aelveborn/ipredator-iptables.sh

## ipredator-iptables.sh
#!/bin/ash

# wget https://gist.githubusercontent.com/aelveborn/e0faab9185256eeb86ad/raw/ -O ipredator-iptables.sh
# chmod 755 ipredator-iptables.sh
# and modify your local ip in the script

enableRules() {
    if [ -f /etc/ipredator/iptables.orig ]; then
        echo "Ipredator iptables rules already enabled!"
    else
        if [ ! -d /etc/ipredator ]; then
            mkdir /etc/ipredator/
        fi
        iptables-save > /etc/ipredator/iptables.orig

        # Flush iptables and add tunnel and localhost
        iptables -F
        iptables -A INPUT -i tun+ -j ACCEPT
        iptables -A OUTPUT -o tun+ -j ACCEPT
        iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT
        iptables -A OUTPUT -d 127.0.0.0/8 -j ACCEPT

        # Add local subnet for LAN access
        # Modify these ips for your local network
        iptables -A INPUT -s 10.0.0.0/24 -j ACCEPT
        iptables -A OUTPUT -d 10.0.0.0/24 -j ACCEPT

        iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
        iptables -A OUTPUT -d 10.8.0.0/24 -j ACCEPT

        iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
        iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT

        # Add Ipredators IP's
        iptables -A INPUT -s 46.246.32.0/19 -j ACCEPT
        iptables -A OUTPUT -d 46.246.32.0/19 -j ACCEPT

        # Add current IP, in case currently connected server IP isn't in server list for some reason
        # Also allows script to handle individual servers from other VPN providers
        #CURRENT_SERVER_IP=$(wget https://duckduckgo.com/?q=whats+my+ip -q -O - | grep -Eo '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>')
        #iptables -A INPUT -s $CURRENT_SERVER_IP -j ACCEPT
        #iptables -A OUTPUT -d $CURRENT_SERVER_IP -j ACCEPT

        # Drop everything else
        iptables -A INPUT -j DROP
        iptables -A OUTPUT -j DROP
        echo "Ipredator iptables rules activated"
    fi
}

disableRules() {
    if [ -f /etc/ipredator/iptables.orig ]; then
        iptables-restore /etc/ipredator/iptables.orig
        rm /etc/ipredator/iptables.orig
        echo "Ipredator iptables rules deactivated"
    else
        echo "Ipredator iptables rules already disabled!"
    fi
}

help () {
echo "Ipredator iptables"
echo "  Based on PIA IPTables Leak Blocker 0.5 - coded by Colonel Panic"
echo "  and on scripts created by ShadowSpectre (PIA Iptables Manager)"
echo "  and Windom (iptables-vpnon-update)"
echo ""
echo "Usage: $0 [OPTION]"
echo "  start      Replace current iptables rules to accept Ipredator servers and LAN, dropping all other connections"
echo "  stop       Reset iptables rules to original values"
echo "  {no option}  Display this help text"
}

if [ $# -gt 1 ]; then
    echo "Too many arguments"
elif [ $# -eq 1 ]; then
    case $1 in
        start) enableRules;;
        stop) disableRules;;
        *) echo "Invalid option: $1"
    esac
else
    help
fi
	#!/bin/ash

	# wget https://gist.githubusercontent.com/aelveborn/e0faab9185256eeb86ad/raw/ -O ipredator-iptables.sh
	# chmod 755 ipredator-iptables.sh
	# and modify your local ip in the script

	enableRules() {
	if [ -f /etc/ipredator/iptables.orig ]; then
	echo "Ipredator iptables rules already enabled!"
	else
	if [ ! -d /etc/ipredator ]; then
	mkdir /etc/ipredator/
	fi
	iptables-save > /etc/ipredator/iptables.orig

	# Flush iptables and add tunnel and localhost
	iptables -F
	iptables -A INPUT -i tun+ -j ACCEPT
	iptables -A OUTPUT -o tun+ -j ACCEPT
	iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT
	iptables -A OUTPUT -d 127.0.0.0/8 -j ACCEPT

	# Add local subnet for LAN access
	# Modify these ips for your local network
	iptables -A INPUT -s 10.0.0.0/24 -j ACCEPT
	iptables -A OUTPUT -d 10.0.0.0/24 -j ACCEPT

	iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
	iptables -A OUTPUT -d 10.8.0.0/24 -j ACCEPT

	iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
	iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT

	# Add Ipredators IP's
	iptables -A INPUT -s 46.246.32.0/19 -j ACCEPT
	iptables -A OUTPUT -d 46.246.32.0/19 -j ACCEPT

	# Add current IP, in case currently connected server IP isn't in server list for some reason
	# Also allows script to handle individual servers from other VPN providers
	#CURRENT_SERVER_IP=$(wget https://duckduckgo.com/?q=whats+my+ip -q -O - \| grep -Eo '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>')
	#iptables -A INPUT -s $CURRENT_SERVER_IP -j ACCEPT
	#iptables -A OUTPUT -d $CURRENT_SERVER_IP -j ACCEPT

	# Drop everything else
	iptables -A INPUT -j DROP
	iptables -A OUTPUT -j DROP
	echo "Ipredator iptables rules activated"
	fi
	}

	disableRules() {
	if [ -f /etc/ipredator/iptables.orig ]; then
	iptables-restore /etc/ipredator/iptables.orig
	rm /etc/ipredator/iptables.orig
	echo "Ipredator iptables rules deactivated"
	else
	echo "Ipredator iptables rules already disabled!"
	fi
	}

	help () {
	echo "Ipredator iptables"
	echo " Based on PIA IPTables Leak Blocker 0.5 - coded by Colonel Panic"
	echo " and on scripts created by ShadowSpectre (PIA Iptables Manager)"
	echo " and Windom (iptables-vpnon-update)"
	echo ""
	echo "Usage: $0 [OPTION]"
	echo " start Replace current iptables rules to accept Ipredator servers and LAN, dropping all other connections"
	echo " stop Reset iptables rules to original values"
	echo " {no option} Display this help text"
	}

	if [ $# -gt 1 ]; then
	echo "Too many arguments"
	elif [ $# -eq 1 ]; then
	case $1 in
	start) enableRules;;
	stop) disableRules;;
	*) echo "Invalid option: $1"
	esac
	else
	help
	fi