free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

More obvious variable name

This commit is contained in:
Bob Mottram 2017-09-25 11:35:27 +01:00
parent aec19a4876
commit 71add55175
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/freedombone-utils-firewall
View File

@ -33,6 +33,7 @@
FIREWALL_CONFIG=$HOME/${PROJECT_NAME}-firewall.cfg FIREWALL_CONFIG=$HOME/${PROJECT_NAME}-firewall.cfg
FIREWALL_DOMAINS=$HOME/${PROJECT_NAME}-firewall-domains.cfg FIREWALL_DOMAINS=$HOME/${PROJECT_NAME}-firewall-domains.cfg
FIREWALL_EIFACE=eth0 FIREWALL_EIFACE=eth0
EXTERNAL_IPV4_ADDRESS=
function save_firewall_settings { function save_firewall_settings {
iptables-save > /etc/firewall.conf iptables-save > /etc/firewall.conf
@ -110,8 +111,8 @@ function enable_ipv6 {
} }
function firewall_deny_forwarding { function firewall_deny_forwarding {
read_config_param CURRENT_IPV4_ADDRESS read_config_param EXTERNAL_IPV4_ADDRESS
if [ ! $CURRENT_IPV4_ADDRESS ]; then if [ ! $EXTERNAL_IPV4_ADDRESS ]; then
return return
fi fi
iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
@ -119,13 +120,13 @@ function firewall_deny_forwarding {
iptables -D FORWARD -i tun+ -j ACCEPT iptables -D FORWARD -i tun+ -j ACCEPT
iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -D FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -D POSTROUTING -s ${CURRENT_IPV4_ADDRESS}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE iptables -t nat -D POSTROUTING -s ${EXTERNAL_IPV4_ADDRESS}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
iptables -D OUTPUT -o tun+ -j ACCEPT iptables -D OUTPUT -o tun+ -j ACCEPT
save_firewall_settings save_firewall_settings
} }
function firewall_allow_forwarding { function firewall_allow_forwarding {
curr_ipv4_address=$(get_ipv4_address) curr_ipv4_address=$(get_external_ipv4_address)
iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT
@ -133,7 +134,7 @@ function firewall_allow_forwarding {
iptables -A FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s ${curr_ipv4_address}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE iptables -t nat -A POSTROUTING -s ${curr_ipv4_address}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT iptables -A OUTPUT -o tun+ -j ACCEPT
write_config_param CURRENT_IPV4_ADDRESS "$curr_ipv4_address" write_config_param EXTERNAL_IPV4_ADDRESS "$curr_external_ipv4_address"
save_firewall_settings save_firewall_settings
} }