Commit 0c3cce25 authored by nanahira's avatar nanahira

add gdut

parent dfa67008
......@@ -7,6 +7,20 @@ PPPOE_SELECTION_MARK=$((PPPOE_NEXT_HOP_MARK + 50))
iptables-save | grep -- '-j TCPMSS' | grep -- "$PPP_IFACE" | sed 's/^-A/-D/g' | xargs -I '{}' bash -c 'iptables -t mangle {}'
ip6tables-save | grep -- '-j TCPMSS' | grep -- "$PPP_IFACE" | sed 's/^-A/-D/g' | xargs -I '{}' bash -c 'ip6tables -t mangle {}'
{% if gdut is defined and gdut %}
# Rules for GDUT
iptables -t mangle -D POSTROUTING -o "$PPP_IFACE" -j TTL --ttl-set 64
iptables -t mangle -D OUTPUT -o "$PPP_IFACE" -j TTL --ttl-set 64
iptables -t mangle -D FORWARD -o "$PPP_IFACE" -j TTL --ttl-set 64
iptables -D FORWARD -p tcp -i "$PPP_IFACE" -m multiport --sports 80 --tcp-flags ACK ACK -m string --algo bm --string " src=\"http://1.1.1." -j DROP
iptables -D FORWARD -p tcp -o "$PPP_IFACE" -m multiport --sports 80 --tcp-flags ACK ACK -m string --algo bm --string " src=\"http://1.1.1." -j DROP
ip6tables -D FORWARD -p tcp -i "$PPP_IFACE" -m multiport --sports 80 --tcp-flags ACK ACK -m string --algo bm --string " src=\"http://1.1.1." -j DROP
ip6tables -D FORWARD -p tcp -o "$PPP_IFACE" -m multiport --sports 80 --tcp-flags ACK ACK -m string --algo bm --string " src=\"http://1.1.1." -j DROP
{% endif %}
iptables -t nat -o "$PPP_IFACE" -D POSTROUTING -j MASQUERADE
ip rule del pref 100 fwmark $PPPOE_NEXT_HOP_MARK lookup $PPPOE_NEXT_HOP_MARK
......
......@@ -35,6 +35,20 @@ if [[ "$?" == 0 ]]; then
{% endfor %}
fi
{% if gdut is defined and gdut %}
# Rules for GDUT
iptables -t mangle -A POSTROUTING -o "$PPP_IFACE" -j TTL --ttl-set 64
iptables -t mangle -A OUTPUT -o "$PPP_IFACE" -j TTL --ttl-set 64
iptables -t mangle -A FORWARD -o "$PPP_IFACE" -j TTL --ttl-set 64
iptables -A FORWARD -p tcp -i "$PPP_IFACE" -m multiport --sports 80 --tcp-flags ACK ACK -m string --algo bm --string " src=\"http://1.1.1." -j DROP
iptables -A FORWARD -p tcp -o "$PPP_IFACE" -m multiport --sports 80 --tcp-flags ACK ACK -m string --algo bm --string " src=\"http://1.1.1." -j DROP
ip6tables -A FORWARD -p tcp -i "$PPP_IFACE" -m multiport --sports 80 --tcp-flags ACK ACK -m string --algo bm --string " src=\"http://1.1.1." -j DROP
ip6tables -A FORWARD -p tcp -o "$PPP_IFACE" -m multiport --sports 80 --tcp-flags ACK ACK -m string --algo bm --string " src=\"http://1.1.1." -j DROP
{% endif %}
cd {{ansible_user_dir}}/nextgen-router/services/dnsmasq
docker-compose restart smartdns
......
......@@ -4,6 +4,13 @@ services:
restart: always
image: git-registry.mycard.moe/nanahira/docker-lldp
network_mode: host
{% if gdut is defined and gdut %}
drcom:
restart: always
image: git-registry.mycard.moe/nanahira/gdut-drcom
network_mode: host
command: --remote-ip {{gdut.remote}} --keep-alive1-flag {{gdut.flag}} --enable-crypt 1
{% endif %}
{% if services.ddns is defined and services.ddns %}
{% for instance in services.ddns %}
ddns-{{instance.name}}:
......
......@@ -78,6 +78,9 @@ vars:
dnsmasq:
gfwlistIPSet: false # 导入 gfwlist ipset
mycardDomains: false # 导入 MCNetwork 内网域名
gdut: # 校园网特化使用
remote: 10.0.3.6
flag: 2f
services:
ddns:
- name: test-ddns
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment