diff options
Diffstat (limited to 'disable-outgoing-tcp-connections-through-ipv6-tunnel.sh')
| -rwxr-xr-x | disable-outgoing-tcp-connections-through-ipv6-tunnel.sh | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh new file mode 100755 index 0000000..51123d6 --- /dev/null +++ b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | #!/bin/bash -xe | ||
| 2 | [ "$UID" = 0 ] || exec sudo -- "$0" "$@" || exit | ||
| 3 | |||
| 4 | if [ "$1" = delete ] | ||
| 5 | then | ||
| 6 | ONLY_DELETE_RULES=y | ||
| 7 | fi | ||
| 8 | |||
| 9 | ip6tables_add() | ||
| 10 | { | ||
| 11 | ip6tables -D "$@" 2>/dev/null || : not deleted | ||
| 12 | ${ONLY_DELETE_RULES:+: not added -- } ip6tables -A "$@" | ||
| 13 | } | ||
| 14 | ip6rule_add() | ||
| 15 | { | ||
| 16 | ip -6 rule delete "$@" 2>/dev/null || : not deleted | ||
| 17 | ${ONLY_DELETE_RULES:+: not added -- } ip -6 rule add "$@" | ||
| 18 | } | ||
| 19 | |||
| 20 | mark=22 | ||
| 21 | ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW -j MARK --set-mark $mark | ||
| 22 | ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW -j CONNMARK --save-mark | ||
| 23 | ip6tables_add OUTPUT -t mangle -p tcp -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark | ||
| 24 | ip6rule_add fwmark $mark unreachable | ||
| 25 | ip6rule_add fwmark $mark table main | ||
| 26 | exit $? | ||