WEBLIB.RE/vpnclient_ynh
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Open firewall in vpnclient_out for each address defined for the vpn server domain

Browse Source
This commit is contained in:
Julien Vaubourg
2016-06-14 23:31:52 +02:00
parent 5564320248
commit 2fd86faf81
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
conf/hook_post-iptable-rules
View File

@@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
host6=$(dig AAAA +short <TPL:SERVER_NAME> | tail -n1) host6=$(dig AAAA +short <TPL:SERVER_NAME> | grep -v '\.$')
host4=$(dig A +short <TPL:SERVER_NAME> | tail -n1) host4=$(dig A +short <TPL:SERVER_NAME> | grep -v '\.$')
# IPv6 # IPv6
@@ -17,7 +17,9 @@ sudo ip6tables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j
sudo ip6tables -w -A vpnclient_in -j DROP sudo ip6tables -w -A vpnclient_in -j DROP
if [ ! -z "${host6}" ]; then if [ ! -z "${host6}" ]; then
sudo ip6tables -w -A vpnclient_out -d ${host6} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT for i in ${host6}; do
sudo ip6tables -w -A vpnclient_out -d "${i}" -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
done
fi fi
for i in <TPL:DNS0> <TPL:DNS1>; do for i in <TPL:DNS0> <TPL:DNS1>; do
@@ -50,7 +52,9 @@ sudo iptables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j A
sudo iptables -w -A vpnclient_in -j DROP sudo iptables -w -A vpnclient_in -j DROP
if [ ! -z "${host4}" ]; then if [ ! -z "${host4}" ]; then
sudo iptables -w -A vpnclient_out -d ${host4} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT for i in ${host4}; do
sudo iptables -w -A vpnclient_out -d "${i}" -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
done
fi fi
for i in <TPL:DNS0> <TPL:DNS1>; do for i in <TPL:DNS0> <TPL:DNS1>; do