free
/
freedombone
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
浏览代码

Only set vpn firewall if ethernet is connected

Bob Mottram 7 年前
父节点
10e4cb3887
当前提交
9e7376f9ac
共有 1 个文件被更改,包括 17 次插入15 次删除
合并视图 显示文件统计
  1. 17
    15
      src/freedombone-mesh-batman

+ 17
- 15
src/freedombone-mesh-batman 查看文件

355 
     brctl addbr $BRIDGE
 355 
     brctl addbr $BRIDGE
356 
     brctl addif $BRIDGE bat0
 356 
     brctl addif $BRIDGE bat0
357 
     ifconfig bat0 0.0.0.0
 357 
     ifconfig bat0 0.0.0.0
358 
+    ethernet_connected='0'
358 
     if [ "$EIFACE" ] ; then
 359 
     if [ "$EIFACE" ] ; then
359 
         ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
 360 
         ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
360 
         if [[ "$ethernet_connected" != "0" ]]; then
 361 
         if [[ "$ethernet_connected" != "0" ]]; then
452 
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
 453 
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
453 
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
 454 
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
454 
     iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
 455 
     iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
455 
-    # vpn over the internet
456 
-    iptables -A INPUT -p tcp --dport 653 -j ACCEPT
457 
-    iptables -A INPUT -p udp --dport 653 -j ACCEPT
458 
-    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
459 
-    iptables -A INPUT -i tun+ -j ACCEPT
460 
-    iptables -A FORWARD -i tun+ -j ACCEPT
461 
-    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
462 
-    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
463 
-    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
464 
-    iptables -A OUTPUT -o tun+ -j ACCEPT
465 
-
466 
-    echo 1 > /proc/sys/net/ipv4/ip_forward
467 
-    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
468 
-    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
469 
-    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
456 
+    if [[ "$ethernet_connected" != "0" ]]; then
457 
+        # vpn over the internet
458 
+        iptables -A INPUT -p tcp --dport 653 -j ACCEPT
459 
+        iptables -A INPUT -p udp --dport 653 -j ACCEPT
460 
+        iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
461 
+        iptables -A INPUT -i tun+ -j ACCEPT
462 
+        iptables -A FORWARD -i tun+ -j ACCEPT
463 
+        iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
464 
+        iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
465 
+        iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
466 
+        iptables -A OUTPUT -o tun+ -j ACCEPT
467 
+        echo 1 > /proc/sys/net/ipv4/ip_forward
468 
+        sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
469 
+        sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
470 
+        sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
471 
+    fi
470
472
471 
     systemctl restart avahi-daemon
 473 
     systemctl restart avahi-daemon
472
474