From abcddf363405773c92f605a362e4400cb5626492 Mon Sep 17 00:00:00 2001
From: Julien Vaubourg <julien@vaubourg.com>
Date: Tue, 29 Sep 2015 18:01:52 +0200
Subject: [PATCH] Replace Moulinette error by warning

---
 conf/hook_post-iptable-rules | 12 ++++++++++++
 conf/ynh-vpnclient           |  2 ++
 scripts/prerequisites        |  3 +--
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/conf/hook_post-iptable-rules b/conf/hook_post-iptable-rules
index fec36ed..479c2ea 100644
--- a/conf/hook_post-iptable-rules
+++ b/conf/hook_post-iptable-rules
@@ -19,6 +19,12 @@ if [ ! -z "${host6}" ]; then
   sudo ip6tables -A vpnclient_out -d ${host6} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
 fi
 
+for i in <TPL:DNS0> <TPL:DNS1>; do
+  if [[ "${i}" =~ : ]]; then
+    sudo ip6tables -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
+  fi
+done
+
 sudo ip6tables -A vpnclient_out -d fd00::/8,fe80::/10 -j ACCEPT
 sudo ip6tables -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 sudo ip6tables -A vpnclient_out -j DROP
@@ -45,6 +51,12 @@ if [ ! -z "${host4}" ]; then
   sudo iptables -A vpnclient_out -d ${host4} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
 fi
 
+for i in <TPL:DNS0> <TPL:DNS1>; do
+  if [[ "${i}" =~ \. ]]; then
+    sudo iptables -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
+  fi
+done
+
 sudo iptables -A vpnclient_out -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
 sudo iptables -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 sudo iptables -A vpnclient_out -j DROP
diff --git a/conf/ynh-vpnclient b/conf/ynh-vpnclient
index bbc3d86..eddaeee 100644
--- a/conf/ynh-vpnclient
+++ b/conf/ynh-vpnclient
@@ -89,6 +89,8 @@ set_firewall() {
   sed "s|<TPL:SERVER_PORT>|${ynh_server_port}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
   sed "s|<TPL:PROTO>|${ynh_server_proto}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
   sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
+  sed "s|<TPL:DNS0>|${ynh_dns0}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
+  sed "s|<TPL:DNS1>|${ynh_dns1}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
 
   yunohost firewall reload
 }
diff --git a/scripts/prerequisites b/scripts/prerequisites
index 3239391..6c52abf 100644
--- a/scripts/prerequisites
+++ b/scripts/prerequisites
@@ -4,6 +4,5 @@
 ynh_moulinette_version=$(sudo dpkg -l moulinette-yunohost | grep ii | awk '{ print $3 }' | sed 's/\.//g')
 
 if [ "${ynh_moulinette_version}" -lt 240 ]; then
-  echo "ERROR: You need a YunoHost-Moulinette version equals or greater than 2.4.0" >&2
-  exit 1
+  echo "WARN: You need a YunoHost-Moulinette version equals or greater than 2.4.0 for activating the firewalling" >&2
 fi