free
/
freedombone
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
瀏覽代碼

Only set vpn firewall if ethernet is connected

Bob Mottram 7 年之前
父節點
10e4cb3887
當前提交
9e7376f9ac
共有 1 個文件被更改,包括 17 次插入15 次删除
分割檢視 顯示文件統計
  1. 17
    15
      src/freedombone-mesh-batman

+ 17
- 15
src/freedombone-mesh-batman 查看文件 

@@ -355,6 +355,7 @@ function start {
355 355 
     brctl addbr $BRIDGE
356 356 
     brctl addif $BRIDGE bat0
357 357 
     ifconfig bat0 0.0.0.0
358 
+    ethernet_connected='0'
358 359 
     if [ "$EIFACE" ] ; then
359 360 
         ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
360 361 
         if [[ "$ethernet_connected" != "0" ]]; then
 
@@ -452,21 +453,22 @@ function start {
452 453 
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
453 454 
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
454 455 
     iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
455 
-    # vpn over the internet
456 
-    iptables -A INPUT -p tcp --dport 653 -j ACCEPT
457 
-    iptables -A INPUT -p udp --dport 653 -j ACCEPT
458 
-    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
459 
-    iptables -A INPUT -i tun+ -j ACCEPT
460 
-    iptables -A FORWARD -i tun+ -j ACCEPT
461 
-    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
462 
-    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
463 
-    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
464 
-    iptables -A OUTPUT -o tun+ -j ACCEPT
465 
-
466 
-    echo 1 > /proc/sys/net/ipv4/ip_forward
467 
-    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
468 
-    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
469 
-    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
456 
+    if [[ "$ethernet_connected" != "0" ]]; then
457 
+        # vpn over the internet
458 
+        iptables -A INPUT -p tcp --dport 653 -j ACCEPT
459 
+        iptables -A INPUT -p udp --dport 653 -j ACCEPT
460 
+        iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
461 
+        iptables -A INPUT -i tun+ -j ACCEPT
462 
+        iptables -A FORWARD -i tun+ -j ACCEPT
463 
+        iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
464 
+        iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
465 
+        iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
466 
+        iptables -A OUTPUT -o tun+ -j ACCEPT
467 
+        echo 1 > /proc/sys/net/ipv4/ip_forward
468 
+        sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
469 
+        sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
470 
+        sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
471 
+    fi
470 472
471 473 
     systemctl restart avahi-daemon
472 474