Skip to content
Snippets Groups Projects
Commit b8ebda63 authored by Husaam Mehdi's avatar Husaam Mehdi
Browse files

parentalcontrol: do not add rule for web traffic directed to self 

* this is not necessary for the functioning of urlfilter, only DNS
  traffic directed towards the device should be intercepted
* secondly, this is causing problems sometimes where DNS and HTTP
  traffic cannot flow if a large file (9MB tested) is downloaded
  from the device (for example, a urlbundle file), the reason for
  this is not known yet, but the fix is to not intercept web
  traffic directed to the DUT
parent db089a39
Branches
Tags
1 merge request!1519parentalcontrol: do not add rule for web traffic directed to self
Hide whitespace changes
Inline Side-by-side
parental-control/files/lib/parentalcontrol/parentalcontrol.sh
+ 8
8
View file @ b8ebda63
...@@ -442,8 +442,8 @@ add_iptables_nfqueue_rules() { ...@@ -442,8 +442,8 @@ add_iptables_nfqueue_rules() {
iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass iptables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass iptables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I INPUT 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass iptables -w -I INPUT 1 -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -I INPUT 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass iptables -w -I INPUT 1 -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
# disable acceleration for https packet so that they can be read by urlfilter # disable acceleration for https packet so that they can be read by urlfilter
ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null ebtables --concurrent -A FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
...@@ -457,8 +457,8 @@ add_iptables_nfqueue_rules() { ...@@ -457,8 +457,8 @@ add_iptables_nfqueue_rules() {
ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass ip6tables -w -I FORWARD 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass ip6tables -w -I FORWARD 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I INPUT 1 -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass ip6tables -w -I INPUT 1 -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -I INPUT 1 -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass ip6tables -w -I INPUT 1 -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
# disable acceleration for https packet so that they can be read by urlfilter # disable acceleration for https packet so that they can be read by urlfilter
ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null ebtables --concurrent -A FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
...@@ -473,8 +473,8 @@ remove_iptables_nfqueue_rules() { ...@@ -473,8 +473,8 @@ remove_iptables_nfqueue_rules() {
iptables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass iptables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass iptables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D INPUT -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass iptables -w -D INPUT -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
iptables -w -D INPUT -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass iptables -w -D INPUT -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-destination-port 443 -j SKIPLOG 2> /dev/null
ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null ebtables --concurrent -D FORWARD -p ip --ip-protocol 6 --ip-source-port 53 -j SKIPLOG 2> /dev/null
...@@ -486,8 +486,8 @@ remove_iptables_nfqueue_rules() { ...@@ -486,8 +486,8 @@ remove_iptables_nfqueue_rules() {
ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass ip6tables -w -D FORWARD -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass ip6tables -w -D FORWARD -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D INPUT -p tcp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass ip6tables -w -D INPUT -p tcp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -w -D INPUT -p udp --match multiport --ports 80,443,53 -j NFQUEUE --queue-num 0 --queue-bypass ip6tables -w -D INPUT -p udp --match multiport --ports 53 -j NFQUEUE --queue-num 0 --queue-bypass
ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-destination-port 443 -j SKIPLOG 2> /dev/null
ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null ebtables --concurrent -D FORWARD -p ip6 --ip6-protocol 6 --ip6-source-port 53 -j SKIPLOG 2> /dev/null
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment