#!/bin/bash

# curl -s http://internal.up-gram.com/shell/deny_bt_traffic_nice.sh |bash

#centos默认已经使用firewalld，如果启用了firewalld，需要禁止，并安装iptables具体方法如下
#关掉 firewalld
#systemctl stop firewalld &>/dev/null
#systemctl disable firewalld &>/dev/null

#如果centos未安装iptables，使用yum安装
#yum install iptables iptables-services //iptables-services是iptables的管理服务
#systemctl enable iptables
#systemctl start iptables

#停止xedge
sudo service dingtone-xedge stop;

#清空原有规则
sudo iptables -F FORWARD;
sudo iptables -F bt-filter;
sudo iptables -D FORWARD -j bt-filter;
sudo iptables -X bt-filter;

#新建bt拦截自定义链,并在链上添加规则
sudo iptables -N bt-filter;
sudo iptables -A bt-filter -p tcp -m string --string "info_hash=" --algo bm -j DROP;
sudo iptables -A bt-filter -p udp --dport 53 -m string --string "tracker" --algo bm -j DROP;
sudo iptables -A bt-filter -p udp -m string --hex-string "|0000041727101980|" --algo bm -j DROP;
sudo iptables -A bt-filter -p udp ! --dport 53 -m string --from 0 --to 30 --hex-string "|41000080|" --algo bm -j DROP;
sudo iptables -A bt-filter -p udp ! --dport 53 -m string --from 0 --to 30 --hex-string "|21000080|" --algo bm -j DROP;
sudo iptables -A bt-filter -p udp -m string --string "9:info_hash" --algo bm -j DROP;
sudo iptables -A bt-filter -p udp -m string --hex-string "|64313a6164323a696432|" --algo bm -j DROP;
sudo iptables -A bt-filter -m string --hex-string "|13426974546f7272656e742070726f746f636f6c|" --algo bm -j DROP;
sudo iptables -A bt-filter -m string --algo bm --string "torrent" -j DROP;
sudo iptables -A bt-filter -m string --string "77FBFCB4050F493E" --algo kmp -j DROP;
sudo iptables -A bt-filter -m string --string "rarbg" --algo kmp -j DROP;
sudo iptables -A bt-filter -m string --algo bm --string "announce" -j DROP;
sudo iptables -A bt-filter -m string --from 0 --to 100 --string "vuze" --algo bm -j DROP;
sudo iptables -A bt-filter -p udp --dport 53 -m string --hex-string "|04|open|07|stealth|02|si" --algo bm -j DROP;
sudo iptables -A bt-filter -p udp --dport 53 -m string --hex-string "|06|desync|03|com" --algo bm -j DROP;
sudo iptables -A bt-filter -p udp --dport 53 -m string --hex-string "|07|arenabg|03|com" --algo bm -j DROP;
sudo iptables -A bt-filter -p udp --dport 53 -m string --hex-string "|05|trakx|09|herokuapp|03|com" --algo bm -j DROP;
sudo iptables -A bt-filter -p udp --dport 53 -m string --hex-string "|0c|danielrcloud|04|ddns|03|net" --algo bm -j DROP;
sudo iptables -A bt-filter -m string --string "bitcomet" --algo kmp -j DROP;
sudo iptables -A bt-filter -m string --string "peer_id" --algo kmp -j DROP;
sudo iptables -A bt-filter -m string --string "get_peers" --algo kmp -j DROP;
sudo iptables -A bt-filter -m string --string "find_node" --algo kmp -j DROP;
sudo iptables -A bt-filter -m string --algo bm --string "BitTorrent" -j DROP;

#自定义链生效
sudo iptables -I FORWARD -j bt-filter;

#配置保存
sudo iptables-save > /etc/sysconfig/iptables;

#启动xedge
sudo service dingtone-xedge start;

#确保bt拦截自定义链放在头部,因为低版本xedge重启,xedge会把自己的规则放在头部
sudo iptables -D FORWARD -j bt-filter;
sudo iptables -I FORWARD -j bt-filter;


#打印iptables配置
sudo iptables -vnL --line;


#配置结束
echo -e "\033[32m Skyvpn过滤BitTorrent下载配置完成 \033[0m"