From 9e7376f9ac1c12b0e535947ea53f0c7b318c712e Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 23 Nov 2017 10:46:40 +0000 Subject: [PATCH] Only set vpn firewall if ethernet is connected --- src/freedombone-mesh-batman | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman index 37a06925..3e96c4df 100755 --- a/src/freedombone-mesh-batman +++ b/src/freedombone-mesh-batman @@ -355,6 +355,7 @@ function start { brctl addbr $BRIDGE brctl addif $BRIDGE bat0 ifconfig bat0 0.0.0.0 + ethernet_connected='0' if [ "$EIFACE" ] ; then ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier) if [[ "$ethernet_connected" != "0" ]]; then @@ -452,21 +453,22 @@ function start { iptables -A INPUT -p tcp --dport 8008 -j ACCEPT iptables -A INPUT -p udp --dport 8010 -j ACCEPT iptables -A INPUT -p tcp --dport 8010 -j ACCEPT - # vpn over the internet - iptables -A INPUT -p tcp --dport 653 -j ACCEPT - iptables -A INPUT -p udp --dport 653 -j ACCEPT - iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT - iptables -A INPUT -i tun+ -j ACCEPT - iptables -A FORWARD -i tun+ -j ACCEPT - iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT - iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT - iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE - iptables -A OUTPUT -o tun+ -j ACCEPT - - echo 1 > /proc/sys/net/ipv4/ip_forward - sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf - sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf - sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf + if [[ "$ethernet_connected" != "0" ]]; then + # vpn over the internet + iptables -A INPUT -p tcp --dport 653 -j ACCEPT + iptables -A INPUT -p udp --dport 653 -j ACCEPT + iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT + iptables -A INPUT -i tun+ -j ACCEPT + iptables -A FORWARD -i tun+ -j ACCEPT + iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE + iptables -A OUTPUT -o tun+ -j ACCEPT + echo 1 > /proc/sys/net/ipv4/ip_forward + sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf + sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf + sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf + fi systemctl restart avahi-daemon