From 9a088f308042aa5eeb4b8a446682e71004d6ad01 Mon Sep 17 00:00:00 2001
From: Steffen Vogel <stvogel@eonerc.rwth-aachen.de>
Date: Fri, 12 Sep 2014 09:03:10 +0000
Subject: [PATCH] added script for blocking direct tinc traffic

git-svn-id: https://zerberus.eonerc.rwth-aachen.de:8443/svn/s2ss/trunk@252 8ec27952-4edc-4aab-86aa-e87bb2611832
---
 contrib/tinc.sh | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100755 contrib/tinc.sh

diff --git a/contrib/tinc.sh b/contrib/tinc.sh
new file mode 100755
index 000000000..a93de032d
--- /dev/null
+++ b/contrib/tinc.sh
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+# die on error
+set -e
+
+if [ "$(hostname)" != "acs-s2ss" ]; then
+	echo "This script has to be run only acs-s2ss!" 1>&2
+	exit 1
+fi
+
+if [ "$(id -u)" != "0" ]; then
+	echo -e "This script must be run as root" 1>&2
+	exit 1
+fi
+
+IP=78.91.103.24
+PORT=12010
+IPT=iptables
+RULE1="-p udp --dport $PORT -s $IP -j REJECT"
+RULE2="-p tcp --dport $PORT -s $IP -j REJECT"
+
+case $1 in
+    block)
+	$IPT -I INPUT 1 $RULE1 
+	$IPT -I INPUT 1 $RULE2
+	service tincd restart
+	;;
+
+    unblock)
+	$IPT -D INPUT $RULE1
+	$IPT -D INPUT $RULE2
+	service tincd restart
+	;;
+
+    status)
+	$IPT -C INPUT $RULE1 && echo "Tinc UDP is blocked"
+	$IPT -C INPUT $RULE2 && echo "Tinc TCP is blocked"
+
+	echo -n "Sintef "
+	tinc -n s2ss info sintef | grep "Reachability"
+
+	echo -n "Frankfurt "
+	tinc -n s2ss info fra | grep "Reachability"
+	;;
+esac