mirror of
https://github.com/balkian/dotfiles.git
synced 2024-11-21 19:52:29 +00:00
Improve nodistractions script
This commit is contained in:
parent
ea78b16bd9
commit
e4d3e84525
@ -1,7 +1,14 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
# This script will block all traffic to ports 80 and 443.
|
||||||
|
#
|
||||||
# If you want to allow some websites/IPs to still work
|
# If you want to allow some websites/IPs to still work
|
||||||
# after adding the filters, just add specific rules to
|
# after adding the filters.
|
||||||
|
#
|
||||||
|
# Set the $ALLOWED_DEST variable to the network/mask you want to accept
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# Another option is to add specific rules to
|
||||||
# iptables to allow it. For instance:
|
# iptables to allow it. For instance:
|
||||||
#
|
#
|
||||||
# sudo iptables --insert OUTPUT --protocol tcp --destination 138.4.0.0/16 --jump ACCEPT
|
# sudo iptables --insert OUTPUT --protocol tcp --destination 138.4.0.0/16 --jump ACCEPT
|
||||||
@ -12,24 +19,35 @@
|
|||||||
# Hence, you can either append the rule before running
|
# Hence, you can either append the rule before running
|
||||||
# the script, or insert the rule so it takes precedence.
|
# the script, or insert the rule so it takes precedence.
|
||||||
|
|
||||||
|
ALLOWED_DEST=${ALLOWED_DEST:=138.4.0.0/16}
|
||||||
export SUDO_ASKPASS=/usr/lib/ssh/ssh-askpass
|
export SUDO_ASKPASS=/usr/lib/ssh/ssh-askpass
|
||||||
CMD="sudo -A iptables"
|
CMD="sudo -A iptables"
|
||||||
RULE="OUTPUT --protocol tcp --jump DROP --dport"
|
RULE="OUTPUT --protocol tcp --jump DROP --dport"
|
||||||
|
ALLOW_RULE="OUTPUT --protocol tcp --jump ACCEPT --destination $ALLOWED_DEST"
|
||||||
|
|
||||||
|
|
||||||
stop_filter() {
|
stop_filter() {
|
||||||
$CMD --delete $RULE 80
|
$CMD --delete $RULE 80
|
||||||
$CMD --delete $RULE 443
|
$CMD --delete $RULE 443
|
||||||
|
$CMD --delete $ALLOW_RULE
|
||||||
}
|
}
|
||||||
|
|
||||||
filter() {
|
filter() {
|
||||||
stop_filter >&2 /dev/null # Avoid re-adding
|
stop_filter >&2 /dev/null # Avoid re-adding
|
||||||
$CMD --append $RULE 80
|
$CMD --append $RULE 80
|
||||||
$CMD --append $RULE 443
|
$CMD --append $RULE 443
|
||||||
|
$CMD --insert $ALLOW_RULE
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
help() {
|
help() {
|
||||||
|
echo "Block all traffic to ports 80 and 443"
|
||||||
|
echo ""
|
||||||
echo "Usage: $0 on|off"
|
echo "Usage: $0 on|off"
|
||||||
|
echo ""
|
||||||
|
echo "Set the ALLOWED_DEST variable to whitelist some IPs/network"
|
||||||
|
echo "Currently whitelisted: $ALLOWED_DEST"
|
||||||
}
|
}
|
||||||
|
|
||||||
if [ "$#" -ne 1 ]; then
|
if [ "$#" -ne 1 ]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user