free
/
freedombone
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
浏览代码

Handle firewall when changing vpn tls port

Bob Mottram 8 年前
父节点
f5a8c42645
当前提交
ef686e6264
共有 1 个文件被更改,包括 20 次插入4 次删除
合并视图 显示文件统计
  1. 20
    4
      src/freedombone-app-vpn

+ 20
- 4
src/freedombone-app-vpn 查看文件

106 
 }
 106 
 }
107
107
108 
 function vpn_change_tls_port {
 108 
 function vpn_change_tls_port {
109 
-    EXISTING_VPN_TLS_PORT=$VPN_TLS_PORT
109 
+    if ! grep -q "VPN-TLS" $FIREWALL_CONFIG; then
110 
+        EXISTING_VPN_TLS_PORT=443
111 
+    else
112 
+        EXISTING_VPN_TLS_PORT=$(cat $FIREWALL_CONFIG | grep "VPN-TLS" | awk -F '=' '{print $2}')
113 
+    fi
110
114
111 
     data=$(tempfile 2>/dev/null)
 115 
     data=$(tempfile 2>/dev/null)
112 
     trap "rm -f $data" 0 1 2 5 15
 116 
     trap "rm -f $data" 0 1 2 5 15
113 
     dialog --title $"VPN Configuration" \
 117 
     dialog --title $"VPN Configuration" \
114 
            --backtitle $"Freedombone Control Panel" \
 118 
            --backtitle $"Freedombone Control Panel" \
115 
-           --inputbox $'Change TLS port' 10 50 $VPN_TLS_PORT 2>$data
119 
+           --inputbox $'Change TLS port' 10 50 $EXISTING_VPN_TLS_PORT 2>$data
116 
     sel=$?
 120 
     sel=$?
117 
     case $sel in
 121 
     case $sel in
118 
         0)
 122 
         0)
134 
                     done
 138 
                     done
135
139
136 
                     if [ $VPN_TLS_PORT -eq 443 ]; then
 140 
                     if [ $VPN_TLS_PORT -eq 443 ]; then
141 
+                        if [[ "$PREVIOUS_VPN_TLS_PORT" != "443" ]]; then
142 
+                            firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
143 
+                        fi
137 
                         systemctl stop nginx
 144 
                         systemctl stop nginx
138 
                         systemctl disable nginx
 145 
                         systemctl disable nginx
139 
                     else
 146 
                     else
147 
+                        if [[ "$PREVIOUS_VPN_TLS_PORT" != "$VPN_TLS_PORT" ]]; then
148 
+                            firewall_remove VPN-TLS ${EXISTING_VPN_TLS_PORT}
149 
+                            firewall_add VPN-TLS ${VPN_TLS_PORT} tcp
150 
+                        fi
140 
                         systemctl enable nginx
 151 
                         systemctl enable nginx
141 
                         systemctl restart nginx
 152 
                         systemctl restart nginx
142 
                     fi
 153 
                     fi
143
154
144 
                     systemctl restart stunnel
 155 
                     systemctl restart stunnel
145
156
146 
-                    dialog --title $"VPN Configuration" \
147 
-                           --msgbox $"TLS port changed to $VPN_TLS_PORT" 6 60
157 
+                    if [ $VPN_TLS_PORT -eq 443 ]; then
158 
+                        dialog --title $"VPN Configuration" \
159 
+                               --msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60
160 
+                    else
161 
+                        dialog --title $"VPN Configuration" \
162 
+                               --msgbox $"TLS port changed to ${VPN_TLS_PORT}. Forward this port from your internet router." 10 60
163 
+                    fi
148 
                 fi
 164 
                 fi
149 
             fi
 165 
             fi
150 
             ;;
 166 
             ;;