in $TABLES; do
ipset create $_table hash:net
done
# add untrusted cameras set
ipset create ipcam hash:net
for addr in $(seq 21 69); do
ipset add ipcam 192.168.5.${addr}
done
sleep 0.1
# block internet access for untrusted cameras
iptables -I FORWARD 1 -m set --match-set ipcam src ! -d 192.168.5.0 -j REJECT
# add some default routing rules
ipset add mts-azov 192.168.5.0/24 # everybody
ipset add mts-azov 192.168.5.163 # cs1
ipset add mts-azov 192.168.5.212 # cs2
ipset add mts-azov 192.168.5.161 # cs3
ipset add rt-azov 192.168.5.133 # roof2
ipset add rt-azov 192.168.5.115 # room
ipset add rt-azov 192.168.5.170 # room
ipset add mts-il 192.168.5.120 # inv
ipset add mts-il 192.168.5.223 # inv
ipset add mts-il 192.168.5.143 # roof1
# create rules
ip rule add fwmark 100 table mts-azov
ip rule add fwmark 101 table rt-azov
ip rule add fwmark 102 table mts-il
# set default route for each custom routing table
ip route add default via 192.168.7.1 table mts-azov
ip route add default via 192.168.8.1 table rt-azov
ip route add default via 192.168.88.1 table mts-il # via mikrotik
# fix local routes
for _table in $TABLES; do
ip route add 192.168.5.0/24 via 192.168.5.1 table $_table
ip route add 192.168.6.0/24 via 192.168.88.1 table $_table
ip route add 192.168.7.0/24 via 192.168.7.1 table $_table
ip route add 192.168.8.0/24 via 192.168.8.1 table $_table
ip route add 192.168.88.0/24 via 192.168.88.1 table $_table
done
# iptables rules (see also /etc/firewall.user)
sleep 0.5
# pass already-marked packets
iptables -t mangle -A PREROUTING -m mark ! --mark 0x0 -j ACCEPT
iptables -t mangle -A PREROUTING -m set --match-set mts-azov src -j MARK --set-mark 0x64
iptables -t mangle -A OUTPUT -m set --match-set mts-azov src -j MARK --set-mark 0x64
iptables -t mangle -A PREROUTING -m set --match-set mts-il src -j MARK --set-mark 0x66
iptables -t mangle -A OUTPUT -m set --match-set mts-il src -j MARK --set-mark 0x66
iptables -t mangle -A PREROUTING -m set --match-set rt-azov src -j MARK --set-mark 0x65
iptables -t mangle -A OUTPUT -m set --match-set rt-azov src -j MARK --set-mark 0x65
exit 0
Reference in New Issue View Git Blame Copy Permalink