aelveborn · August 30, 2015 10:21
diff --git a/ipredator-iptables.sh b/ipredator-iptables.sh
 #!/bin/ash

 # wget https://gist.githubusercontent.com/aelveborn/e0faab9185256eeb86ad/raw/ -O ipredator-iptables.sh
 # chmod 755 ipredator-iptables.sh
 # and modify your local ip in the script

 enableRules() {
    if [ -f /etc/ipredator/iptables.orig ]; then
        echo "Ipredator iptables rules already enabled!"
    else
        if [ ! -d /etc/ipredator ]; then
            mkdir /etc/ipredator/
        fi
        iptables-save > /etc/ipredator/iptables.orig

        # Flush iptables and add tunnel and localhost
        iptables -F
        iptables -A INPUT -i tun+ -j ACCEPT
        iptables -A OUTPUT -o tun+ -j ACCEPT
        iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT
        iptables -A OUTPUT -d 127.0.0.0/8 -j ACCEPT

        # Add local subnet for LAN access
        # Modify these ips for your local network
        iptables -A INPUT -s 10.0.0.0/24 -j ACCEPT
        iptables -A OUTPUT -d 10.0.0.0/24 -j ACCEPT
        
        iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
        iptables -A OUTPUT -d 10.8.0.0/24 -j ACCEPT
        
        iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
        iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT

        # Add Ipredators IP's
        iptables -A INPUT -s 46.246.32.0/19 -j ACCEPT
        iptables -A OUTPUT -d 46.246.32.0/19 -j ACCEPT
        
        # Add current IP, in case currently connected server IP isn't in server list for some reason
        # Also allows script to handle individual servers from other VPN providers
        #CURRENT_SERVER_IP=$(wget https://duckduckgo.com/?q=whats+my+ip -q -O - | grep -Eo '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>')
        #iptables -A INPUT -s $CURRENT_SERVER_IP -j ACCEPT
        #iptables -A OUTPUT -d $CURRENT_SERVER_IP -j ACCEPT

        # Drop everything else
        iptables -A INPUT -j DROP
        iptables -A OUTPUT -j DROP
        echo "Ipredator iptables rules activated"
    fi
 }

 disableRules() {
    if [ -f /etc/ipredator/iptables.orig ]; then
        iptables-restore /etc/ipredator/iptables.orig
        rm /etc/ipredator/iptables.orig
        echo "Ipredator iptables rules deactivated"
    else
        echo "Ipredator iptables rules already disabled!"
    fi
 }

 help () {
 echo "Ipredator iptables"
 echo "  Based on PIA IPTables Leak Blocker 0.5 - coded by Colonel Panic"
 echo "  and on scripts created by ShadowSpectre (PIA Iptables Manager)"
 echo "  and Windom (iptables-vpnon-update)"
 echo ""
 echo "Usage: $0 [OPTION]"
 echo "  start      Replace current iptables rules to accept Ipredator servers and LAN, dropping all other connections"
 echo "  stop       Reset iptables rules to original values"
 echo "  {no option}  Display this help text"
 }

 if [ $# -gt 1 ]; then
    echo "Too many arguments"
 elif [ $# -eq 1 ]; then
    case $1 in
        start) enableRules;;
        stop) disableRules;;
        *) echo "Invalid option: $1"
    esac
 else
    help
 fi
	#!/bin/ash

	# wget https://gist.githubusercontent.com/aelveborn/e0faab9185256eeb86ad/raw/ -O ipredator-iptables.sh
	# chmod 755 ipredator-iptables.sh
	# and modify your local ip in the script

	enableRules() {
	if [ -f /etc/ipredator/iptables.orig ]; then
	echo "Ipredator iptables rules already enabled!"
	else
	if [ ! -d /etc/ipredator ]; then
	mkdir /etc/ipredator/
	fi
	iptables-save > /etc/ipredator/iptables.orig

	# Flush iptables and add tunnel and localhost
	iptables -F
	iptables -A INPUT -i tun+ -j ACCEPT
	iptables -A OUTPUT -o tun+ -j ACCEPT
	iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT
	iptables -A OUTPUT -d 127.0.0.0/8 -j ACCEPT

	# Add local subnet for LAN access
	# Modify these ips for your local network
	iptables -A INPUT -s 10.0.0.0/24 -j ACCEPT
	iptables -A OUTPUT -d 10.0.0.0/24 -j ACCEPT

	iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
	iptables -A OUTPUT -d 10.8.0.0/24 -j ACCEPT

	iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
	iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT

	# Add Ipredators IP's
	iptables -A INPUT -s 46.246.32.0/19 -j ACCEPT
	iptables -A OUTPUT -d 46.246.32.0/19 -j ACCEPT

	# Add current IP, in case currently connected server IP isn't in server list for some reason
	# Also allows script to handle individual servers from other VPN providers
	#CURRENT_SERVER_IP=$(wget https://duckduckgo.com/?q=whats+my+ip -q -O - \| grep -Eo '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>')
	#iptables -A INPUT -s $CURRENT_SERVER_IP -j ACCEPT
	#iptables -A OUTPUT -d $CURRENT_SERVER_IP -j ACCEPT

	# Drop everything else
	iptables -A INPUT -j DROP
	iptables -A OUTPUT -j DROP
	echo "Ipredator iptables rules activated"
	fi
	}

	disableRules() {
	if [ -f /etc/ipredator/iptables.orig ]; then
	iptables-restore /etc/ipredator/iptables.orig
	rm /etc/ipredator/iptables.orig
	echo "Ipredator iptables rules deactivated"
	else
	echo "Ipredator iptables rules already disabled!"
	fi
	}

	help () {
	echo "Ipredator iptables"
	echo " Based on PIA IPTables Leak Blocker 0.5 - coded by Colonel Panic"
	echo " and on scripts created by ShadowSpectre (PIA Iptables Manager)"
	echo " and Windom (iptables-vpnon-update)"
	echo ""
	echo "Usage: $0 [OPTION]"
	echo " start Replace current iptables rules to accept Ipredator servers and LAN, dropping all other connections"
	echo " stop Reset iptables rules to original values"
	echo " {no option} Display this help text"
	}

	if [ $# -gt 1 ]; then
	echo "Too many arguments"
	elif [ $# -eq 1 ]; then
	case $1 in
	start) enableRules;;
	stop) disableRules;;
	*) echo "Invalid option: $1"
	esac
	else
	help
	fi