Merge branch 'VtunFirewall' into release-3.15.1.0

2015-06-15 22:12:02 -07:00 · 2015-06-15 22:12:02 -07:00 · 5a9ec7bf63
parent 02c756a489 177f831e14
commit 5a9ec7bf63
1 changed files with 6 additions and 6 deletions
--- a/files/usr/local/bin/vtun_up
+++ b/files/usr/local/bin/vtun_up
@ -31,9 +31,9 @@ if [ $rules_exist -eq 0 -a "$action" = "up" ] ; then
        iptables -N zone_vpn_DROP
        iptables -N zone_vpn_REJECT
        iptables -N zone_vpn_forward
-        iptables -A forward -i tun+ -j zone_vpn_forward
+        iptables -I delegate_forward 3 -i tun+ -j zone_vpn_forward
-        iptables -A input -i tun+ -j zone_vpn
+        iptables -I delegate_input 3 -i tun+ -j zone_vpn
-        iptables -A output -j zone_vpn_ACCEPT
+        iptables -I delegate_output 3 -j zone_vpn_ACCEPT
        iptables -A zone_vpn -p icmp -m icmp --icmp-type 8 -j ACCEPT
        iptables -A zone_vpn -p tcp -m tcp --dport 2222 -j ACCEPT
        iptables -A zone_vpn -p tcp -m tcp --dport 8080 -j ACCEPT
@ -92,9 +92,9 @@ if [ $inf_count -eq 0 -a "$action" = "down" ] ; then
        iptables -D zone_vpn -p tcp -m tcp --dport 8080 -j ACCEPT
        iptables -D zone_vpn -p tcp -m tcp --dport 2222 -j ACCEPT
        iptables -D zone_vpn -p icmp -m icmp --icmp-type 8 -j ACCEPT
-        iptables -D output -j zone_vpn_ACCEPT
+        iptables -D delegate_output -j zone_vpn_ACCEPT
-        iptables -D input -i tun+ -j zone_vpn
+        iptables -D delegate_input -i tun+ -j zone_vpn
-        iptables -D forward -i tun+ -j zone_vpn_forward
+        iptables -D delegate_forward -i tun+ -j zone_vpn_forward
        iptables -X zone_vpn_REJECT
        iptables -X zone_vpn_DROP
        iptables -X zone_vpn_ACCEPT