WEBLIB.RE/vpnclient_ynh
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Replace Moulinette error by warning

Browse Source
This commit is contained in:
Julien Vaubourg
2015-09-29 18:01:52 +02:00
parent 4a10cecb9a
commit abcddf3634
3 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
conf/hook_post-iptable-rules
View File

@@ -19,6 +19,12 @@ if [ ! -z "${host6}" ]; then
sudo ip6tables -A vpnclient_out -d ${host6} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT sudo ip6tables -A vpnclient_out -d ${host6} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
fi fi
for i in <TPL:DNS0> <TPL:DNS1>; do
if [[ "${i}" =~ : ]]; then
sudo ip6tables -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
fi
done
sudo ip6tables -A vpnclient_out -d fd00::/8,fe80::/10 -j ACCEPT sudo ip6tables -A vpnclient_out -d fd00::/8,fe80::/10 -j ACCEPT
sudo ip6tables -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT sudo ip6tables -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo ip6tables -A vpnclient_out -j DROP sudo ip6tables -A vpnclient_out -j DROP
@@ -45,6 +51,12 @@ if [ ! -z "${host4}" ]; then
sudo iptables -A vpnclient_out -d ${host4} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT sudo iptables -A vpnclient_out -d ${host4} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
fi fi
for i in <TPL:DNS0> <TPL:DNS1>; do
if [[ "${i}" =~ \. ]]; then
sudo iptables -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
fi
done
sudo iptables -A vpnclient_out -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT sudo iptables -A vpnclient_out -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
sudo iptables -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT sudo iptables -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A vpnclient_out -j DROP sudo iptables -A vpnclient_out -j DROP

2
conf/ynh-vpnclient
View File

@@ -89,6 +89,8 @@ set_firewall() {
sed "s|<TPL:SERVER_PORT>|${ynh_server_port}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient sed "s|<TPL:SERVER_PORT>|${ynh_server_port}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:PROTO>|${ynh_server_proto}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient sed "s|<TPL:PROTO>|${ynh_server_proto}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:DNS0>|${ynh_dns0}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
sed "s|<TPL:DNS1>|${ynh_dns1}|g" -i /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
yunohost firewall reload yunohost firewall reload
} }

3
scripts/prerequisites
View File

@@ -4,6 +4,5 @@
ynh_moulinette_version=$(sudo dpkg -l moulinette-yunohost | grep ii | awk '{ print $3 }' | sed 's/\.//g') ynh_moulinette_version=$(sudo dpkg -l moulinette-yunohost | grep ii | awk '{ print $3 }' | sed 's/\.//g')
if [ "${ynh_moulinette_version}" -lt 240 ]; then if [ "${ynh_moulinette_version}" -lt 240 ]; then
echo "ERROR: You need a YunoHost-Moulinette version equals or greater than 2.4.0" >&2 echo "WARN: You need a YunoHost-Moulinette version equals or greater than 2.4.0 for activating the firewalling" >&2
exit 1
fi fi