nukdokplex/100_hirkn-ipsets.sh

## 100_hirkn-ipsets.sh
#!/bin/sh
# /opt/etc/ndm/fs.d/100_hirkn-ipsets.sh
[ "$1" != "start" ] && exit 0

echo " --- HIRKN ENTRY POINT --- "

RKN_SET_FILE="/opt/root/rkn.lst"
GOOGLE_SET_FILE="/opt/root/google.lst"
CUSTOM_SET_FILE="/opt/root/custom.lst"

function create_ipset()
{
	IPSET_NAME=$1
	ipset create $IPSET_NAME hash:net family inet -!
}

function fill_ipset()
{
	FILE="$1"
	IPSET_NAME="$2"
	data=$(cat $FILE)
	for row_data in $data
	do
		ipset add $IPSET_NAME ${row_data} -!
	done
}

if [ -z "$(ip route list table 1000)" ]; then
	ip rule add fwmark 0x1000 table 1000 priority 1000

	ip route add table 1000 default dev nwg0
	ip route add table 1000 192.168.1.0/24 via 192.168.1.1 dev br0
fi

create_ipset "HIRKN"
create_ipset "HIGOOGLE"
create_ipset "HICUSTOM"

fill_ipset $RKN_SET_FILE "HIRKN" &
fill_ipset $GOOGLE_SET_FILE "HIGOOGLE" &
fill_ipset $CUSTOM_SET_FILE "HICUSTOM" &

exit 0

## 99_hirkn-fwmarks.sh
#!/bin/sh
#/opt/etc/ndm/netfilter.d/99_hirkn-fwmarks.sh
[ "$type" != "iptables" ] && exit 0
[ "$table" != "mangle" ] && exit 0

echo "HIRKN: Creating $type rule on table $table !"

function create_rule()
{
	IPSET=$1
	echo HIRKN: Creating rule for $IPSET ipset!
	if [ -z "$(iptables-save | grep $IPSET)" ]; then
		iptables -t mangle -A PREROUTING -m conntrack --ctstate NEW -m set --match-set $IPSET dst -j CONNMARK --set-mark 0x1000
		iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
	else
		echo Rule for $IPSET already exists!
	fi
}

create_rule HIRKN
create_rule HIGOOGLE
create_rule HICUSTOM

iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
	#!/bin/sh
	# /opt/etc/ndm/fs.d/100_hirkn-ipsets.sh
	[ "$1" != "start" ] && exit 0

	echo " --- HIRKN ENTRY POINT --- "

	RKN_SET_FILE="/opt/root/rkn.lst"
	GOOGLE_SET_FILE="/opt/root/google.lst"
	CUSTOM_SET_FILE="/opt/root/custom.lst"

	function create_ipset()
	{
	IPSET_NAME=$1
	ipset create $IPSET_NAME hash:net family inet -!
	}

	function fill_ipset()
	{
	FILE="$1"
	IPSET_NAME="$2"
	data=$(cat $FILE)
	for row_data in $data
	do
	ipset add $IPSET_NAME ${row_data} -!
	done
	}

	if [ -z "$(ip route list table 1000)" ]; then
	ip rule add fwmark 0x1000 table 1000 priority 1000

	ip route add table 1000 default dev nwg0
	ip route add table 1000 192.168.1.0/24 via 192.168.1.1 dev br0
	fi

	create_ipset "HIRKN"
	create_ipset "HIGOOGLE"
	create_ipset "HICUSTOM"

	fill_ipset $RKN_SET_FILE "HIRKN" &
	fill_ipset $GOOGLE_SET_FILE "HIGOOGLE" &
	fill_ipset $CUSTOM_SET_FILE "HICUSTOM" &

	exit 0
	#!/bin/sh
	#/opt/etc/ndm/netfilter.d/99_hirkn-fwmarks.sh
	[ "$type" != "iptables" ] && exit 0
	[ "$table" != "mangle" ] && exit 0

	echo "HIRKN: Creating $type rule on table $table !"

	function create_rule()
	{
	IPSET=$1
	echo HIRKN: Creating rule for $IPSET ipset!
	if [ -z "$(iptables-save \| grep $IPSET)" ]; then
	iptables -t mangle -A PREROUTING -m conntrack --ctstate NEW -m set --match-set $IPSET dst -j CONNMARK --set-mark 0x1000
	iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
	else
	echo Rule for $IPSET already exists!
	fi
	}

	create_rule HIRKN
	create_rule HIGOOGLE
	create_rule HICUSTOM

	iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark