- sprintf(str,"-A %s -s %s -p tcp --sport %d -o %s -j %s%d",chain_postrouting,proxy_ip,proxy_port,lan,mark_iptables,3);\r
- save_line(str);\r
- sprintf(str,"-A %s -s %s -p tcp --sport %d -o %s -j ACCEPT",chain_postrouting,proxy_ip,proxy_port,lan);\r
- save_line(str);\r
+ char *final_chain = "DROP"; /* REJECT would be better, but it is impossible in mangle */\r
+ if(free_min) final_chain = "ACCEPT";\r
+ if(qos_proxy)\r
+ {\r
+ if(free_min)\r
+ {\r
+ sprintf(str,"-A %s -s %s -p tcp --sport %d -o %s -j %s%d",chain_postrouting,proxy_ip,proxy_port,lan,mark_iptables,3);\r
+ save_line(str);\r
+ }\r
+ sprintf(str,"-A %s -s %s -p tcp --sport %d -o %s -j %s",chain_postrouting,proxy_ip,proxy_port,lan,final_chain);\r
+ save_line(str);\r
+ }\r
+ if(free_min)\r
+ {\r
+ sprintf(str,"-A %s -o %s -j %s%d",chain_postrouting,lan,mark_iptables,3);\r
+ save_line(str);\r
+ }\r
+ sprintf(str,"-A %s -o %s -j %s",chain_postrouting,lan,final_chain);\r
+ save_line(str);\r
+ /* ------------------------------- classify or reject free upload */\r
+ if(free_min)\r
+ {\r
+ sprintf(str,"-A %s -o %s -j %s%d",chain_forward,wan,mark_iptables,3);\r
+ save_line(str);\r
+ }\r
+ sprintf(str,"-A %s -o %s -j %s",chain_forward,wan,final_chain);\r
+ save_line(str);\r