1
0
mirror of https://github.com/balkian/dotfiles.git synced 2024-11-21 11:42:28 +00:00

Improve nodistractions script

This commit is contained in:
J. Fernando Sánchez 2018-10-09 16:30:18 +02:00
parent ea78b16bd9
commit e4d3e84525

View File

@ -1,7 +1,14 @@
#!/bin/sh #!/bin/sh
# This script will block all traffic to ports 80 and 443.
#
# If you want to allow some websites/IPs to still work # If you want to allow some websites/IPs to still work
# after adding the filters, just add specific rules to # after adding the filters.
#
# Set the $ALLOWED_DEST variable to the network/mask you want to accept
#
#
# Another option is to add specific rules to
# iptables to allow it. For instance: # iptables to allow it. For instance:
# #
# sudo iptables --insert OUTPUT --protocol tcp --destination 138.4.0.0/16 --jump ACCEPT # sudo iptables --insert OUTPUT --protocol tcp --destination 138.4.0.0/16 --jump ACCEPT
@ -12,24 +19,35 @@
# Hence, you can either append the rule before running # Hence, you can either append the rule before running
# the script, or insert the rule so it takes precedence. # the script, or insert the rule so it takes precedence.
ALLOWED_DEST=${ALLOWED_DEST:=138.4.0.0/16}
export SUDO_ASKPASS=/usr/lib/ssh/ssh-askpass export SUDO_ASKPASS=/usr/lib/ssh/ssh-askpass
CMD="sudo -A iptables" CMD="sudo -A iptables"
RULE="OUTPUT --protocol tcp --jump DROP --dport" RULE="OUTPUT --protocol tcp --jump DROP --dport"
ALLOW_RULE="OUTPUT --protocol tcp --jump ACCEPT --destination $ALLOWED_DEST"
stop_filter() { stop_filter() {
$CMD --delete $RULE 80 $CMD --delete $RULE 80
$CMD --delete $RULE 443 $CMD --delete $RULE 443
$CMD --delete $ALLOW_RULE
} }
filter() { filter() {
stop_filter >&2 /dev/null # Avoid re-adding stop_filter >&2 /dev/null # Avoid re-adding
$CMD --append $RULE 80 $CMD --append $RULE 80
$CMD --append $RULE 443 $CMD --append $RULE 443
$CMD --insert $ALLOW_RULE
} }
help() { help() {
echo "Block all traffic to ports 80 and 443"
echo ""
echo "Usage: $0 on|off" echo "Usage: $0 on|off"
echo ""
echo "Set the ALLOWED_DEST variable to whitelist some IPs/network"
echo "Currently whitelisted: $ALLOWED_DEST"
} }
if [ "$#" -ne 1 ]; then if [ "$#" -ne 1 ]; then