android手机iptables实现教育网免费ip过滤
参考文献
2.关于IPTABLES在Fedora5中过滤ip的完美解决方案
3.CM7 iptables补丁,DroidWall亲测能用了
wifi连无线路由服务器上网,路由器没有ip过滤,于是利用iptables建立一个ip过滤
首先手机必须是root过,并且能运行busybox
由于多数android手机的iptables都被阉割,所以如果代码不能正常使用出现getsockopt for multiport failed strangely: No such file or directory之类问题,需要用kang.project-voodoo.org/f/iptables-cm7-kang.zip进行添加或替换到/system/bin下
参考了hexing和tingxx同学的代码,重写程序如下
nat.sh:
#!/bin/sh #PATH=$PATH:/usr/sbin:/sbin #### configue begin ############################################################################### #myip is the outside IP myip="192.168.1.188" #intra is the inside network,you only can use the 192.168.0.0/24 #172.16.0.0/16 intra="192.168.1.0/24" #ethout is the ethernet which connect the outside network ethout="tiwlan0" #htmladdr is the web addr have the free IP htmladdr="http://hitsun.hit.edu.cn/freeip2011.12.htm" ####configure end # download the free ip html file from the web, the timeout to 20 seconds, and the retries number is 2 wget -O freeip.htm $htmladdr -T 20 -t 2 #test whether the download is succesful, if failure, write it to the log file and exit #get freeip tables fip=`cat freeip.htm | busybox grep -o '[0-9]\{1,3\}[.][0-9]\{1,3\}[.][0-9]\{1,3\}[.][0-9]\{1,3\}' | busybox awk -f ./awkfile.sh` echo "get freeip succesfully!" #################get freeip end########################################################################### echo "set iptables rules..." iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -F POSTROUTING -t nat iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP for x in $fip do iptables -A INPUT -i $ethout -s $x -j ACCEPT iptables -A OUTPUT -o $ethout -s $myip -d $x -j ACCEPT iptables -A FORWARD -i $ethout -s $x -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $ethout -s $intra -d $x -j ACCEPT done # iptables -A FORWARD -j DROP iptables -A INPUT -i $ethout -s $intra -j ACCEPT iptables -A OUTPUT -o $ethout -d $intra -j ACCEPT
awkfile.sh
{ if(NR % 3 ==1) network=$0 else if(NR %3 ==0) { netmask= $0 OFS="/" print network,netmask } }
在超级终端中cd到文件所在文件夹,输入busybox chmod +x nat.sh
然后输入sh nat.sh就可以运行ip过滤了~enjoy it