From 9e7376f9ac1c12b0e535947ea53f0c7b318c712e Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 23 Nov 2017 10:46:40 +0000
Subject: [PATCH] Only set vpn firewall if ethernet is connected

---
 src/freedombone-mesh-batman | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman
index 37a069253..3e96c4df3 100755
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@@ -355,6 +355,7 @@ function start {
     brctl addbr $BRIDGE
     brctl addif $BRIDGE bat0
     ifconfig bat0 0.0.0.0
+    ethernet_connected='0'
     if [ "$EIFACE" ] ; then
         ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
         if [[ "$ethernet_connected" != "0" ]]; then
@@ -452,21 +453,22 @@ function start {
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
     iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
-    # vpn over the internet
-    iptables -A INPUT -p tcp --dport 653 -j ACCEPT
-    iptables -A INPUT -p udp --dport 653 -j ACCEPT
-    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
-    iptables -A INPUT -i tun+ -j ACCEPT
-    iptables -A FORWARD -i tun+ -j ACCEPT
-    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
-    iptables -A OUTPUT -o tun+ -j ACCEPT
-
-    echo 1 > /proc/sys/net/ipv4/ip_forward
-    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
-    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
-    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
+    if [[ "$ethernet_connected" != "0" ]]; then
+        # vpn over the internet
+        iptables -A INPUT -p tcp --dport 653 -j ACCEPT
+        iptables -A INPUT -p udp --dport 653 -j ACCEPT
+        iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
+        iptables -A INPUT -i tun+ -j ACCEPT
+        iptables -A FORWARD -i tun+ -j ACCEPT
+        iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
+        iptables -A OUTPUT -o tun+ -j ACCEPT
+        echo 1 > /proc/sys/net/ipv4/ip_forward
+        sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
+        sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
+        sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
+    fi
 
     systemctl restart avahi-daemon
 
-- 
GitLab