Bob Mottram 7 лет назад
Родитель
Сommit
e9c47c397e
1 измененных файлов: 4 добавлений и 13 удалений
  1. 4
    13
      src/freedombone-utils-firewall

+ 4
- 13
src/freedombone-utils-firewall Просмотреть файл

@@ -110,15 +110,13 @@ function enable_ipv6 {
110 110
     echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
111 111
 }
112 112
 
113
-function firewall_update_external_ip {
113
+function update_external_ip {
114 114
     ip_update_script=/usr/bin/externalipupdate
115 115
     echo '#!/bin/bash' >> $ip_update_script
116 116
     echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'" >> $ip_update_script
117 117
     echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')" >> $ip_update_script
118 118
     echo 'if [[ "$curr_ip" != "$existing_ip" ]]; then' >> $ip_update_script
119 119
     echo "  sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE" >> $ip_update_script
120
-    echo "  iptables -t nat -D POSTROUTING -s \${curr_ip}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE" >> $ip_update_script
121
-    echo "  iptables -t nat -A POSTROUTING -s \${curr_ip}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE" >> $ip_update_script
122 120
     echo '  iptables-save > /etc/firewall.conf' >> $ip_update_script
123 121
     echo 'fi' >> $ip_update_script
124 122
 
@@ -126,35 +124,28 @@ function firewall_update_external_ip {
126 124
 }
127 125
 
128 126
 function firewall_disable_vpn {
129
-    read_config_param EXTERNAL_IPV4_ADDRESS
130
-    if [ ! $EXTERNAL_IPV4_ADDRESS ]; then
131
-        return
132
-    fi
133
-    sed -i '/externalipupdate/d' /etc/crontab
134 127
     iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
135 128
     iptables -D INPUT -i tun+ -j ACCEPT
136 129
     iptables -D FORWARD -i tun+ -j ACCEPT
137 130
     iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
138 131
     iptables -D FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
139
-    iptables -t nat -D POSTROUTING -s ${EXTERNAL_IPV4_ADDRESS}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
132
+    iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
140 133
     iptables -D OUTPUT -o tun+ -j ACCEPT
141 134
     save_firewall_settings
135
+
142 136
     sed -i '/VPN=/d' $FIREWALL_CONFIG
143 137
 }
144 138
 
145 139
 function firewall_enable_vpn {
146
-    curr_external_ipv4_address=$(get_external_ipv4_address)
147 140
     iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
148 141
     iptables -A INPUT -i tun+ -j ACCEPT
149 142
     iptables -A FORWARD -i tun+ -j ACCEPT
150 143
     iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
151 144
     iptables -A FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
152
-    iptables -t nat -A POSTROUTING -s ${curr_external_ipv4_address}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
145
+    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
153 146
     iptables -A OUTPUT -o tun+ -j ACCEPT
154
-    write_config_param EXTERNAL_IPV4_ADDRESS "$curr_external_ipv4_address"
155 147
     save_firewall_settings
156 148
 
157
-    firewall_update_external_ip
158 149
     echo "VPN=1194" >> $FIREWALL_CONFIG
159 150
 }
160 151