diff options
author | Andrew Cady <d@samizdat> | 2021-09-16 17:12:19 -0400 |
---|---|---|
committer | Andrew Cady <d@samizdat> | 2021-09-16 18:52:30 -0400 |
commit | 7189cefd81bbdb1d0caf0dad887c7cc0d8181089 (patch) | |
tree | b664ed48cfa1fca31d3f3aa2b0740e256773adf0 /disable-outgoing-tcp-connections-through-ipv6-tunnel.sh |
works
Diffstat (limited to 'disable-outgoing-tcp-connections-through-ipv6-tunnel.sh')
-rwxr-xr-x | disable-outgoing-tcp-connections-through-ipv6-tunnel.sh | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh new file mode 100755 index 0000000..51123d6 --- /dev/null +++ b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/bin/bash -xe | ||
2 | [ "$UID" = 0 ] || exec sudo -- "$0" "$@" || exit | ||
3 | |||
4 | if [ "$1" = delete ] | ||
5 | then | ||
6 | ONLY_DELETE_RULES=y | ||
7 | fi | ||
8 | |||
9 | ip6tables_add() | ||
10 | { | ||
11 | ip6tables -D "$@" 2>/dev/null || : not deleted | ||
12 | ${ONLY_DELETE_RULES:+: not added -- } ip6tables -A "$@" | ||
13 | } | ||
14 | ip6rule_add() | ||
15 | { | ||
16 | ip -6 rule delete "$@" 2>/dev/null || : not deleted | ||
17 | ${ONLY_DELETE_RULES:+: not added -- } ip -6 rule add "$@" | ||
18 | } | ||
19 | |||
20 | mark=22 | ||
21 | ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW -j MARK --set-mark $mark | ||
22 | ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW -j CONNMARK --save-mark | ||
23 | ip6tables_add OUTPUT -t mangle -p tcp -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark | ||
24 | ip6rule_add fwmark $mark unreachable | ||
25 | ip6rule_add fwmark $mark table main | ||
26 | exit $? | ||