Skip to content
Snippets Groups Projects
Commit 9e7376f9 authored by Bob Mottram's avatar Bob Mottram
Browse files

Only set vpn firewall if ethernet is connected

parent 10e4cb38
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/freedombone-mesh-batman
+ 17
15
View file @ 9e7376f9
...@@ -355,6 +355,7 @@ function start { ...@@ -355,6 +355,7 @@ function start {
brctl addbr $BRIDGE brctl addbr $BRIDGE
brctl addif $BRIDGE bat0 brctl addif $BRIDGE bat0
ifconfig bat0 0.0.0.0 ifconfig bat0 0.0.0.0
ethernet_connected='0'
if [ "$EIFACE" ] ; then if [ "$EIFACE" ] ; then
ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier) ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
if [[ "$ethernet_connected" != "0" ]]; then if [[ "$ethernet_connected" != "0" ]]; then
...@@ -452,21 +453,22 @@ function start { ...@@ -452,21 +453,22 @@ function start {
iptables -A INPUT -p tcp --dport 8008 -j ACCEPT iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -A INPUT -p udp --dport 8010 -j ACCEPT iptables -A INPUT -p udp --dport 8010 -j ACCEPT
iptables -A INPUT -p tcp --dport 8010 -j ACCEPT iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
# vpn over the internet if [[ "$ethernet_connected" != "0" ]]; then
iptables -A INPUT -p tcp --dport 653 -j ACCEPT # vpn over the internet
iptables -A INPUT -p udp --dport 653 -j ACCEPT iptables -A INPUT -p tcp --dport 653 -j ACCEPT
iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT iptables -A INPUT -p udp --dport 653 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
fi
systemctl restart avahi-daemon systemctl restart avahi-daemon
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment