don't reset interface

2025-12-30 18:58:28 +01:00 · 2022-01-20 19:52:53 +08:00
2 changed files with 227 additions and 417 deletions
--- a/README.md
+++ b/README.md
@@ -6,7 +6,6 @@ It wraps `iptables`, `dnsmasq` etc. stuff. Use in one command, restore in one co
 [Linux-Router News & Developer Notes 📰](https://github.com/garywill/linux-router/issues/28) | [More tools and projects 🛠️](https://garywill.github.io) | [🍻 Buy me a coffee ❤️](https://github.com/garywill/receiving/blob/master/receiving_methods.md)
 ## Features
 Basic features:
@@ -62,36 +61,11 @@ Internet----(eth0/wlan0)-Linux-(eth1)------Another PC
 Internet----(eth0/wlan0)-Linux-(virtual interface)-----VM/container
 ```
 ## Install
 1-file-script. Release on [Linux-router repo on Github](https://github.com/garywill/linux-router). Just download and run the bash script (meet the dependencies). In this case use without installation.
 I'm currently not packaging for any distro. If you do, open a PR and add the link (can be with a version badge) to list here
 | Linux distro |                                                                                                            |
 | ------------ | ---------------------------------------------------------------------------------------------------------- |
 | Any          | download [1-file-script](https://raw.githubusercontent.com/garywill/linux-router/master/lnxrouter) and run without installation |
 ### Dependencies
 - bash
 - procps or procps-ng
 - iproute2
 - dnsmasq
 - iptables (or nftables with `iptables-nft` translation linked)
 - WiFi hotspot dependencies
  - hostapd
  - iw
  - iwconfig (you only need this if 'iw' can not recognize your adapter)
  - haveged (optional)
 ## Usage
 ### Provide Internet to an interface
-```bash
+```
 sudo lnxrouter -i eth1
 ```
@@ -99,7 +73,7 @@ no matter which interface (other than `eth1`) you're getting Internet from.
 ### Create WiFi hotspot
-```bash
+```
 sudo lnxrouter --ap wlan0 MyAccessPoint -p MyPassPhrase
 ```
@@ -111,7 +85,7 @@ Clients access Internet through only `isp5`
 <details>
-```bash
+```
 sudo lnxrouter -i eth1 -o isp5  --no-dns  --dhcp-dns 1.1.1.1  -6 --dhcp-dns6 [2606:4700:4700::1111]
 ```
@@ -124,15 +98,12 @@ sudo lnxrouter -i eth1 -o isp5  --no-dns  --dhcp-dns 1.1.1.1  -6 --dhcp-dns6 [26
 </details>
-### Create LAN without providing Internet
+### LAN without Internet
 <details>
 ```bash
 sudo lnxrouter -n -i eth1
 ```
-
+sudo lnxrouter -n -i eth1
 ```bash
 sudo lnxrouter -n --ap wlan0 MyAccessPoint -p MyPassPhrase
 ```
@@ -146,7 +117,7 @@ sudo lnxrouter -n --ap wlan0 MyAccessPoint -p MyPassPhrase
 Create a bridge
-```bash
+```
 sudo brctl addbr lxcbr5
 ```
@@ -159,7 +130,7 @@ lxc.network.link = lxcbr5
 lxc.network.hwaddr = xx:xx:xx:xx:xx:xx
 ```
-```bash
+```
 sudo lnxrouter -i lxcbr5
 ```
@@ -167,11 +138,11 @@ sudo lnxrouter -i lxcbr5
 ### Transparent proxy
-All clients' Internet traffic go through, for example, Tor (notice this example is NOT an anonymity use)
+All clients' Internet traffic go through, for example, Tor
 <details>
-```bash
+```
 sudo lnxrouter -i eth1 --tp 9040 --dns 9053 -g 192.168.55.1 -6 --p6 fd00:5:6:7::
 ```
@@ -184,10 +155,6 @@ TransPort [fd00:5:6:7::1]:9040
 DNSPort [fd00:5:6:7::1]:9053
 ```
 > **Warn**: Tor's anonymity relies on a purpose-made browser. Using Tor like this (sharing Tor's network to LAN clients) will NOT ensure anonymity.
 > 
 > Although we use Tor as example here, Linux-router does NOT ensure nor is NOT aiming at anonymity.
 </details>
 ### Clients-in-sandbox network
@@ -196,7 +163,7 @@ To not give our infomation to clients. Clients can still access Internet.
 <details>
-```bash
+```
 sudo lnxrouter -i eth1 \
    --tp 9040 --dns 9053 \
    --random-mac \
@@ -206,7 +173,7 @@ sudo lnxrouter -i eth1 \
 </details>
-> Linux-router comes with no warranty. Use on your own risk
+> This script comes with no warrenty. Use on your own risk
 ### Use as transparent proxy for LXD
@@ -214,13 +181,13 @@ sudo lnxrouter -i eth1 \
 Create a bridge
-```bash
+```
 sudo brctl addbr lxdbr5
 ```
 Create and add a new LXD profile overriding container's `eth0`
-```bash
+```
 lxc profile create profile5
 lxc profile edit profile5
@@ -238,13 +205,13 @@ name: profile5
 lxc profile add <container> profile5
 ```
-```bash
+```
 sudo lnxrouter -i lxdbr5 --tp 9040 --dns 9053
 ```
 To remove that new profile from container
-```bash
+```
 lxc profile remove <container> profile5
 ```
@@ -252,13 +219,13 @@ lxc profile remove <container> profile5
 Add new `eth0` to container overriding default `eth0`
-```bash
+```
 lxc config device add <container> eth0 nic name=eth0 nictype=bridged parent=lxdbr5
 ```
 To remove the customized `eth0` to restore default `eth0`
-```bash
+```
 lxc config device remove <container> eth0
 ```
@@ -270,7 +237,7 @@ lxc config device remove <container> eth0
 In VirtualBox's global settings, create a host-only network `vboxnet5` with DHCP disabled.
-```bash
+```
 sudo lnxrouter -i vboxnet5 --tp 9040 --dns 9053
 ```
@@ -282,11 +249,11 @@ sudo lnxrouter -i vboxnet5 --tp 9040 --dns 9053
 Create a bridge
-```bash
+```
 sudo brctl addbr firejail5
 ```
-```bash
+```
 sudo lnxrouter -i firejail5 -g 192.168.55.1 --tp 9040 --dns 9053 
 firejail --net=firejail5 --dns=192.168.55.1 --blacklist=/var/run/nscd
 ```
@@ -350,28 +317,26 @@ Options:
    -d                      DNS server will take into account /etc/hosts
    -e <hosts_file>         DNS server will take into account additional 
                            hosts file
    --dns-nocache           DNS server no cache
    --mac <MAC>             Set MAC address
    --random-mac            Use random MAC address
    --tp <port>             Transparent proxy,
-                            redirect non-LAN TCP and UDP(not tested) traffic to
+                            redirect non-LAN TCP and UDP traffic to port.
-                            port. (usually used with '--dns')
+                            (usually used with '--dns')
  WiFi hotspot options:
    --ap <wifi interface> <SSID>
                            Create WiFi access point
    -p, --password <password>   
                            WiFi password
-    --qr                    Show WiFi QR code in terminal (need qrencode)
+    --qr                    Show WiFi QR code in terminal
    --hidden                Hide access point (not broadcast SSID)
    --no-virt               Do not create virtual interface
                            Using this you can't use same wlan interface
                            for both Internet and AP
-    --virt-name <name>      Set name of virtual interface
+    -c <channel>            Channel number (default: 1)
    -c <channel>            Specify channel (default: use current, or 1 / 36)
    --country <code>        Set two-letter country code for regularity
                            (example: US)
    --freq-band <GHz>       Set frequency band: 2.4 or 5 (default: 2.4)
@@ -385,28 +350,13 @@ Options:
                            (defaults to /etc/hostapd/hostapd.accept)
    --hostapd-debug <level> 1 or 2. Passes -d or -dd to hostapd
    --isolate-clients       Disable wifi communication between clients
    --ieee80211n            Enable IEEE 802.11n (HT)
    --ieee80211ac           Enable IEEE 802.11ac (VHT)
    --ht_capab <HT>         HT capabilities (default: [HT40+])
    --vht_capab <VHT>       VHT capabilities
    --no-haveged            Do not run haveged automatically when needed
    --hs20                  Enable Hotspot 2.0
    WiFi 4 (802.11n) configs:
    --wifi4                 Enable IEEE 802.11n (HT)
    --req-ht                Require station HT (High Throughput) mode
    --ht-capab <HT caps>    HT capabilities (default: [HT40+])
    WiFi 5 (802.11ac) configs:
    --wifi5                 Enable IEEE 802.11ac (VHT)
    --req-vht               Require station VHT (Very High Thoughtput) mode
    --vht-capab <VHT caps>  VHT capabilities
    --vht-ch-width <index>  Index of VHT channel width:
                                0 for 20MHz or 40MHz (default)
                                1 for 80MHz
                                2 for 160MHz
                                3 for 80+80MHz (Non-contigous 160MHz)    
    --vht-seg0-ch <channel> Channel index of VHT center frequency for primary 
                            segment. Use with '--vht-ch-width'
    --vht-seg1-ch <channel> Channel index of VHT center frequency for secondary
                            (second 80MHz) segment. Use with '--vht-ch-width 3'
  Instance managing:
    --daemon                Run in background
@@ -418,7 +368,15 @@ Options:
    --stop <id>             Stop a running instance
        For <id> you can use PID or subnet interface name.
        You can get them with '--list-running'
 ```
 </details>
 ## Notice
 <details>
 ```
    Notice 1:   This script assume your host's default policy won't forward
                packets, so the script won't explictly ban forwarding in any
                mode. In some unexpected case (eg. mistaken configurations) may
@@ -439,35 +397,19 @@ On exit of a linux-router instance, script **will do cleanup**, i.e. undo most c
 5. The wifi device which is used to create hotspot is `rfkill unblock`ed
 6. WiFi country code, if user assigns
-## Meet contributor(s) and become one of them
+## Dependencies
-Visit [**my homepage** 🏡](https://garywill.github.io) to see **more tools and projects** 🛠️.
+- bash
-
+- procps or procps-ng
-> [❤️ Buy me a coffee](https://github.com/garywill/receiving/blob/master/receiving_methods.md) , this project took me lots of time! ([❤️ 扫码领红包并打赏一个!](https://github.com/garywill/receiving/blob/master/receiving_methods.md))
+- iproute2
-> 
+- dnsmasq
-> 🥂 ( ^\_^) o自自o (^_^ ) 🍻
+- iptables (or nftables with `iptables-nft` translation linked)
-
+- WiFi hotspot dependencies
-🤝 Bisides, thank [create_ap](https://github.com/oblique/create_ap) by [oblique](https://github.com/oblique). This script was forked from create\_ap. Now they are quite different. (See `history` branch for how I modified create_ap). 🤝 Also thank those who contributed to that project.
+  - hostapd
-
+  - iw
-👨‍💻 You can be contributor, too! 
+  - iwconfig (you only need this if 'iw' can not recognize your adapter)
-
+  - haveged (optional)
- 🍃 There're some TO-DOs listed, in both [readme TODO](#todo) and [in the code file](https://github.com/garywill/linux-router/search?q=TODO&type=code)
+  - qrencode (optional)
 - 🍃 Also some [unfulfilled enhancements in the Issues](https://github.com/garywill/linux-router/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement)
 - 🙋‍♂️ Contributions are not limited to coding. There're [some posts and questions](https://github.com/garywill/linux-router/issues) that need more people to answer
 ## Notice
 <details>
 ```
    Notice 1:   This script assume your host's default policy won't forward
                packets, so the script won't explictly ban forwarding in any
                mode. In some unexpected case (eg. mistaken configurations) may
                cause unwanted packets leakage between 2 networks, which you
                should be aware of if you want isolated network
 ```
 </details>
 ## TODO
@@ -539,4 +481,14 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 </details>
 ## Meet developer(s) and become one of them
 Visit [**my homepage** 🏡](https://garywill.github.io) to see **more tools and projects** 🛠️.
 > [❤️ Buy me a coffee](https://github.com/garywill/receiving/blob/master/receiving_methods.md) , this project took me lots of time! ([❤️ 扫码领红包并打赏一个!](https://github.com/garywill/receiving/blob/master/receiving_methods.md))
 > 
 > 🥂 ( ^\_^) o自自o (^_^ ) 🍻
 🤝 Bisides, thank [create_ap](https://github.com/oblique/create_ap) by [oblique](https://github.com/oblique). This script was forked from create\_ap. Now they are quite different. (See `history` branch for how I modified create_ap). 🤝 Also thank those who contributed to that project.
 👨‍💻 You can be contributor, too! 🍃 There're some TO-DOs listed, at both [above](#todo) and [in the code file](https://github.com/garywill/linux-router/search?q=TODO&type=code). 🍃 Also some [unfulfilled enhancements in the Issues](https://github.com/garywill/linux-router/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement). Your name can be here!
--- a/454
+++ b/454