free
/
freedombone
ウォッチ 1
お気に入りに登録 0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
ソースを参照

Only set vpn firewall if ethernet is connected

Bob Mottram 8 年 前
10e4cb3887
コミット
9e7376f9ac
共有1 個のファイルを変更した17 個の追加15 個の削除を含む
分割表示 差分情報を表示
  1. 17
    15
      src/freedombone-mesh-batman

+ 17
- 15
src/freedombone-mesh-batman ファイルの表示 

@@ -355,6 +355,7 @@ function start {
355 355 
     brctl addbr $BRIDGE
356 356 
     brctl addif $BRIDGE bat0
357 357 
     ifconfig bat0 0.0.0.0
358 
+    ethernet_connected='0'
358 359 
     if [ "$EIFACE" ] ; then
359 360 
         ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
360 361 
         if [[ "$ethernet_connected" != "0" ]]; then
 
@@ -452,21 +453,22 @@ function start {
452 453 
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
453 454 
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
454 455 
     iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
455 
-    # vpn over the internet
456 
-    iptables -A INPUT -p tcp --dport 653 -j ACCEPT
457 
-    iptables -A INPUT -p udp --dport 653 -j ACCEPT
458 
-    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
459 
-    iptables -A INPUT -i tun+ -j ACCEPT
460 
-    iptables -A FORWARD -i tun+ -j ACCEPT
461 
-    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
462 
-    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
463 
-    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
464 
-    iptables -A OUTPUT -o tun+ -j ACCEPT
465 
-
466 
-    echo 1 > /proc/sys/net/ipv4/ip_forward
467 
-    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
468 
-    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
469 
-    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
456 
+    if [[ "$ethernet_connected" != "0" ]]; then
457 
+        # vpn over the internet
458 
+        iptables -A INPUT -p tcp --dport 653 -j ACCEPT
459 
+        iptables -A INPUT -p udp --dport 653 -j ACCEPT
460 
+        iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
461 
+        iptables -A INPUT -i tun+ -j ACCEPT
462 
+        iptables -A FORWARD -i tun+ -j ACCEPT
463 
+        iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
464 
+        iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
465 
+        iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
466 
+        iptables -A OUTPUT -o tun+ -j ACCEPT
467 
+        echo 1 > /proc/sys/net/ipv4/ip_forward
468 
+        sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
469 
+        sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
470 
+        sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
471 
+    fi
470 472
471 473 
     systemctl restart avahi-daemon
472 474