Like 0
Fork 0

Last active 1743538528

Позволят направить в туннель сломанные IP-диапазоны

Neur0toxine's Avatar Neur0toxine revised this gist 1743538528. Go to revision

1 file changed, 2 insertions

setup_split_tunneling.sh

@@ -1,4 +1,5 @@
1 1 # RT Table Configuration
2 + echo "228 warp_table" >> /etc/iproute2/rt_tables
2 3 uci add network rt_table
3 4 uci set network.@rt_table[-1].name='warp_table'
4 5 uci set network.@rt_table[-1].id='228'
@@ -36,6 +37,7 @@ uci set firewall.@rule[-1].chain='prerouting'
36 37 uci set firewall.@rule[-1].family='ipv4'
37 38
38 39 # Amazon IP Sets
40 + # Download & parse like this: curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[].ip_prefix' | tee amazon-ip-ranges.txt
39 41 uci add firewall ipset
40 42 uci set firewall.@ipset[-1].name='Amazon_CIDRs'
41 43 uci set firewall.@ipset[-1].family='ipv4'

Neur0toxine's Avatar Neur0toxine revised this gist 1743538375. Go to revision

1 file changed, 0 insertions, 0 deletions

result_example.txt renamed to x_result_example.txt

File renamed without changes

Neur0toxine's Avatar Neur0toxine revised this gist 1743538361. Go to revision

2 files changed, 83 insertions

gistfile1.txt renamed to result_example.txt

File renamed without changes

setup_split_tunneling.sh(file created)

@@ -0,0 +1,83 @@
1 + # RT Table Configuration
2 + uci add network rt_table
3 + uci set network.@rt_table[-1].name='warp_table'
4 + uci set network.@rt_table[-1].id='228'
5 +
6 + # IPv4 Rule and Route Configuration
7 + uci add network rule
8 + uci set network.@rule[-1].mark='0xe4'
9 + uci set network.@rule[-1].lookup='warp_table'
10 +
11 + uci add network route
12 + uci set network.@route[-1].interface='WARP'
13 + uci set network.@route[-1].target='0.0.0.0/0'
14 + uci set network.@route[-1].table='warp_table'
15 +
16 + # IPv6 Rule and Route Configuration
17 + uci add network rule6
18 + uci set network.@rule6[-1].lookup='warp_table'
19 + uci set network.@rule6[-1].mark='0xe4'
20 +
21 + uci add network route6
22 + uci set network.@route6[-1].interface='WARP'
23 + uci set network.@route6[-1].target='::/0'
24 + uci set network.@route6[-1].table='warp_table'
25 +
26 + # Firewall Rules Configuration
27 + uci add firewall rule
28 + uci set firewall.@rule[-1].name='Mark-Amazon-Traffic'
29 + uci set firewall.@rule[-1].ipset='Amazon_CIDRs'
30 + uci set firewall.@rule[-1].target='MARK'
31 + uci set firewall.@rule[-1].set_mark='0xe4'
32 + uci set firewall.@rule[-1].src='lan'
33 + uci set firewall.@rule[-1].dest='*'
34 + uci set firewall.@rule[-1].priority='1'
35 + uci set firewall.@rule[-1].chain='prerouting'
36 + uci set firewall.@rule[-1].family='ipv4'
37 +
38 + # Amazon IP Sets
39 + uci add firewall ipset
40 + uci set firewall.@ipset[-1].name='Amazon_CIDRs'
41 + uci set firewall.@ipset[-1].family='ipv4'
42 + uci set firewall.@ipset[-1].match='dest_net'
43 + uci set firewall.@ipset[-1].loadfile='/etc/luci-uploads/amazon-ip-ranges.txt'
44 +
45 + # Hetzner IPv4 IP Sets
46 + uci add firewall ipset
47 + uci set firewall.@ipset[-1].name='Hetzner_CIDRs_v4'
48 + uci set firewall.@ipset[-1].family='ipv4'
49 + uci set firewall.@ipset[-1].match='dest_net'
50 + uci set firewall.@ipset[-1].entry='116.202.0.0/16' '116.203.0.0/16' '128.140.0.0/17' '135.181.0.0/16' '136.243.0.0/16' '138.199.128.0/17' '138.201.0.0/16' '139.28.242.0/23' '142.132.128.0/17' '144.76.0.0/16' '148.251.0.0/16' '157.180.0.0/17' '157.90.0.0/16' '159.69.0.0/16' '162.55.0.0/16' '167.233.0.0/16' '167.235.0.0/16' '168.119.0.0/16' '171.25.225.0/24' '176.9.0.0/16' '178.212.75.0/24' '178.63.0.0/16' '185.107.52.0/22' '185.126.28.0/22' '185.157.176.0/23' '185.157.178.0/23' '185.157.83.0/24' '185.171.224.0/22' '185.189.228.0/24' '185.189.229.0/24' '185.189.230.0/24' '185.189.231.0/24' '185.213.45.0/24' '185.216.237.0/24' '185.226.99.0/24' '185.228.8.0/23' '185.50.120.0/23' '188.245.0.0/16' '188.34.128.0/17' '188.40.0.0/16' '193.110.6.0/23' '193.163.198.0/24' '194.42.180.0/22' '194.42.184.0/22' '194.62.106.0/24' '195.201.0.0/16' '195.248.224.0/24' '195.60.226.0/24' '197.242.84.0/22' '201.131.3.0/24' '204.29.146.0/24' '213.133.96.0/19' '213.239.192.0/18' '216.55.108.0/22' '23.88.0.0/17' '37.27.0.0/16' '45.145.227.0/24' '46.4.0.0/16' '46.62.128.0/17' '49.12.0.0/16' '49.13.0.0/16' '5.75.128.0/17' '5.9.0.0/16' '65.108.0.0/16' '65.109.0.0/16' '65.21.0.0/16' '78.138.62.0/24' '78.46.0.0/15' '85.10.192.0/18' '88.198.0.0/16' '88.99.0.0/16' '91.107.128.0/17' '91.190.240.0/21' '91.99.0.0/16' '94.130.0.0/16' '95.216.0.0/16' '95.217.0.0/16'
51 +
52 + # Hetzner IPv6 IP Sets
53 + uci add firewall ipset
54 + uci set firewall.@ipset[-1].name='Hetzner_CIDRs_v6'
55 + uci set firewall.@ipset[-1].family='ipv6'
56 + uci set firewall.@ipset[-1].match='dest_net'
57 + uci set firewall.@ipset[-1].entry='2a01:4f8::/32' '2a01:4f9::/32' '2a06:be80::/29' '2a0e:7700::/32' '2a11:e980::/29' '2a12:1fc0::/42'
58 +
59 + # Hetzner IPv4 Marking Rule
60 + uci add firewall rule
61 + uci set firewall.@rule[-1].name='Mark-Hetzner-IPv4'
62 + uci set firewall.@rule[-1].family='ipv4'
63 + uci set firewall.@rule[-1].src='lan'
64 + uci set firewall.@rule[-1].ipset='Hetzner_CIDRs_v4'
65 + uci set firewall.@rule[-1].target='MARK'
66 + uci set firewall.@rule[-1].set_mark='0xe4'
67 + uci set firewall.@rule[-1].chain='prerouting'
68 + uci set firewall.@rule[-1].dest='*'
69 +
70 + # Hetzner IPv6 Marking Rule
71 + uci add firewall rule
72 + uci set firewall.@rule[-1].name='Mark-Hetzner-IPv6'
73 + uci set firewall.@rule[-1].family='ipv6'
74 + uci set firewall.@rule[-1].src='lan'
75 + uci set firewall.@rule[-1].ipset='Hetzner_CIDRs_v6'
76 + uci set firewall.@rule[-1].target='MARK'
77 + uci set firewall.@rule[-1].set_mark='0xe4'
78 + uci set firewall.@rule[-1].chain='prerouting'
79 + uci set firewall.@rule[-1].dest='*'
80 +
81 + # Apply changes
82 + uci commit network
83 + uci commit firewall

Neur0toxine's Avatar Neur0toxine revised this gist 1743538058. Go to revision

1 file changed, 60 insertions

gistfile1.txt(file created)

@@ -0,0 +1,60 @@
1 + network.@rt_table[0]=rt_table
2 + network.@rt_table[0].name='warp_table'
3 + network.@rt_table[0].id='228'
4 + network.@rule[0]=rule
5 + network.@rule[0].mark='0xe4'
6 + network.@rule[0].lookup='warp_table'
7 + network.@route[0]=route
8 + network.@route[0].interface='WARP'
9 + network.@route[0].target='0.0.0.0/0'
10 + network.@route[0].table='warp_table'
11 + network.@rule6[0]=rule6
12 + network.@rule6[0].lookup='warp_table'
13 + network.@rule6[0].mark='0xe4'
14 + network.@route6[0]=route6
15 + network.@route6[0].interface='WARP'
16 + network.@route6[0].target='::/0'
17 + network.@route6[0].table='warp_table'
18 + firewall.@rule[11]=rule
19 + firewall.@rule[11].name='Mark-Amazon-Traffic'
20 + firewall.@rule[11].ipset='Amazon_CIDRs'
21 + firewall.@rule[11].target='MARK'
22 + firewall.@rule[11].set_mark='0xe4'
23 + firewall.@rule[11].src='lan'
24 + firewall.@rule[11].dest='*'
25 + firewall.@rule[11].priority='1'
26 + firewall.@rule[11].chain='prerouting'
27 + firewall.@rule[11].family='ipv4'
28 + firewall.@ipset[2]=ipset
29 + firewall.@ipset[2].name='Amazon_CIDRs'
30 + firewall.@ipset[2].family='ipv4'
31 + firewall.@ipset[2].match='dest_net'
32 + firewall.@ipset[2].loadfile='/etc/luci-uploads/amazon-ip-ranges.txt' # Скачал & спарсил с https://ip-ranges.amazonaws.com/ip-ranges.json
33 + firewall.@ipset[3]=ipset
34 + firewall.@ipset[3].name='Hetzner_CIDRs_v4'
35 + firewall.@ipset[3].family='ipv4'
36 + firewall.@ipset[3].match='dest_net'
37 + firewall.@ipset[3].entry='116.202.0.0/16' '116.203.0.0/16' '128.140.0.0/17' '135.181.0.0/16' '136.243.0.0/16' '138.199.128.0/17' '138.201.0.0/16' '139.28.242.0/23' '142.132.128.0/17' '144.76.0.0/16' '148.251.0.0/16' '157.180.0.0/17' '157.90.0.0/16' '159.69.0.0/16' '162.55.0.0/16' '167.233.0.0/16' '167.235.0.0/16' '168.119.0.0/16' '171.25.225.0/24' '176.9.0.0/16' '178.212.75.0/24' '178.63.0.0/16' '185.107.52.0/22' '185.126.28.0/22' '185.157.176.0/23' '185.157.178.0/23' '185.157.83.0/24' '185.171.224.0/22' '185.189.228.0/24' '185.189.229.0/24' '185.189.230.0/24' '185.189.231.0/24' '185.213.45.0/24' '185.216.237.0/24' '185.226.99.0/24' '185.228.8.0/23' '185.50.120.0/23' '188.245.0.0/16' '188.34.128.0/17' '188.40.0.0/16' '193.110.6.0/23' '193.163.198.0/24' '194.42.180.0/22' '194.42.184.0/22' '194.62.106.0/24' '195.201.0.0/16' '195.248.224.0/24' '195.60.226.0/24' '197.242.84.0/22' '201.131.3.0/24' '204.29.146.0/24' '213.133.96.0/19' '213.239.192.0/18' '216.55.108.0/22' '23.88.0.0/17' '37.27.0.0/16' '45.145.227.0/24' '46.4.0.0/16' '46.62.128.0/17' '49.12.0.0/16' '49.13.0.0/16' '5.75.128.0/17' '5.9.0.0/16' '65.108.0.0/16' '65.109.0.0/16' '65.21.0.0/16' '78.138.62.0/24' '78.46.0.0/15' '85.10.192.0/18' '88.198.0.0/16' '88.99.0.0/16' '91.107.128.0/17' '91.190.240.0/21' '91.99.0.0/16' '94.130.0.0/16' '95.216.0.0/16' '95.217.0.0/16'
38 + firewall.@ipset[4]=ipset
39 + firewall.@ipset[4].name='Hetzner_CIDRs_v6'
40 + firewall.@ipset[4].family='ipv6'
41 + firewall.@ipset[4].match='dest_net'
42 + firewall.@ipset[4].entry='2a01:4f8::/32' '2a01:4f9::/32' '2a06:be80::/29' '2a0e:7700::/32' '2a11:e980::/29' '2a12:1fc0::/42'
43 + firewall.@rule[12]=rule
44 + firewall.@rule[12].name='Mark-Hetzner-IPv4'
45 + firewall.@rule[12].family='ipv4'
46 + firewall.@rule[12].src='lan'
47 + firewall.@rule[12].ipset='Hetzner_CIDRs_v4'
48 + firewall.@rule[12].target='MARK'
49 + firewall.@rule[12].set_mark='0xe4'
50 + firewall.@rule[12].chain='prerouting'
51 + firewall.@rule[12].dest='*'
52 + firewall.@rule[13]=rule
53 + firewall.@rule[13].name='Mark-Hetzner-IPv6'
54 + firewall.@rule[13].family='ipv6'
55 + firewall.@rule[13].src='lan'
56 + firewall.@rule[13].ipset='Hetzner_CIDRs_v6'
57 + firewall.@rule[13].target='MARK'
58 + firewall.@rule[13].set_mark='0xe4'
59 + firewall.@rule[13].chain='prerouting'
60 + firewall.@rule[13].dest='*'
Newer Older

Powered by Opengist Load: 13ms

English