PFSense(Opnsense) zapret

  Network, OPNSense

скопировано отсюда, но изменено для себя

  • Если вы добавили общие для BSD репы и теперь у вас сломался пакетный менеджер PFSense
pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
  • Установка bin`арника
pkg update && \
pkg install git nano

mkdir /opt && \
git clone https://github.com/bol-van/zapret.git /opt/zapret

cp /opt/zapret/binaries/freebsd-x64/tpws /usr/local/sbin && \
chmod +x /usr/local/sbin/tpws

rm -rf /opt/zapret

Скрипт для запуска

nano /usr/local/etc/rc.d/tpws && chmod +x /usr/local/etc/rc.d/tpws
#!/bin/sh
SERVICE_NAME="tpws"
SERVICE_CMD="/usr/local/sbin/tpws"
pidfile="/var/run/${SERVICE_NAME}.pid"
is_service_running() {
pgrep -f "${SERVICE_CMD}" > ${pidfile} && return 0 || return 1
}
mng_service() {
if [ "" = "start" ]; then
${SERVICE_CMD} \
--debug=0 \
--port=988 \
--bind-addr=127.0.0.1 \
--enable-pf \
--bind-linklocal=force \
--split-http-req=method \
--split-pos=2 \
--maxconn=9216 \
| logger -t "${SERVICE_NAME}" >/dev/null 2>&1 &
elif [ "" = "stop" ]; then
pkill -f "${SERVICE_CMD}"
fi
}
show_service_status() {
if is_service_running; then
echo "Сервис ${SERVICE_NAME} запущен."
else
echo "Сервис ${SERVICE_NAME} не работает."
fi
}
case "" in
start)
mng_service start
;;
stop)
mng_service stop
;;
status)
show_service_status
;;
restart)
mng_service stop
sleep 2
mng_service start
;;
*)
echo "Usage: ${SERVICE_NAME} {start|stop|status|restart}"
exit 1
;;
esac

  • Правила в NAT

tpws - alias для порта: 988
Вместо "192.168.1.141" нужно поставить "LAN subnets"
Filter rule association: None
  • Управление сервисом как обычно, log`и в Status – System Logs – General…
service tpws start   # можно добавить в автозагрузку, например через плагин Shellcmd
service tpws restart
service tpws stop
service tpws status

Управление сервисом только для OPNsense

edit /usr/local/opnsense/service/conf/actions.d/actions_tpws.conf
[start]
command:/usr/local/etc/rc.d/tpws start
parameters:
type:script
message:starting tpws
[stop]
command:/usr/local/etc/rc.d/tpws stop
parameters:
type:script
message:stopping tpws
[restart]
command:/usr/local/etc/rc.d/tpws restart
parameters:
type:script
message:restarting tpws
[status]
command:/usr/local/etc/rc.d/tpws status; exit 0
parameters:
type:script_output
message:request tpws status
service configd restart
edit /usr/local/etc/inc/plugins.inc.d/tpws.inc
<?php

/*
* Copyright (C) 2017 EURO-LOG AG
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/

/**
* register service
* @return array
*/
function tpws_services()
{
global $config;

$services = array();
$services[] = array(
'description' => gettext('tpws TCP/IP stack'),
'configd' => array(
'restart' => array('tpws restart'),
'start' => array('tpws start'),
'stop' => array('tpws stop'),
),
'name' => 'tpws',
'pidfile' => '/var/run/tpws.pid'
);
return $services;
}

function tpws_syslog()
{
$logfacilities = array();
$logfacilities['tpws'] = array(
'facility' => array('tpws'),
);
return $logfacilities;
}

ну и напоследок сделаем ранний запуск

edit /usr/local/etc/rc.syshook.d/start/80-tpws
#!/bin/sh
Start tpws service
/usr/local/etc/rc.d/tpws start
pluginctl -s

Теперь в службах должен появиться пункт tpws TCP/IP stack