summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Cady <d@samizdat>2021-09-16 17:12:19 -0400
committerAndrew Cady <d@samizdat>2021-09-16 18:52:30 -0400
commit7189cefd81bbdb1d0caf0dad887c7cc0d8181089 (patch)
treeb664ed48cfa1fca31d3f3aa2b0740e256773adf0
works
-rwxr-xr-xdisable-outgoing-tcp-connections-through-ipv6-tunnel.sh26
1 files changed, 26 insertions, 0 deletions
diff --git a/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh
new file mode 100755
index 0000000..51123d6
--- /dev/null
+++ b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh
@@ -0,0 +1,26 @@
1#!/bin/bash -xe
2[ "$UID" = 0 ] || exec sudo -- "$0" "$@" || exit
3
4if [ "$1" = delete ]
5then
6 ONLY_DELETE_RULES=y
7fi
8
9ip6tables_add()
10{
11 ip6tables -D "$@" 2>/dev/null || : not deleted
12 ${ONLY_DELETE_RULES:+: not added -- } ip6tables -A "$@"
13}
14ip6rule_add()
15{
16 ip -6 rule delete "$@" 2>/dev/null || : not deleted
17 ${ONLY_DELETE_RULES:+: not added -- } ip -6 rule add "$@"
18}
19
20mark=22
21ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW -j MARK --set-mark $mark
22ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW -j CONNMARK --save-mark
23ip6tables_add OUTPUT -t mangle -p tcp -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
24ip6rule_add fwmark $mark unreachable
25ip6rule_add fwmark $mark table main
26exit $?