#!/bin/sh
# use iptables manually
if [ "$1" = "start" ]
then
iptables -t raw -N tcpcrypt
iptables -t raw -A tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666
iptables -t raw -I PREROUTING -j tcpcrypt
iptables -t mangle -N tcpcrypt
iptables -t mangle -A tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666
iptables -t mangle -I POSTROUTING -j tcpcrypt
# launch `tcpcryptd` with `-x 0x10`
fi
if [ "$1" = "stop" ]
then
iptables -t raw -F tcpcrypt
iptables -t raw -D PREROUTING -j tcpcrypt
iptables -t mangle -F tcpcrypt
iptables -t mangle -D PREROUTING -j tcpcrypt
fi