Improve nodistractions script

scripts/.bin/nodistractions.sh

@@ -1,7 +1,14 @@
 #!/bin/sh
 
+# This script will block all traffic to ports 80 and 443.
+#
 # If you want to allow some websites/IPs to still work
-# after adding the filters, just add specific rules to
+# after adding the filters.
+#
+# Set the $ALLOWED_DEST variable to the network/mask you want to accept
+#
+#
+# Another option is to add specific rules to
 # iptables to allow it. For instance:
 #
 # sudo iptables --insert OUTPUT --protocol tcp --destination 138.4.0.0/16 --jump ACCEPT 
@@ -12,24 +19,35 @@
 # Hence, you can either append the rule before running
 # the script, or insert the rule so it takes precedence.
  
+ALLOWED_DEST=${ALLOWED_DEST:=138.4.0.0/16} 
 export SUDO_ASKPASS=/usr/lib/ssh/ssh-askpass
 CMD="sudo -A iptables"
 RULE="OUTPUT --protocol tcp --jump DROP --dport"
+ALLOW_RULE="OUTPUT --protocol tcp --jump ACCEPT --destination $ALLOWED_DEST"
+
 
 stop_filter() {
     $CMD --delete $RULE 80
     $CMD --delete $RULE 443
+    $CMD --delete $ALLOW_RULE
 }
 
 filter() {
     stop_filter >&2 /dev/null # Avoid re-adding
     $CMD --append $RULE 80
     $CMD --append $RULE 443
+    $CMD --insert $ALLOW_RULE
+
 }
 
 
 help() {
+    echo "Block all traffic to ports 80 and 443"
+    echo ""
     echo "Usage: $0 on|off"
+    echo ""
+    echo "Set the ALLOWED_DEST variable to whitelist some IPs/network"
+    echo "Currently whitelisted: $ALLOWED_DEST"
 }
 
 if [ "$#" -ne 1 ]; then