mirror of
https://github.com/sshuttle/sshuttle.git
synced 2024-11-22 16:03:57 +01:00
72ed385b7f
When regenerating outgoing connections, we set TTL=42 to prevent re-proxying of requests. That's a little hacky, but at least it avoids infinite loops.
29 lines
590 B
Bash
Executable File
29 lines
590 B
Bash
Executable File
#!/bin/bash -x
|
|
PORT="$1"
|
|
shift
|
|
|
|
if [ -z "$PORT" ] || ! [ "$PORT" -gt 0 ]; then
|
|
echo "'$PORT' is not a valid port number"
|
|
exit 1
|
|
fi
|
|
|
|
# basic cleanup/setup
|
|
C=sshuttle-$PORT
|
|
iptables -t nat -D OUTPUT -j $C
|
|
iptables -t nat -F $C
|
|
iptables -t nat -X $C
|
|
|
|
if [ -z "$*" ]; then
|
|
# just delete existing rules
|
|
exit 0
|
|
fi
|
|
iptables -t nat -N $C
|
|
iptables -t nat -I OUTPUT 1 -j $C
|
|
iptables -t nat -D $C -j REDIRECT -p tcp --to-ports $PORT
|
|
|
|
# create new subnet entries
|
|
for subnet in "$@"; do
|
|
iptables -t nat -A $C -j REDIRECT --dest "$subnet" -p tcp \
|
|
--to-ports "$PORT" -m ttl \! --ttl 42
|
|
done
|