From 7189cefd81bbdb1d0caf0dad887c7cc0d8181089 Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@samizdat>
Date: Thu, 16 Sep 2021 17:12:19 -0400
Subject: works

---
 ...outgoing-tcp-connections-through-ipv6-tunnel.sh | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100755 disable-outgoing-tcp-connections-through-ipv6-tunnel.sh

diff --git a/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh
new file mode 100755
index 0000000..51123d6
--- /dev/null
+++ b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh
@@ -0,0 +1,26 @@
+#!/bin/bash -xe
+[ "$UID" = 0 ] || exec sudo -- "$0" "$@" || exit
+
+if [ "$1" = delete ]
+then
+	ONLY_DELETE_RULES=y
+fi
+
+ip6tables_add()
+{
+	ip6tables -D "$@" 2>/dev/null || : not deleted
+	${ONLY_DELETE_RULES:+: not added -- } ip6tables -A "$@"
+}
+ip6rule_add()
+{
+	ip -6 rule delete "$@" 2>/dev/null || : not deleted
+	${ONLY_DELETE_RULES:+: not added -- } ip -6 rule add "$@"
+}
+
+mark=22
+ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW                 -j MARK --set-mark $mark
+ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW                 -j CONNMARK --save-mark
+ip6tables_add OUTPUT -t mangle -p tcp       -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
+ip6rule_add fwmark $mark unreachable
+ip6rule_add fwmark $mark table main
+exit $?
-- 
cgit v1.2.3