echo"specify either 4 or 6 as a parameter for ipv4 or ipv6";
exit -1
fi
#create an autorized ts3 client ip set.
#perhaps create the set with more than the default 1024 entries
sudo ipset create ts3_authorizing${1} hash:ip,port family ${IPFAMILY} timeout 8||{echo"ipset not installed or there is a problem with it (1)";exit -1;}
sudo ipset create ts3_authorized${1} hash:ip,port family ${IPFAMILY} timeout 30||{echo"ipset not installed or there is a problem with it (2)";exit -1;}
sudo ipset create ts3_authorized_ft${1} hash:ip family ${IPFAMILY} timeout 30||{echo"ipset not installed or there is a problem with it (3)";exit -1;}
#create new chains that handles ts3
sudo ${IPTABLES} -N TS3_UDP_TRAFFIC
sudo ${IPTABLES} -N TS3_UDP_TRAFFIC_AUTHORIZING
sudo ${IPTABLES} -N TS3_UDP_TRAFFIC_AUTHORIZED
sudo ${IPTABLES} -N TS3_TCP_TRAFFIC
sudo ${IPTABLES} -N TS3_ACCEPT_AUTHORIZING
sudo ${IPTABLES} -N OUT_TS3
sudo ${IPTABLES} -N OUT_TS3_AUTHORIZING
sudo ${IPTABLES} -N OUT_TS3_AUTHORIZED
sudo ${IPTABLES} -N OUT_TS3_ACCEPT_AUTHORIZED
RANDOM_FILE_NAME=random.data
if[ ! -f "${RANDOM_FILE_NAME}"]
then
xxd -l 60 -c 60 -p /dev/urandom > "${RANDOM_FILE_NAME}"||{echo"could not use xxd to create random data";exit -1;}
fi
RANDOM_FILE=`pwd`/${RANDOM_FILE_NAME}
#disable connection tracking for ts3 client->server
sudo ${IPTABLES} -t raw -A PREROUTING -p udp --dport 9987 -j CT --notrack
#disable connection tracking for ts3 server->client
sudo ${IPTABLES} -t raw -A OUTPUT -p udp --sport 9987 -j CT --notrack
#move ts3 traffic to TS3_UDP_TRAFFIC chain (do not allow fragments)