|
|
@@ -110,24 +110,30 @@ function enable_ipv6 {
|
|
110
|
110
|
}
|
|
111
|
111
|
|
|
112
|
112
|
function firewall_deny_forwarding {
|
|
113
|
|
- iptables -D INPUT -i $FIREWALL_EIFACE -m state --state NEW -p udp --dport 1194 -j ACCEPT
|
|
|
113
|
+ read_config_param CURRENT_IPV4_ADDRESS
|
|
|
114
|
+ if [ ! $CURRENT_IPV4_ADDRESS ]; then
|
|
|
115
|
+ return
|
|
|
116
|
+ fi
|
|
|
117
|
+ iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
|
|
114
|
118
|
iptables -D INPUT -i tun+ -j ACCEPT
|
|
115
|
119
|
iptables -D FORWARD -i tun+ -j ACCEPT
|
|
116
|
|
- iptables -D FORWARD -i tun+ -o $FIREWALL_EIFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
117
|
|
- iptables -D FORWARD -i $FIREWALL_EIFACE -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
118
|
|
- iptables -t nat -D POSTROUTING -s $(get_ipv4_address)/24 -o $FIREWALL_EIFACE -j MASQUERADE
|
|
|
120
|
+ iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
121
|
+ iptables -D FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
122
|
+ iptables -t nat -D POSTROUTING -s ${CURRENT_IPV4_ADDRESS}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
|
|
119
|
123
|
iptables -D OUTPUT -o tun+ -j ACCEPT
|
|
120
|
124
|
save_firewall_settings
|
|
121
|
125
|
}
|
|
122
|
126
|
|
|
123
|
127
|
function firewall_allow_forwarding {
|
|
124
|
|
- iptables -A INPUT -i $FIREWALL_EIFACE -m state --state NEW -p udp --dport 1194 -j ACCEPT
|
|
|
128
|
+ curr_ipv4_address=$(get_ipv4_address)
|
|
|
129
|
+ iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
|
|
125
|
130
|
iptables -A INPUT -i tun+ -j ACCEPT
|
|
126
|
131
|
iptables -A FORWARD -i tun+ -j ACCEPT
|
|
127
|
|
- iptables -A FORWARD -i tun+ -o $FIREWALL_EIFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
128
|
|
- iptables -A FORWARD -i $FIREWALL_EIFACE -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
129
|
|
- iptables -t nat -A POSTROUTING -s $(get_ipv4_address)/24 -o $FIREWALL_EIFACE -j MASQUERADE
|
|
|
132
|
+ iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
133
|
+ iptables -A FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
134
|
+ iptables -t nat -A POSTROUTING -s ${curr_ipv4_address}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
|
|
130
|
135
|
iptables -A OUTPUT -o tun+ -j ACCEPT
|
|
|
136
|
+ write_config_param CURRENT_IPV4_ADDRESS "$curr_ipv4_address"
|
|
131
|
137
|
save_firewall_settings
|
|
132
|
138
|
}
|
|
133
|
139
|
|
Bob Mottram
8 年之前