From 29671b04adbfa969d4e09ccc1ddd838b275eda14 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 25 Sep 2017 10:23:03 +0100
Subject: [PATCH] Store ip address used for forwarding

---
 src/freedombone-utils-firewall | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index b2187d511..90f31a1cd 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -110,24 +110,30 @@ function enable_ipv6 {
 }
 
 function firewall_deny_forwarding {
-    iptables -D INPUT -i $FIREWALL_EIFACE -m state --state NEW -p udp --dport 1194 -j ACCEPT
+    read_config_param CURRENT_IPV4_ADDRESS
+    if [ ! $CURRENT_IPV4_ADDRESS ]; then
+        return
+    fi
+    iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
     iptables -D INPUT -i tun+ -j ACCEPT
     iptables -D FORWARD -i tun+ -j ACCEPT
-    iptables -D FORWARD -i tun+ -o $FIREWALL_EIFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -D FORWARD -i $FIREWALL_EIFACE -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -t nat -D POSTROUTING -s $(get_ipv4_address)/24 -o $FIREWALL_EIFACE -j MASQUERADE
+    iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -D FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -t nat -D POSTROUTING -s ${CURRENT_IPV4_ADDRESS}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
     iptables -D OUTPUT -o tun+ -j ACCEPT
     save_firewall_settings
 }
 
 function firewall_allow_forwarding {
-    iptables -A INPUT -i $FIREWALL_EIFACE -m state --state NEW -p udp --dport 1194 -j ACCEPT
+    curr_ipv4_address=$(get_ipv4_address)
+    iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
     iptables -A INPUT -i tun+ -j ACCEPT
     iptables -A FORWARD -i tun+ -j ACCEPT
-    iptables -A FORWARD -i tun+ -o $FIREWALL_EIFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -A FORWARD -i $FIREWALL_EIFACE -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -t nat -A POSTROUTING -s $(get_ipv4_address)/24 -o $FIREWALL_EIFACE -j MASQUERADE
+    iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -A FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -t nat -A POSTROUTING -s ${curr_ipv4_address}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
     iptables -A OUTPUT -o tun+ -j ACCEPT
+    write_config_param CURRENT_IPV4_ADDRESS "$curr_ipv4_address"
     save_firewall_settings
 }
 
-- 
GitLab