Only set vpn firewall if ethernet is connected

9e7376f9 · Bob Mottram · 10e4cb38 · 9e7376f9
Commit 9e7376f9 authored 7 years ago by Bob Mottram
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@@ -355,6 +355,7 @@ function start {
    brctl addbr $BRIDGE
    brctl addif $BRIDGE bat0
    ifconfig bat0 0.0.0.0
+    ethernet_connected='0'
    if [ "$EIFACE" ] ; then
        ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
        if [[ "$ethernet_connected" != "0" ]]; then
@@ -452,21 +453,22 @@ function start {
    iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
    iptables -A INPUT -p udp --dport 8010 -j ACCEPT
    iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
-    # vpn over the internet
-    iptables -A INPUT -p tcp --dport 653 -j ACCEPT
-    iptables -A INPUT -p udp --dport 653 -j ACCEPT
-    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
-    iptables -A INPUT -i tun+ -j ACCEPT
-    iptables -A FORWARD -i tun+ -j ACCEPT
-    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
-    iptables -A OUTPUT -o tun+ -j ACCEPT
-
-    echo 1 > /proc/sys/net/ipv4/ip_forward
-    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
-    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
-    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
+    if [[ "$ethernet_connected" != "0" ]]; then
+        # vpn over the internet
+        iptables -A INPUT -p tcp --dport 653 -j ACCEPT
+        iptables -A INPUT -p udp --dport 653 -j ACCEPT
+        iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
+        iptables -A INPUT -i tun+ -j ACCEPT
+        iptables -A FORWARD -i tun+ -j ACCEPT
+        iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
+        iptables -A OUTPUT -o tun+ -j ACCEPT
+        echo 1 > /proc/sys/net/ipv4/ip_forward
+        sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
+        sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
+        sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
+    fi

    systemctl restart avahi-daemon