Browse Source

We don't need no sudo

Alexandre Aubin 3 years ago
parent
commit
21ca164d93
1 changed files with 38 additions and 38 deletions
  1. 38 38
      conf/hook_post-iptable-rules

+ 38 - 38
conf/hook_post-iptable-rules

@@ -18,76 +18,76 @@ dns=$(grep -o -P '\s*nameserver\s+\K[ABCDEFabcdef\d.:]+' /etc/resolv.dnsmasq.con
 
 # IPv6
 
-sudo ip6tables -w -N vpnclient_in
-sudo ip6tables -w -N vpnclient_out
-sudo ip6tables -w -N vpnclient_fwd
+ip6tables -w -N vpnclient_in
+ip6tables -w -N vpnclient_out
+ip6tables -w -N vpnclient_fwd
 
-sudo ip6tables -w -A vpnclient_in -p icmpv6 -j ACCEPT
-sudo ip6tables -w -A vpnclient_in -s fd00::/8,fe80::/10 -j ACCEPT
-sudo ip6tables -w -A vpnclient_in -p tcp --dport 22 -j ACCEPT
-sudo ip6tables -w -A vpnclient_in -p tcp --dport 443 -j ACCEPT
-sudo ip6tables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-sudo ip6tables -w -A vpnclient_in -j DROP
+ip6tables -w -A vpnclient_in -p icmpv6 -j ACCEPT
+ip6tables -w -A vpnclient_in -s fd00::/8,fe80::/10 -j ACCEPT
+ip6tables -w -A vpnclient_in -p tcp --dport 22 -j ACCEPT
+ip6tables -w -A vpnclient_in -p tcp --dport 443 -j ACCEPT
+ip6tables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+ip6tables -w -A vpnclient_in -j DROP
 
 if [ ! -z "${host6}" ]; then
   for i in ${host6}; do
-    sudo ip6tables -w -A vpnclient_out -d "${i}" -j ACCEPT
+    ip6tables -w -A vpnclient_out -d "${i}" -j ACCEPT
   done
 fi
 
 for i in ${dns};
 do
   if [[ "${i}" =~ : ]]; then
-    sudo ip6tables -w -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
+    ip6tables -w -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
   fi
 done
 
-sudo ip6tables -w -A vpnclient_out -d fd00::/8,fe80::/10 -j ACCEPT
-sudo ip6tables -w -A vpnclient_out -p udp --dport 5353 -d ff02::fb -j ACCEPT
-sudo ip6tables -w -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-sudo ip6tables -w -A vpnclient_out -j DROP
+ip6tables -w -A vpnclient_out -d fd00::/8,fe80::/10 -j ACCEPT
+ip6tables -w -A vpnclient_out -p udp --dport 5353 -d ff02::fb -j ACCEPT
+ip6tables -w -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+ip6tables -w -A vpnclient_out -j DROP
 
-sudo ip6tables -w -A vpnclient_fwd -j DROP
+ip6tables -w -A vpnclient_fwd -j DROP
 
-sudo ip6tables -w -I INPUT 1 -i $interface -j vpnclient_in
-sudo ip6tables -w -I OUTPUT 1 -o $interface -j vpnclient_out
-sudo ip6tables -w -I FORWARD 1 -o $interface -j vpnclient_fwd
+ip6tables -w -I INPUT 1 -i $interface -j vpnclient_in
+ip6tables -w -I OUTPUT 1 -o $interface -j vpnclient_out
+ip6tables -w -I FORWARD 1 -o $interface -j vpnclient_fwd
 
 # IPv4
 
-sudo iptables -w -N vpnclient_in
-sudo iptables -w -N vpnclient_out
-sudo iptables -w -N vpnclient_fwd
+iptables -w -N vpnclient_in
+iptables -w -N vpnclient_out
+iptables -w -N vpnclient_fwd
 
-sudo iptables -w -A vpnclient_in -p icmp -j ACCEPT
-sudo iptables -w -A vpnclient_in -s 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
-sudo iptables -w -A vpnclient_in -p tcp --dport 22 -j ACCEPT
-sudo iptables -w -A vpnclient_in -p tcp --dport 443 -j ACCEPT
-sudo iptables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-sudo iptables -w -A vpnclient_in -j DROP
+iptables -w -A vpnclient_in -p icmp -j ACCEPT
+iptables -w -A vpnclient_in -s 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
+iptables -w -A vpnclient_in -p tcp --dport 22 -j ACCEPT
+iptables -w -A vpnclient_in -p tcp --dport 443 -j ACCEPT
+iptables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -w -A vpnclient_in -j DROP
 
 if [ ! -z "${host4}" ]; then
   for i in ${host4}; do
-    sudo iptables -w -A vpnclient_out -d "${i}" -j ACCEPT
+    iptables -w -A vpnclient_out -d "${i}" -j ACCEPT
   done
 fi
 
 for i in ${dns};
 do
   if [[ "${i}" =~ \. ]]; then
-    sudo iptables -w -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
+    iptables -w -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
   fi
 done
 
-sudo iptables -w -A vpnclient_out -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
-sudo iptables -w -A vpnclient_out -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-sudo iptables -w -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-sudo iptables -w -A vpnclient_out -j DROP
+iptables -w -A vpnclient_out -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
+iptables -w -A vpnclient_out -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
+iptables -w -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -w -A vpnclient_out -j DROP
 
-sudo iptables -w -A vpnclient_fwd -j DROP
+iptables -w -A vpnclient_fwd -j DROP
 
-sudo iptables -w -I INPUT 1 -i $interface -j vpnclient_in
-sudo iptables -w -I OUTPUT 1 -o $interface -j vpnclient_out
-sudo iptables -w -I FORWARD 1 -o  $interface -j vpnclient_fwd
+iptables -w -I INPUT 1 -i $interface -j vpnclient_in
+iptables -w -I OUTPUT 1 -o $interface -j vpnclient_out
+iptables -w -I FORWARD 1 -o  $interface -j vpnclient_fwd
 
 exit 0