43 lines
888 B
Text
43 lines
888 B
Text
|
#!/bin/bash
|
||
|
set -e
|
||
|
set_prefix="cgroup:ip:transparent_proxy cgroup:ip6:transparent_proxy_v6"
|
||
|
while [ -n "$1" ]; do
|
||
|
[ "$1" == '-4' ] && set_prefix="cgroup:ip:transparent_proxy" || act="$1"
|
||
|
shift
|
||
|
done
|
||
|
act="${act:-bp}"
|
||
|
case "$act" in
|
||
|
bp)
|
||
|
nftset="tcp_bypass udp_bypass"
|
||
|
;;
|
||
|
fw)
|
||
|
nftset="tcp_enforce udp_enforce"
|
||
|
;;
|
||
|
bp_tcp)
|
||
|
nftset="tcp_bypass"
|
||
|
;;
|
||
|
bp_udp)
|
||
|
nftset="udp_bypass"
|
||
|
;;
|
||
|
fw_tcp)
|
||
|
nftset="tcp_enforce"
|
||
|
;;
|
||
|
fw_udp)
|
||
|
nftset="udp_enforce"
|
||
|
;;
|
||
|
*)
|
||
|
echo -e 'Usage: ssrun [-4] action\nerror: action should be one of:\n\tbp fw bp_tcp bp_udp fw_tcp fw_udp'
|
||
|
exit 1
|
||
|
;;
|
||
|
esac
|
||
|
nftsets=""
|
||
|
for p in $set_prefix; do
|
||
|
for s in $nftset; do
|
||
|
nftsets="$nftsets $p:$s"
|
||
|
done
|
||
|
done
|
||
|
echo "act=${act} nftsets=${nftsets:1}"
|
||
|
envf="$(mktemp /tmp/envXXXXXXXX)"
|
||
|
env > "$envf"
|
||
|
sudo systemd-run --uid $(id -u) --gid $(id -g) -p NFTSet="${nftsets:1}" --collect -p EnvironmentFile="$envf" -p ExecStartPost="/usr/bin/rm -- $envf" -S
|