mirror of https://github.com/aredn/aredn.git
Revert "bugfix: resolve bad chain ref and port from hotplug to a firewall include"
This reverts commit 646702aab9
.
Needs to be broken up into separate commits and doesn't cleanly fix issue with tunnel firewall
This commit is contained in:
parent
6d619b6757
commit
921967d5f9
|
@ -1,9 +1,11 @@
|
|||
#!/bin/sh
|
||||
<<'LICENSE'
|
||||
Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
|
||||
Copyright (C) 2015 Conrad Lara and Joe Ayers
|
||||
Copyright (C) 2015 Conrad Lara
|
||||
See Contributors file for additional contributors
|
||||
|
||||
Copyright (c) 2013 David Rivenburg et al. BroadBand-HamNet
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation version 3 of the License.
|
||||
|
@ -37,38 +39,52 @@ if [ "$MESHFW_TUNNELS_ENABLED" != "1" ]; then
|
|||
exit 0;
|
||||
fi
|
||||
|
||||
echo "Adding vtun firewall rules..."
|
||||
iptables -N zone_vpn_input
|
||||
iptables -N zone_vpn_ACCEPT
|
||||
iptables -N zone_vpn_DROP
|
||||
iptables -N zone_vpn_REJECT
|
||||
iptables -N zone_vpn_forward
|
||||
iptables -I delegate_forward 3 -i tun+ -j zone_vpn_forward
|
||||
iptables -I delegate_input 3 -i tun+ -j zone_vpn_input
|
||||
iptables -I delegate_output 3 -j zone_vpn_ACCEPT
|
||||
iptables -A zone_vpn_input -p icmp -m icmp --icmp-type 8 -j ACCEPT
|
||||
iptables -A zone_vpn_input -p tcp -m tcp --dport 2222 -j ACCEPT
|
||||
iptables -A zone_vpn_input -p tcp -m tcp --dport 8080 -j ACCEPT
|
||||
iptables -A zone_vpn_input -p udp -m udp --dport 698 -j ACCEPT
|
||||
iptables -A zone_vpn_input -p tcp -m tcp --dport 1978 -j ACCEPT
|
||||
iptables -A zone_vpn_input -p tcp -m tcp --dport 23 -j ACCEPT
|
||||
iptables -A zone_vpn_input -p tcp -m tcp --dport 9090 -j ACCEPT
|
||||
iptables -I zone_dtdlink_forward 1 -j zone_vpn_ACCEPT
|
||||
iptables -I zone_lan_forward 1 -j zone_vpn_ACCEPT
|
||||
iptables -I zone_wifi_forward 1 -j zone_vpn_ACCEPT
|
||||
iptables -I zone_vpn_forward 1 -j zone_vpn_ACCEPT
|
||||
if [ "$MESHFW_MESHGW" == "1" ] ; then
|
||||
iptables -I zone_vpn_forward -j zone_wan_dest_ACCEPT
|
||||
# Test for pre-existing firewall rules which use a wildcard and only need setup 1 time for multiple tunnel connections
|
||||
if ( $(iptables -L forwarding_vpn | egrep "^Chain forwarding_vpn \(.+ references\)" > /dev/null) ) then
|
||||
rules_exist=1
|
||||
else
|
||||
iptables -I zone_vpn_forward -j zone_wan_dest_REJECT
|
||||
rules_exist=0
|
||||
fi
|
||||
|
||||
# Do nothing on firewall if tunnels already (or still) exist--set up once.
|
||||
if [ $rules_exist -eq 0 ] ; then
|
||||
echo "Adding vtun firewall rules..."
|
||||
iptables -N forwarding_vpn
|
||||
iptables -N input_vpn
|
||||
iptables -N zone_vpn
|
||||
iptables -N zone_vpn_ACCEPT
|
||||
iptables -N zone_vpn_DROP
|
||||
iptables -N zone_vpn_REJECT
|
||||
iptables -N zone_vpn_forward
|
||||
iptables -I delegate_forward 3 -i tun+ -j zone_vpn_forward
|
||||
iptables -I delegate_input 3 -i tun+ -j zone_vpn
|
||||
iptables -I delegate_output 3 -j zone_vpn_ACCEPT
|
||||
iptables -A zone_vpn -p icmp -m icmp --icmp-type 8 -j ACCEPT
|
||||
iptables -A zone_vpn -p tcp -m tcp --dport 2222 -j ACCEPT
|
||||
iptables -A zone_vpn -p tcp -m tcp --dport 8080 -j ACCEPT
|
||||
iptables -A zone_vpn -p udp -m udp --dport 698 -j ACCEPT
|
||||
iptables -A zone_vpn -p tcp -m tcp --dport 1978 -j ACCEPT
|
||||
iptables -A zone_vpn -p tcp -m tcp --dport 23 -j ACCEPT
|
||||
iptables -A zone_vpn -p tcp -m tcp --dport 9090 -j ACCEPT
|
||||
iptables -I zone_dtdlink_forward 1 -j zone_vpn_ACCEPT
|
||||
iptables -I zone_lan_forward 1 -j zone_vpn_ACCEPT
|
||||
iptables -I zone_wifi_forward 1 -j zone_vpn_ACCEPT
|
||||
iptables -I zone_vpn_forward 1 -j zone_vpn_ACCEPT
|
||||
if [ "$MESHFW_MESHGW" -eq 1 ] ; then
|
||||
iptables -I zone_vpn_forward -j zone_wan_ACCEPT
|
||||
else
|
||||
iptables -I zone_vpn_forward -j zone_wan_REJECT
|
||||
fi
|
||||
iptables -A zone_vpn -j input_vpn
|
||||
iptables -A zone_vpn -j zone_vpn_ACCEPT
|
||||
iptables -A zone_vpn_ACCEPT -o tun+ -j ACCEPT
|
||||
iptables -A zone_vpn_ACCEPT -i tun+ -j ACCEPT
|
||||
iptables -A zone_vpn_DROP -o tun+ -j DROP
|
||||
iptables -A zone_vpn_DROP -i tun+ -j DROP
|
||||
iptables -A zone_vpn_REJECT -o tun+ -j reject
|
||||
iptables -A zone_vpn_REJECT -i tun+ -j reject
|
||||
iptables -A zone_vpn_forward -j zone_dtdlink_ACCEPT
|
||||
iptables -A zone_vpn_forward -j zone_lan_ACCEPT
|
||||
iptables -A zone_vpn_forward -j zone_wifi_ACCEPT
|
||||
iptables -A zone_vpn_forward -j forwarding_vpn
|
||||
fi
|
||||
iptables -A zone_vpn_input -j zone_vpn_ACCEPT
|
||||
iptables -A zone_vpn_ACCEPT -o tun+ -j ACCEPT
|
||||
iptables -A zone_vpn_ACCEPT -i tun+ -j ACCEPT
|
||||
iptables -A zone_vpn_DROP -o tun+ -j DROP
|
||||
iptables -A zone_vpn_DROP -i tun+ -j DROP
|
||||
iptables -A zone_vpn_REJECT -o tun+ -j reject
|
||||
iptables -A zone_vpn_REJECT -i tun+ -j reject
|
||||
iptables -A zone_vpn_forward -j zone_dtdlink_dest_ACCEPT
|
||||
iptables -A zone_vpn_forward -j zone_lan_dest_ACCEPT
|
||||
iptables -A zone_vpn_forward -j zone_wifi_dest_ACCEPT
|
||||
|
|
Loading…
Reference in New Issue